Rewterz Threat Advisory – Multiple Apache Gobblin and ActiveMQ Artemis Vulnerabilities

Rewterz Threat Alert – APT32 Ocean Lotus – Active IOCs

February 24, 2022

Rewterz Threat Advisory – CVE-2022-0517 – Mozilla VPN Vulnerability

February 25, 2022

Rewterz Threat Advisory – Multiple Apache Gobblin and ActiveMQ Artemis Vulnerabilities

Severity

High

Analysis Summary

CVE-2022-24288

Apache Airflow could allow a remote attacker to execute arbitrary commands on the system, caused by improper input validation by the DAGs. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system.

CVE-2021-45229

Apache Airflow is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the Origin Query parameter. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.

Impact

Command Execution
Cross-Site Scripting

Indicators of Compromise

CVE

CVE-2022-24288
CVE-2021-45229

Affected Vendors

Apache

Affected Products

Apache Airflow 2.2.3

Remediation

Upgrade to the latest version of Apache Airflow, available from the Apache Web site.

https://airflow.apache.org/

Rewterz Threat Alert – APT32 Ocean Lotus – Active IOCs

Rewterz Threat Advisory – CVE-2022-0517 – Mozilla VPN Vulnerability

Rewterz Threat Advisory – Multiple Apache Gobblin and ActiveMQ Artemis Vulnerabilities

Severity

Analysis Summary

CVE-2022-24288

CVE-2021-45229

Impact

Indicators of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan