March 11, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert –New Spear-Phishing Campaign Delivering AllaKore RAT Targets Mexican Financial Institutions – Active IOCs
January 29, 2024ewterz Threat Alert –SystemBC Malware – Active IOCs
January 30, 2024Rewterz Threat Alert –New Spear-Phishing Campaign Delivering AllaKore RAT Targets Mexican Financial Institutions – Active IOCs
January 29, 2024ewterz Threat Alert –SystemBC Malware – Active IOCs
January 30, 2024
Severity
High
Analysis Summary
CVE-2023-29055
Apache Kylin could allow a remote attacker to obtain sensitive information, caused by an insufficiently protected credentials in config file. By sniffing the network when kylin service runs over HTTP protocl, an attacker could exploit this vulnerability to obtain credentials information, and use this information to launch further attacks against the affected system.
Impact
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2023-29055
Affected Vendors
Apache
Affected Products
- Apache Kylin 4.0.3
- Apache Kylin 2.0.0
Remediation
Upgrade to the latest version of Apache Kylin, available from the Apache Website.