May 18, 2023

Anomali Match Application OS Command Injection Vulnerability

CVE ID: CVE-2023-49329

Severity: Medium

Title: Anomali Match Application OS Command Injection Vulnerability

Vendor: Anomali Inc.

Product: Anomali Match

Version: All versions prior to 4.6.2, 4.5.4, and 4.4.5 respectively

Vulnerability Type: Authenticated OS Command Injection

Vulnerability Description:

An OS Command Injection vulnerability has been identified in the Anomali Match application, allowing an authenticated admin user to inject and execute operating system commands. The vulnerability arises from improper handling of untrusted input within the application, enabling an attacker to elevate privileges, execute operating system commands, and potentially compromise the underlying operating system.

Impact:

Successful exploitation of this vulnerability can lead to the following consequences:

  • Unauthorized access to sensitive Anomali Match application and server
    information.
  • Execution of arbitrary operating system commands.
  • Potential compromise of the underlying operating system.
  • Privilege escalation within the application.

Mitigation:

Anomali Inc. has released a security patch to address this vulnerability versioned 4.6.2, 4.5.4 and 4.4.5. It is highly recommended that all affected users upgrade to the latest patched version of the Anomali Match application as soon as possible. Additionally, users are advised to follow security best practices, including:

  • Limit access to trusted personnel and minimize administrative privileges.
  • Monitor system logs and network traffic for suspicious activities.
  • Conduct regular security assessments and penetration testing to identify and address vulnerabilities proactively.

Acknowledgment:

This vulnerability was responsibly disclosed by Mr. Abdulmalik Aljurayyad of Saudi Aramco on May 18, 2023.