{"schema_version":"1.7.2","id":"OESA-2024-1293","modified":"2024-03-15T11:07:14Z","published":"2024-03-15T11:07:14Z","upstream":["CVE-2024-24899"],"summary":"aops-zeus security update","details":"A host and user manager service which is the foundation of aops.\r\n\r\nSecurity Fix(es):\r\n\r\nIn aops-zeus software versions 1.2.0~1.4.1, there is a vulnerability in the plugin management command of the zeus/conf/constant file. Through this vulnerability, an attacker can implant arbitrary commands to be executed on the remote host, which may cause the remote host system to crash, suffering serious consequences of security threats and losses.(CVE-2024-24899)","affected":[{"package":{"ecosystem":"openEuler:22.03-LTS-SP1","name":"aops-zeus","purl":"pkg:rpm/openEuler/aops-zeus\u0026distro=openEuler-22.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"v1.2.0-5.oe2203sp1"}]}],"ecosystem_specific":{"aarch64":["aops-zeus-v1.2.0-5.oe2203sp1.aarch64.rpm"],"src":["aops-zeus-v1.2.0-5.oe2203sp1.src.rpm"],"x86_64":["aops-zeus-v1.2.0-5.oe2203sp1.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1293"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-24899"}],"database_specific":{"severity":"High"}}