Severity
Medium
Analysis Summary
CVE-2023-43666 CVSS:6.5
Apache InLong could allow a remote authenticated attacker to obtain sensitive information, caused by insufficient verification of data authenticity. By sending a specially crafted request, an attacker could exploit this vulnerability to view all user data information, and use this information to launch further attacks against the affected system.
CVE-2023-43667 CVSS:6.5
Apache InLong is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.
CVE-2023-43668 CVSS:7.5
Apache InLong could allow a remote attacker to bypass security restrictions, caused by improper authorization validation. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass some sensitive params checks.
Impact
- Security Bypass
- Data Manipulation
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2023-43666
- CVE-2023-43667
- CVE-2023-43668
Affected Vendors
Apache
Affected Products
- Apache InLong 1.4.0
- Apache InLong 1.5.0
- Apache InLong 1.6.0
- Apache InLong 1.7.0
- Apache InLong 1.8.0
Remediation
Upgrade to the latest version of Apache InLong, available from the Apache Web site.