2025-01-30 22:06:31 Pacfic
Critical Apache Vulnerabilities Expose Systems to Attacks - 3d
Multiple critical vulnerabilities have been identified in several Apache software products, posing significant risks to users. The Cyber Security Agency of Singapore has issued alerts regarding these flaws, urging immediate updates. CVE-2024-43441 affects Apache HugeGraph-Server, allowing for authentication bypass, potentially granting unauthorized access to systems. Another critical issue, CVE-2024-45387, has been discovered in Apache Traffic Control and is a SQL injection vulnerability that can be exploited by privileged users to execute arbitrary SQL commands, risking data manipulation or exfiltration.
Apache MINA is also affected by CVE-2024-52046 which allows remote code execution through deserialization flaws. It is crucial that users apply security patches promptly. For Apache MINA, additional configuration is required to restrict class deserialization further mitigating the risk. Furthermore, a high-risk vulnerability, CVE-2024-56512, has been found in Apache NiFi, a data processing and distribution system, which can expose sensitive information to unauthorized users, especially if using component-based authorization policies. A patch for NiFi has been issued in version 2.1.0, users should upgrade immediately.
ImgSrc: thecyberexpress.com
References:
- @BleepingComputer - The Apache Software Foundation has released security updates to address three severe problems that affect MINA, HugeGraph-Server, and Traffic Control products. - 3d
- Malware Analysis, News and Indicators - Latest topics - Apache fixes Traffic Control bug that attackers could exploit - 3d
- www.bleepingcomputer.com - Apache warns of critical flaws in MINA, HugeGraph, Traffic Control - 3d
- SCM feed for Security Strategy, Plan, Budget - Apache fixes Traffic Control bug that attackers could exploit - 3d
- Vulnerabilities ? The Cyber Express - Critical Apache Vulnerabilities: Update Now to Avoid Major Risks - 11h
- www.csa.gov.sg - CVE-2024-45387: PoC Published for Critical SQL Injection in Apache Traffic Control - 11h
- securityonline.info - CVE-2024-45387: PoC Published for Critical SQL Injection in Apache Traffic Control - 2h
Classification:
- HashTags: Apache Vulnerability CyberSecurity
- Company: Apache
- Target: Apache Users
- Product: Apache Software
- Feature: Authentication Bypass, SQL Inj
- Type: Vulnerability
- Severity: Major