July 1, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
An Emerging Ducktail Infostealer – Active IOCs
August 28, 2024WordPress Sites May Be Subject to Remote Code Execution Due to Critical WPML Plugin Flaw
August 28, 2024An Emerging Ducktail Infostealer – Active IOCs
August 28, 2024WordPress Sites May Be Subject to Remote Code Execution Due to Critical WPML Plugin Flaw
August 28, 2024
Severity
Medium
Analysis Summary
CVE-2024-36448 CVSS:7.5
Apache IoTDB Workbench is vulnerable to server-side request forgery, caused by an unspecified flaw. By sending a specially crafted request, an attacker could exploit this vulnerability to conduct SSRF attack.
CVE-2023-49582 CVSS:4
Apache Portable Runtime could allow a local attacker to obtain sensitive information, caused by insecure permissions being set. By sending a specially crafted request, an attacker could exploit this vulnerability to gain read access to named shared memory segments, potentially revealing sensitive application data.
Impact
- Information Disclosure
Indicators of Compromise
CVE
- CVE-2024-36448
- CVE-2023-49582
Affected Vendors
Apache
Affected Products
- Apache IoTDB Workbench 0.13.0
- Apache Portable Runtime - 0.9.0
- Apache Portable Runtime - 1.7.4
Remediation
Upgrade to the latest version of Apache, available from the Apache Website.