{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T14:30:49.559","vulnerabilities":[{"cve":{"id":"CVE-2024-26260","sourceIdentifier":"twcert@cert.org.tw","published":"2024-02-15T03:15:34.833","lastModified":"2025-01-23T19:55:55.470","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The functionality for synchronization in HGiga OAKlouds' certain moudules has an OS Command Injection vulnerability, allowing remote attackers to inject system commands within specific request parameters. This enables the execution of arbitrary code on the remote server without permission."},{"lang":"es","value":"La funcionalidad de sincronización en ciertos módulos de HGiga OAKlouds tiene una vulnerabilidad de inyección de comandos del sistema operativo, lo que permite a atacantes remotos inyectar comandos del sistema dentro de parámetros de solicitud específicos. Esto permite la ejecución de código arbitrario en el servidor remoto sin permiso."}],"metrics":{"cvssMetricV31":[{"source":"twcert@cert.org.tw","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"twcert@cert.org.tw","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hgiga:oaklouds-organization-2.0:*:*:*:*:*:*:*:*","versionEndExcluding":"188","matchCriteriaId":"9BDDE14F-3BD2-4AF2-AAFF-BF238F360860"},{"vulnerable":true,"criteria":"cpe:2.3:a:hgiga:oaklouds-organization-3.0:*:*:*:*:*:*:*:*","versionEndExcluding":"188","matchCriteriaId":"20A6F111-728D-45DE-B7EC-1C3BC9542F78"},{"vulnerable":true,"criteria":"cpe:2.3:a:hgiga:oaklouds-webbase-2.0:*:*:*:*:*:*:*:*","versionEndExcluding":"1051","matchCriteriaId":"C52C10C8-08A1-4CDC-8309-C3F874EBEFF6"},{"vulnerable":true,"criteria":"cpe:2.3:a:hgiga:oaklouds-webbase-3.0:*:*:*:*:*:*:*:*","versionEndExcluding":"1051","matchCriteriaId":"B80523EB-F1BE-4F09-9613-F7CE2F556056"}]}]}],"references":[{"url":"https://www.chtsecurity.com/news/e456f679-9091-4de4-8f78-9262d20d6a96","source":"twcert@cert.org.tw","tags":["Third Party Advisory"]},{"url":"https://www.twcert.org.tw/tw/cp-132-7673-688b7-1.html","source":"twcert@cert.org.tw","tags":["Third Party Advisory"]},{"url":"https://www.chtsecurity.com/news/e456f679-9091-4de4-8f78-9262d20d6a96","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.twcert.org.tw/tw/cp-132-7673-688b7-1.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}