CVE-2024-38319 – IBM Security SOAR Vulnerability

June 24, 2024

Surge in Application Layer DDoS Attacks Hits UAE’s Growing Fintech Sector

June 24, 2024

CVE-2024-38379 – Apache Allura Vulnerability

June 24, 2024

Severity

Medium

Analysis Summary

CVE-2024-38379

Apache Allura is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by neighborhood settings. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.

Impact

Cross-Site Scripting

Indicators of Compromise

CVE

CVE-2024-38379

Affected Vendors

Apache

Affected Products

Apache Allura 1.4.0
Apache Allura 1.17.0

Remediation

Upgrade to the latest version of Allura, available from the Apache Website.

Apache Website

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

IBM i Flaw Enables Privilege Escalation by Attackers

Multiple Zoho ManageEngine Exchange Reporter Vulnerabilities

North Korean APT Deploys npm Supply Chain Malware for Crypto Theft – Active IOCs

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

CVE-2024-38319 – IBM Security SOAR Vulnerability

Surge in Application Layer DDoS Attacks Hits UAE’s Growing Fintech Sector

Severity

Medium

Analysis Summary

Indicators of Compromise

CVE

Affected Vendors

Affected Products

Remediation