

Rewterz Threat Advisory – CVE-2022-40705 – Apache SOAP XML external Vulnerability
September 23, 2022
Rewterz Threat Alert – Qakbot (Qbot) Malware – Active IOCs
September 23, 2022
Rewterz Threat Advisory – CVE-2022-40705 – Apache SOAP XML external Vulnerability
September 23, 2022
Rewterz Threat Alert – Qakbot (Qbot) Malware – Active IOCs
September 23, 2022Severity
High
Analysis Summary
CVE-2022-40754
Apache Airflow could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in the /confirm endpoint. An attacker could exploit this vulnerability using a specially-crafted URL to redirect a victim to arbitrary Web sites.
Impact
- Remote Code Execution
Indicators Of Compromise
CVE
- CVE-2022-40754
Affected Vendors
- Apache
Affected Products
- Apache Airflow 2.3.4
- Apache Airflow 2.3.0
Remediation
Refer to Apache Security Advisory for patch, upgrade or suggested workaround information.