Carding Forum
Professional
- Messages
- 2,788
- Reaction score
- 1,176
- Points
- 113
CVE-2024-27348 is actively exploited. The breach must be repaired immediately.
Attackers are actively exploiting a recently identified critical vulnerability in Apache HugeGraph-Server, which can lead to remote code execution. Identified as CVE-2024-27348 with a CVSS score of 9.8, the vulnerability affects all software versions prior to 1.3.0. It is described as a remote code execution error in the Gremlin Graph Traversal language API.
At the end of April 2024, the Apache Software Foundation recommended that users upgrade to version 1.3.0 from Java 11 and enable an authentication system that fixes this problem. It was also recommended to enable the "Whitelist-IP/port" function to improve the security of RESTful API execution.
Penetration testing company SecureLayer7 released additional technical details about the vulnerability in early June, saying that it allows attackers to bypass sandbox restrictions and execute code, gaining full control over the vulnerable server.
This week, Shadowserver specialists reported that they noticed attempts to exploit the vulnerability in real conditions, which makes it extremely important to quickly apply the latest fixes.
"We are seeing attempts to exploit the Apache HugeGraph-Server vulnerability CVE-2024-27348 via POST /gremlin from various sources," Shadowserver reported." The PoC code has been available since the beginning of June. If you use HugeGraph, be sure to upgrade."
In recent years, vulnerabilities discovered in Apache projects have become advantageous attack points for government and financially motivated attackers. Vulnerabilities such as those found in Log4j, ActiveMQ, and RocketMQ products have long been heavily exploited to penetrate target environments.
Vulnerabilities can be exploited by attackers for years, even after patches are released. Therefore, the key task of security teams is not just to know about patches, but to quickly and systematically apply all security updates. Procrastination in this matter leaves digital doors open to attacks, exposing the organization to constant risk. Timely updates in our time are not a luxury, but a severe necessity.
Source
Attackers are actively exploiting a recently identified critical vulnerability in Apache HugeGraph-Server, which can lead to remote code execution. Identified as CVE-2024-27348 with a CVSS score of 9.8, the vulnerability affects all software versions prior to 1.3.0. It is described as a remote code execution error in the Gremlin Graph Traversal language API.
At the end of April 2024, the Apache Software Foundation recommended that users upgrade to version 1.3.0 from Java 11 and enable an authentication system that fixes this problem. It was also recommended to enable the "Whitelist-IP/port" function to improve the security of RESTful API execution.
Penetration testing company SecureLayer7 released additional technical details about the vulnerability in early June, saying that it allows attackers to bypass sandbox restrictions and execute code, gaining full control over the vulnerable server.
This week, Shadowserver specialists reported that they noticed attempts to exploit the vulnerability in real conditions, which makes it extremely important to quickly apply the latest fixes.
"We are seeing attempts to exploit the Apache HugeGraph-Server vulnerability CVE-2024-27348 via POST /gremlin from various sources," Shadowserver reported." The PoC code has been available since the beginning of June. If you use HugeGraph, be sure to upgrade."
In recent years, vulnerabilities discovered in Apache projects have become advantageous attack points for government and financially motivated attackers. Vulnerabilities such as those found in Log4j, ActiveMQ, and RocketMQ products have long been heavily exploited to penetrate target environments.
Vulnerabilities can be exploited by attackers for years, even after patches are released. Therefore, the key task of security teams is not just to know about patches, but to quickly and systematically apply all security updates. Procrastination in this matter leaves digital doors open to attacks, exposing the organization to constant risk. Timely updates in our time are not a luxury, but a severe necessity.
Source
