Multiple Apple tvOS Vulnerabilities

September 20, 2024

CISA Alerts of Active Exploitation of Apache HugeGraph-Server Flaw

September 20, 2024

Multiple Apache Druid Vulnerabilities

September 20, 2024

Severity

Medium

Analysis Summary

CVE-2024-45537 CVSS:5.4

Apache Druid could allow a remote authenticated attacker to bypass security restrictions, caused by improper authorization validation. By sending a specially crafted JDBC connection string, an attacker could exploit this vulnerability to provide properties that are not on allow list.

CVE-2024-45384 CVSS:6.5

Apache Druid could allow a remote attacker to bypass security restrictions, caused by a flaw in the druid-pac4j extension. By utilizing padding oracle attack techniques, an attacker could exploit this vulnerability to manipulate a pac4j session cookie.

Impact

Security Bypass

Indicators of Compromise

CVE

CVE-2024-45537
CVE-2024-45384

Affected Vendors

Apache

Affected Products

Apache Druid - 30.0.0
Apache Druid - 0.18.0

Remediation

Upgrade to the latest version of Apache, available from the Apache Website.

CVE-2024-45537

CVE-2024-45384

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Local Privilege Escalation to Root via Sudo chroot in Linux

CoinMiner Malware – Active IOCs

Google Warns of Active Exploits Targeting Chrome V8 Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Multiple Apple tvOS Vulnerabilities

CISA Alerts of Active Exploitation of Apache HugeGraph-Server Flaw

Severity

Medium

Analysis Summary

Indicators of Compromise

CVE

Affected Vendors

Affected Products

Remediation