CVE-2024-5185
May 29, 2024, 3:18 p.m.
Tags
CVSS Score
Product(s) Impacted
EmbedAI
EmbedAI application
Description
The EmbedAI application is susceptible to security issues that enable Data Poisoning attacks. This weakness could result in the application becoming compromised, leading to unauthorized entries or data poisoning attacks, which are delivered by a CSRF vulnerability due to the absence of a secure session management implementation and weak CORS policies weakness. An attacker can direct a user to a malicious webpage that exploits a CSRF vulnerability within the EmbedAI application. By leveraging this CSRF vulnerability, the attacker can deceive the user into inadvertently uploading and integrating incorrect data into the application’s language model.
Weaknesses
Date
Published: May 29, 2024, 1:15 p.m.
Last Modified: May 29, 2024, 3:18 p.m.
Status : Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
disclosure@synopsys.com
CVSS Data
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
Exploitability Score
Impact Score
Base Severity
HIGHCVSS Vector String
The CVSS vector string provides an in-depth view of the vulnerability metrics.
View Vector StringCVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H