Close Menu
Indo Guard OnlineIndo Guard Online
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
What's Hot

Google exposes Vishing Group UNC6040 target on Salesforce with a fake app for a data loader

June 4, 2025

Malicious Chaos Rats are aimed at Windows and Linux via fake network downloads

June 4, 2025

Why do traditional DLP solutions do not get in the browser era

June 4, 2025
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram YouTube
Indo Guard OnlineIndo Guard Online
Subscribe
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
Indo Guard OnlineIndo Guard Online
Home » A critical vulnerability in Apache HugeGraph is under attack
Global Security

A critical vulnerability in Apache HugeGraph is under attack

AdminBy AdminJuly 17, 2024No Comments2 Mins Read
Apache HugeGraph Vulnerability
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link


July 17, 2024Information hallVulnerability / Data Security

Apache HugeGraph Vulnerability

Threat actors are actively exploiting a recently discovered critical security flaw affecting Apache HugeGraph-Server that could lead to remote code execution attacks.

Tracked as CVE-2024-27348 (CVSS score: 9.8), art vulnerability affects all software versions prior to 1.3.0. This has been described as a remote command error in Gremlin Graph traversal language API.

“Users are advised to upgrade to version 1.3.0 with Java11 and enable the authentication system, which fixes the problem” – Apache Software Foundation noted at the end of April 2024 “Also, you can enable the “Whitelist-IP/port” function to increase the security of the RESTful-API execution.”

Cyber ​​security

Additional technical specifications The flaw was published by penetration testing firm SecureLayer7 in early June, which claimed it could allow an attacker to bypass sandboxing restrictions and achieve code execution, giving them full control over a vulnerable server.

The Shadowserver Foundation said this week that it has spotted exploit attempts in the wild that will take advantage of the flaw, so users need to apply the latest patches quickly.

“We are observing attempts to exploit the Apache HugeGraph-Server CVE-2024-27348 RCE ‘POST /gremlin’ from various sources,” it said. said. The “(proof of concept) code has been publicly available since early June. If you run HugeGraph, be sure to update.”

Vulnerabilities discovered in the Apache project have been lucrative attack vectors for nation-states and financially motivated threat actors in recent years, and flaws in Log4j, ActiveMQ, and RocketMQ have been heavily exploited to infiltrate target environments.

Did you find this article interesting? Follow us Twitter  and LinkedIn to read more exclusive content we publish.





Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Admin
  • Website

Related Posts

Google exposes Vishing Group UNC6040 target on Salesforce with a fake app for a data loader

June 4, 2025

Malicious Chaos Rats are aimed at Windows and Linux via fake network downloads

June 4, 2025

Why do traditional DLP solutions do not get in the browser era

June 4, 2025

Packages malicious Pypi, NPM and Rubin

June 4, 2025

HPE releases security patch for Storeonce error, which allows by -by -distance authentication

June 4, 2025

Fake Docusign, Gitcode Sites Distributed Netsupport Rat Through Multiple Attack PowerShell

June 3, 2025
Add A Comment
Leave A Reply Cancel Reply

Loading poll ...
Coming Soon
Do You Like Our Website
: {{ tsp_total }}

Subscribe to Updates

Get the latest security news from Indoguardonline.com

Latest Posts

Google exposes Vishing Group UNC6040 target on Salesforce with a fake app for a data loader

June 4, 2025

Malicious Chaos Rats are aimed at Windows and Linux via fake network downloads

June 4, 2025

Why do traditional DLP solutions do not get in the browser era

June 4, 2025

Packages malicious Pypi, NPM and Rubin

June 4, 2025

HPE releases security patch for Storeonce error, which allows by -by -distance authentication

June 4, 2025

Fake Docusign, Gitcode Sites Distributed Netsupport Rat Through Multiple Attack PowerShell

June 3, 2025

Critical 10-year Error Webmail RoundCube allows users to run the malicious code

June 3, 2025

Understanding the scammers and how to defend their organization

June 3, 2025
About Us
About Us

Provide a constantly updating feed of the latest security news and developments specific to Indonesia.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks

Google exposes Vishing Group UNC6040 target on Salesforce with a fake app for a data loader

June 4, 2025

Malicious Chaos Rats are aimed at Windows and Linux via fake network downloads

June 4, 2025

Why do traditional DLP solutions do not get in the browser era

June 4, 2025
Most Popular

In Indonesia, crippling immigration ransomware breach sparks privacy crisis

July 6, 2024

Why Indonesia’s Data Breach Crisis Calls for Better Security

July 6, 2024

Indonesia’s plan to integrate 27,000 govt apps in one platform welcomed but data security concerns linger

July 6, 2024
© 2025 indoguardonline.com
  • Home
  • About us
  • Contact us
  • Privacy Policy

Type above and press Enter to search. Press Esc to cancel.