Cyber@oeis.us
+1-424-279-7170
CISA warns of actively exploited Apache HugeGraph-Server worm

CISA warns of actively exploited Apache HugeGraph-Server worm

Oeisdigitalinvestigator.com:

The U.S. Cybersecurity and Infrastructure Agency (CISA) has added 5 flaws to its Known Exploited Vulnerabilities (KEV) catalog, among which is a a ways flung code execution (RCE) flaw impacting Apache HugeGraph-Server.

The flaw, tracked as CVE-2024-27348 and rated necessary (CVSS v3.1 ranking: 9.8), is an despicable gather entry to defend an eye fixed on vulnerability that impacts HugeGraph-Server versions from 1.0.0 and as much as, however now not alongside side 1.3.0.

Apache mounted the vulnerability on April 22, 2024, with the free up of version 1.3.0. Other than upgrading to the latest version, customers were additionally suggested to make employ of Java 11 and enable the Auth machine.

Also, enabling the “Whitelist-IP/port” feature became proposed to make stronger the safety of the RESTful-API execution, which became eager on doubtless assault chains.

Now, CISA has warned that energetic exploitation of CVE-2024-27348 has been noticed in the wild, giving federal businesses and diversified necessary infrastructure organizations unless October 9, 2024, to practice mitigations or dwell the employ of the product.

Apache HugeGraph-Server is the core component of the Apache HugeGraph mission, an initiating-source graph database designed for handling natty-scale graph recordsdata with high efficiency and scalability, supporting advanced operations required in deep relationship exploitation, recordsdata clustering, and path searches.

The product is extinct, among others, by telecom providers for fraud detection and community diagnosis, monetary companies and products for likelihood defend an eye fixed on and transaction sample diagnosis, and social networks for connection diagnosis and automated suggestion systems.

With energetic exploitation underway and the product extinct in it sounds as if high-fee endeavor environments, applying the available safety updates and mitigations as presently as that it’s doubtless you’ll perhaps be ready to think is exigent.

The diversified four flaws added to KEV this time are:

  • CVE-2020-0618: Microsoft SQL Server Reporting Services and products Faraway Code Execution Vulnerability
  • CVE-2019-1069: Microsoft Dwelling windows Job Scheduler Privilege Escalation Vulnerability
  • CVE-2022-21445: Oracle JDeveloper Faraway Code Execution Vulnerability
  • CVE-2020-14644: Oracle WebLogic Server Faraway Code Execution Vulnerability

The inclusion of these older vulnerabilities is now not a sign of most modern exploitation however serves to counterpoint the KEV catalog by documenting safety flaws that were confirmed to were extinct in assaults one day in the previous.

Learn More

oeisdigitalinvestigator.com
20 Sep 2024
Comment 0
Categoty: 
  • Blog

    • Leave a Comment

    Your email address will not be published. Required fields are marked *

    News & Blog

    Related Blog

    Examine the forefront of digital research in our Latest News & Blog. Study expert analyses, technological advancements, and key industry insights that keep you informed and prepared in the ever-evolving world of digital forensics.

    For expert assistance in safeguarding your digital world, trust OEIS, your professional digital private investigator. We are committed to providing you with the highest level of service and expertise. Contact us to learn more about how we can help protect your digital interests.

    Services

    Menu

    Usefull Links

    Menu

    Contact

    Contact Us

    Copyright ©2024  OEIS.US