March 25, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – Multiple Cisco Products Vulnerabilities
March 8, 2024Rewterz Threat Advisory – CVE-2024-22256 – VMware Cloud Director Vulnerability
March 8, 2024Rewterz Threat Advisory – Multiple Cisco Products Vulnerabilities
March 8, 2024Rewterz Threat Advisory – CVE-2024-22256 – VMware Cloud Director Vulnerability
March 8, 2024
Severity
Medium
Analysis Summary
CVE-2023-50740 CVSS:6.5
Apache Linkis could allow a remote authenticated attacker to obtain sensitive information, caused by the storage of password in the log file by the DataSource module. By gaining access to the log file, an attacker could exploit this vulnerability to obtain password information, and use this information to launch further attacks against the affected system.
CVE-2024-26580 CVSS:6.5
Apache InLong could allow a remote authenticated attacker to obtain sensitive information, caused by an unsafe deserialization flaw. By sending a specially crafted payload, an attacker could exploit this vulnerability to read arbitrary files on the system, and use this information to launch further attacks against the affected system.
Impact
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2023-50740
- CVE-2024-26580
Affected Vendors
Apache
Affected Products
- Apache InLong 1.4.0
- Apache InLong 1.5.0
- Apache InLong 1.6.0
- Apache InLong 1.7.0
- Apache InLong 1.8.0
- Apache InLong 1.9.0
- Apache InLong 1.10.0
Remediation
Upgrade to the latest version of Apache Linkis, available from the Apache Website.