Rewterz Threat Advisory – CVE-2023-46288 – Apache Airflow Vulnerability

Rewterz Threat Alert – Raccoon Infostealer – Active IOCs

October 24, 2023

Rewterz Threat Advisory – Multiple IBM Sterling Partner Engagement Manager Vulnerabilities

October 24, 2023

Rewterz Threat Advisory – CVE-2023-46288 – Apache Airflow Vulnerability

Severity

Medium

Analysis Summary

CVE-2023-46288

Apache Airflow could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw when “non-sensitive-only” configuration is set. By executing a specially crafted program, an attacker could exploit this vulnerability to obtain sensitive configuration information and then use this information to launch further attacks against the affected system.

Impact

Information Disclosure

Indicators Of Compromise

CVE

CVE-2023-46288

Affected Vendors

Apache

Affected Products

Apache Airflow 2.4.0
Apache Airflow 2.5.0
Apache Airflow 2.7.0
Apache Airflow 2.6.0

Remediation

Upgrade to the latest version of Santuario available from the Apache Web site.

Apache Web site

Rewterz Threat Alert – Raccoon Infostealer – Active IOCs

Rewterz Threat Advisory – Multiple IBM Sterling Partner Engagement Manager Vulnerabilities

Rewterz Threat Advisory – CVE-2023-46288 – Apache Airflow Vulnerability

Severity

Analysis Summary

Impact

Indicators Of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan