CyberSecurity news
FlagThis
Ashish Khaitan@The Cyber Express - 64d
Multiple critical vulnerabilities have been identified in several Apache software products, posing significant risks to users. The Cyber Security Agency of Singapore has issued alerts regarding these flaws, urging immediate updates. CVE-2024-43441 affects Apache HugeGraph-Server, allowing for authentication bypass, potentially granting unauthorized access to systems. Another critical issue, CVE-2024-45387, has been discovered in Apache Traffic Control and is a SQL injection vulnerability that can be exploited by privileged users to execute arbitrary SQL commands, risking data manipulation or exfiltration.
Apache MINA is also affected by CVE-2024-52046 which allows remote code execution through deserialization flaws. It is crucial that users apply security patches promptly. For Apache MINA, additional configuration is required to restrict class deserialization further mitigating the risk. Furthermore, a high-risk vulnerability, CVE-2024-56512, has been found in Apache NiFi, a data processing and distribution system, which can expose sensitive information to unauthorized users, especially if using component-based authorization policies. A patch for NiFi has been issued in version 2.1.0, users should upgrade immediately.
ImgSrc: thecyberexpress
References :
Apache MINA is also affected by CVE-2024-52046 which allows remote code execution through deserialization flaws. It is crucial that users apply security patches promptly. For Apache MINA, additional configuration is required to restrict class deserialization further mitigating the risk. Furthermore, a high-risk vulnerability, CVE-2024-56512, has been found in Apache NiFi, a data processing and distribution system, which can expose sensitive information to unauthorized users, especially if using component-based authorization policies. A patch for NiFi has been issued in version 2.1.0, users should upgrade immediately.
ImgSrc: thecyberexpress
Share:
References :
- BleepingComputer: The Apache Software Foundation has released security updates to address three severe problems that affect MINA, HugeGraph-Server, and Traffic Control products.
- malware.news: Apache fixes Traffic Control bug that attackers could exploit
- www.bleepingcomputer.com: Apache warns of critical flaws in MINA, HugeGraph, Traffic Control
- www.scworld.com: Apache fixes Traffic Control bug that attackers could exploit
- thecyberexpress.com: Critical Apache Vulnerabilities: Update Now to Avoid Major Risks
- www.csa.gov.sg: CVE-2024-45387: PoC Published for Critical SQL Injection in Apache Traffic Control
- securityonline.info: CVE-2024-45387: PoC Published for Critical SQL Injection in Apache Traffic Control
Classification:
- HashTags: #Apache #Vulnerability #CyberSecurity
- Company: Apache
- Target: Apache Users
- Product: Apache Software
- Feature: Authentication Bypass, SQL Inj
- Type: Vulnerability
- Severity: Major