Revenge RAT aka Revetrat – Active IOCs
August 22, 2024Multiple VMware Tanzu Vulnerabilities
August 22, 2024Revenge RAT aka Revetrat – Active IOCs
August 22, 2024Multiple VMware Tanzu Vulnerabilities
August 22, 2024Severity
High
Analysis Summary
CVE-2024-22281 CVSS:7.5
Apache Helix could allow a remote attacker to conduct spoofing attacks, caused by the use of a hard-coded secret in the Front (UI) component. By generating fake cookies, an attacker could exploit this vulnerability to spoof sessions.
CVE-2024-43202 CVSS:9.8
Apache DolphinScheduler could allow a remote attacker to execute arbitrary code on the system, caused by an unspecified flaw. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-41909 CVSS:5.3
Apache MINA SSHD could allow a remote attacker to bypass security restrictions. By intercepting traffic between client and server could drop certain packets from the stream, potentially causing client and server to consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack.
Impact
- Code Execution
- Security Bypass
Indicators of Compromise
CVE
- CVE-2024-22281
- CVE-2024-43202
- CVE-2024-41909
Affected Vendors
Affected Products
- Apache DolphinScheduler 3.2.1
- Apache Helix
- Apache MINA SSHD - 2.11.0
Remediation
Upgrade to the latest version of Apache Products, available from the Apache Website.