June 26, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Multiple WordPress Plugins Vulnerabilities
January 7, 2025
Multiple Trend Micro Products Vulnerabilities
January 7, 2025
Multiple WordPress Plugins Vulnerabilities
January 7, 2025
Multiple Trend Micro Products Vulnerabilities
January 7, 2025
Severity
Medium
Analysis Summary
CVE-2024-54677 CVSS:5.3
Apache Tomcat is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw in the examples web application. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2024-53947 CVSS:4.3
Apache Superset is vulnerable to SQL injection. A remote authenticated attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.
CVE-2024-53949 CVSS:8.1
Apache Superset could allow a remote authenticated attacker to gain elevated privileges on the system, caused by an improper authorization vulnerability when FAB_ADD_SECURITY_API is enabled (disabled by default). An attacker could exploit this vulnerability to allow lower privilege users to use this API.
Impact
- Denial of Service
- Data Manipulation
- Privilege Escalation
Indicators of Compromise
CVE
- CVE-2024-54677
- CVE-2024-53947
- CVE-2024-53949
Affected Vendors
Apache
Affected Products
- Apache Tomcat - 10.1.0-M1
- Apache Tomcat - 9.0.0.M1
- Apache Tomcat - 9.0.97
- Apache Tomcat - 10.1.33
- Apache Superset 4.0.2
Remediation
Upgrade to the latest version of Apache, available from the Apache Website.