Severity
High
Analysis Summary
CVE-2024-34365 CVSS:7.5
Apache Karaf Cave is vulnerable to server-side request forgery, caused by improper input validation. By sending a specially crafted request, an attacker could exploit this vulnerability to conduct SSRF attack to gain arbitrary file access.
CVE-2024-26579 CVSS:9.8
Apache Inlong could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in JDBC. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-32113 CVSS:9.8
Apache OFBiz could allow a remote attacker to traverse directories on the system, caused by improper validation of user request. An attacker could send a specially crafted URL request containing "dot dot" sequences to execute arbitrary code on the system.
Impact
- Gain Access
- Code Execution
Indicators of Compromise
CVE
- CVE-2024-34365
- CVE-2024-26579
- CVE-2024-32113
Affected Vendors
Affected Products
- Apache InLong 1.7.0
- Apache InLong 1.8.0
- Apache InLong 1.9.0
- Apache InLong 1.10.0
- Apache Karaf Cave 4.2.1
Remediation
Refer to Apache Website for patch, upgrade, or suggested workaround information.