Rewterz Threat Advisory – CVE-2023-35797 – Apache Airflow Apache Hive Provider Vulnerability

Rewterz Threat Alert – APT Group Gamaredon aka Shuckworm – Active IOCs

July 4, 2023

Rewterz Threat Alert – GuLoader Malspam Campaign – Active IOCs

July 4, 2023

Rewterz Threat Advisory – CVE-2023-35797 – Apache Airflow Apache Hive Provider Vulnerability

Severity

High

Analysis Summary

CVE-2023-35797

Apache Airflow Apache Hive Provider could allow a remote attacker to execute arbitrary code on the system, caused by improper input validation by the principal parameter. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

Impact

Code Execution

Indicators Of Compromise

CVE

CVE-2023-35797

Affected Vendors

Apache

Affected Products

Apache Airflow Hive Provider 6.1.0

Remediation

Upgrade to the latest version of Apache Airflow Apache Hive Provider, available from the Apache Web site.

Apache Web site

Rewterz Threat Alert – APT Group Gamaredon aka Shuckworm – Active IOCs

Rewterz Threat Alert – GuLoader Malspam Campaign – Active IOCs

Rewterz Threat Advisory – CVE-2023-35797 – Apache Airflow Apache Hive Provider Vulnerability

Severity

Analysis Summary

Impact

Indicators Of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan