Multiple WordPress Plugins Vulnerabilities

July 31, 2024

RedLine Stealer – Active IOCs

August 1, 2024

CVE-2024-48362 – Apache Drill Vulnerability

July 31, 2024

Severity

High

Analysis Summary

CVE-2024-48362

Apache Drill could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by improper handling of XML external entity (XXE) declarations by the XML Format Reader. By using a specially crafted XML file, an attacker could exploit this vulnerability to execute arbitrary commands or read arbitrary files on the system.

Impact

Gain Access

Indicators of Compromise

CVE

CVE-2024-48362

Affected Vendors

Apache

Affected Products

Apache Drill 1.19.0
Apache Drill 1.21.1

Remediation

Upgrade to the latest version of Apache Drill, available from the Apache Website.

Apache Website

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

IBM i Flaw Enables Privilege Escalation by Attackers

Multiple Zoho ManageEngine Exchange Reporter Vulnerabilities

North Korean APT Deploys npm Supply Chain Malware for Crypto Theft – Active IOCs

Threat Insights

About Us

Our Leadership

CSR

Connect with Us