March 7, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
APT Group Gamaredon aka Shuckworm – Active IOCs
April 24, 2024CoralRaider Malware Campaign Distributes Info-Stealers Using CDN Cache – Active IOCs
April 24, 2024APT Group Gamaredon aka Shuckworm – Active IOCs
April 24, 2024CoralRaider Malware Campaign Distributes Info-Stealers Using CDN Cache – Active IOCs
April 24, 2024
Severity
High
Analysis Summary
CVE-2024-27349 CVSS:7.5
Apache HugeGraph-Server could allow a remote attacker to bypass security restrictions, caused by an authentication bypass by spoofing. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass whitelist in Auth mode.
CVE-2024-27348 CVSS:9.8
Apache HugeGraph-Server could allow a remote attacker to execute arbitrary commands on the system, caused by a command injection flaw in gremlin. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CVE-2024-27347 CVSS:7.5
Apache HugeGraph-Hubble is vulnerable to server-side request forgery, caused by a flaw in the Hubble connection page. By using a specially crafted argument, an attacker could exploit this vulnerability to conduct SSRF attack.
Impact
- Gain Access
- Security Bypass
Indicators of Compromise
CVE
- CVE-2024-27349
- CVE-2024-27348
- CVE-2024-27347
Affected Vendors
Apache
Affected Products
- Apache HugeGraph-Server 1.0.0
- Apache HugeGraph-Server 1.2.0
Remediation
Upgrade to the latest version of Apache HugeGraph, available from the Apache Website.