CVE-2024-37382 is a vulnerability identified in the import host feature of Ab Initio Metadata Hub and Authorization Gateway versions before 4.3.1.1. The flaw allows an attacker with high-level privileges on the local system to execute arbitrary code by manipulating the server configuration files in a crafted manner. This vulnerability is categorized under CWE-94, which involves improper control over code generation, indicating that the application does not adequately validate or sanitize configuration inputs before processing them. The vulnerability requires local access with high privileges (PR:H) and does not require user interaction (UI:N). The attack vector is local (AV:L), meaning remote exploitation is not feasible without prior access. The CVSS v3.1 base score is 6.3, reflecting medium severity, with high impact on confidentiality and integrity, and low impact on availability. The vulnerability could allow attackers to compromise sensitive metadata and authorization controls, potentially leading to unauthorized data access or manipulation. No public exploits or patches are currently available, emphasizing the need for proactive mitigation. The issue was reserved in June 2024 and published in August 2024, indicating it is a recent discovery.

The vulnerability poses a significant risk to organizations relying on Ab Initio Metadata Hub and Authorization Gateway for managing metadata and authorization in data processing environments. Successful exploitation could lead to arbitrary code execution, allowing attackers to compromise the confidentiality and integrity of sensitive data and metadata. This could result in unauthorized data access, data tampering, or disruption of data workflows. Although availability impact is low, the breach of confidentiality and integrity could have severe consequences, including regulatory non-compliance, reputational damage, and operational disruption. Since exploitation requires local high privileges, the threat is primarily from insider threats or attackers who have already gained elevated access. However, once exploited, the attacker could gain persistent control over the affected system components. The absence of known exploits reduces immediate risk but does not eliminate the potential for future attacks.

Organizations should immediately upgrade Ab Initio Metadata Hub and Authorization Gateway to version 4.3.1.1 or later once available. Until patches are released, restrict access to server configuration files and the import host feature to trusted administrators only. Implement strict access controls and monitoring on systems running the affected software to detect any unauthorized configuration changes. Employ host-based intrusion detection systems (HIDS) to alert on suspicious file modifications or code execution attempts. Conduct regular audits of user privileges to minimize the number of users with high-level access. Additionally, apply the principle of least privilege to reduce the risk of insider threats. Network segmentation can limit lateral movement if an attacker gains local access. Finally, maintain up-to-date backups of configuration and metadata to enable recovery in case of compromise.