March 12, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – An Emerging Heodo Malware – Active IOCs
November 8, 2022Rewterz Threat Advisory – CVE-2022-33684 – Apache Pulsar C++ Client Vulnerability
November 8, 2022Rewterz Threat Alert – An Emerging Heodo Malware – Active IOCs
November 8, 2022Rewterz Threat Advisory – CVE-2022-33684 – Apache Pulsar C++ Client Vulnerability
November 8, 2022
Severity
High
Analysis Summary
CVE-2022-37865
Apache Ivy could allow a local authenticated attacker to traverse directories on the system, caused by improper validation of user supplied input. An attacker could use a specially-crafted archive file containing “dot dot” sequences (/../) to write arbitrary files on the system.
Impact
Gain Access
Indicators Of Compromise
CVE
- CVE-2022-41061
Affected Vendors
Apache
Affected Products
- Apache Ivy 2.4.0
- Apache Ivy 2.5.0
Remediation
Upgrade to the latest version of Apache Ivy, available from the Apache Website.