Apache HugeGraph-Server RCE Vulnerability Under Active Attack
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
Attackers are actively exploiting a critical remote code execution (RCE) vulnerability in Apache HugeGraph-Server, which is tracked as CVE-2024-27348. The vulnerability affects versions 1.0.0 to 1.3.0 of the popular open-source graph database tool.
The flaw, which carries a severe CVSS score of 9.8, allows unauthenticated attackers to execute arbitrary operating system commands on vulnerable servers by exploiting missing reflection filtering in the SecurityManager.
This gives attackers complete control over the affected systems, potentially enabling data theft, network infiltration, ransomware deployment, and other malicious activities.
The Shadowserver Foundation has reported observing exploitation attempts of CVE-2024-27348 from multiple sources, specifically targeting the “/gremlin” endpoint with POST requests.
We are observing Apache HugeGraph-Server CVE-2024-27348 RCE "POST /gremlin" exploitation attempts from multiple sources. PoC code is public since early June. If you run HugeGraph, make sure to update: https://t.co/aHTRgPoBxQ
NVD entry: https://t.co/KVCoBShVvI
— The Shadowserver Foundation (@Shadowserver) July 16, 2024
The situation has become more urgent since early June when proof-of-concept (PoC) exploit code was publicly released on GitHub, making it easier for malicious actors to identify and compromise vulnerable systems.
To mitigate this critical security risk, users of Apache HugeGraph-Server are strongly advised to take the following actions immediately:
Given the severity of the vulnerability and the ongoing exploitation attempts, organizations using Apache HugeGraph-Server should prioritize these security measures to protect their systems and data from potential compromise.
The specific versions of Apache HugeGraph-Server affected by the CVE-2024-27348 vulnerability are:
This vulnerability impacts all versions from the initial release 1.0.0 up to, but not including, version 1.3.0.The affected versions run on both Java 8 and Java 11 environments.
It’s important to note that version 1.3.0 and later are not vulnerable, as this version includes the patch that fixes the remote code execution vulnerability.Users are strongly advised to upgrade to version 1.3.0 or later to mitigate this security risk.
#Cyber_Security #Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
Apache HugeGraph-Server RCE Vulnerability Under Active Attack
Author: Guru BaranAttackers are actively exploiting a critical remote code execution (RCE) vulnerability in Apache HugeGraph-Server, which is tracked as CVE-2024-27348. The vulnerability affects versions 1.0.0 to 1.3.0 of the popular open-source graph database tool.
The flaw, which carries a severe CVSS score of 9.8, allows unauthenticated attackers to execute arbitrary operating system commands on vulnerable servers by exploiting missing reflection filtering in the SecurityManager.
This gives attackers complete control over the affected systems, potentially enabling data theft, network infiltration, ransomware deployment, and other malicious activities.
The Shadowserver Foundation has reported observing exploitation attempts of CVE-2024-27348 from multiple sources, specifically targeting the “/gremlin” endpoint with POST requests.
We are observing Apache HugeGraph-Server CVE-2024-27348 RCE "POST /gremlin" exploitation attempts from multiple sources. PoC code is public since early June. If you run HugeGraph, make sure to update: https://t.co/aHTRgPoBxQ
NVD entry: https://t.co/KVCoBShVvI
— The Shadowserver Foundation (@Shadowserver) July 16, 2024
The situation has become more urgent since early June when proof-of-concept (PoC) exploit code was publicly released on GitHub, making it easier for malicious actors to identify and compromise vulnerable systems.
To mitigate this critical security risk, users of Apache HugeGraph-Server are strongly advised to take the following actions immediately:
- Upgrade to version 1.3.0 or later, which includes patches for this vulnerability.
- Switch to Java 11, which offers improved security features.
- Enable the authentication system to enhance access control.
- Implement the “Whitelist-IP/port” function to restrict RESTful-API execution to trusted sources.
Given the severity of the vulnerability and the ongoing exploitation attempts, organizations using Apache HugeGraph-Server should prioritize these security measures to protect their systems and data from potential compromise.
The specific versions of Apache HugeGraph-Server affected by the CVE-2024-27348 vulnerability are:
- Apache HugeGraph-Server versions 1.0.0 to 1.2.1
This vulnerability impacts all versions from the initial release 1.0.0 up to, but not including, version 1.3.0.The affected versions run on both Java 8 and Java 11 environments.
It’s important to note that version 1.3.0 and later are not vulnerable, as this version includes the patch that fixes the remote code execution vulnerability.Users are strongly advised to upgrade to version 1.3.0 or later to mitigate this security risk.
#Cyber_Security #Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
