Lazarus aka Hidden Cobra APT Group – Active IOCs
October 2, 2024Saudi Arabia and UAE Targeted by Plum Cyberattacks
October 2, 2024Lazarus aka Hidden Cobra APT Group – Active IOCs
October 2, 2024Saudi Arabia and UAE Targeted by Plum Cyberattacks
October 2, 2024Severity
Medium
Analysis Summary
CVE-2024-40761 CVSS:5.3
Apache Answer could allow a remote attacker to obtain sensitive information, caused by the use of a MD5 value for user's email to access Gravatar. By utilizing cryptographic attack techniques, an attacker could exploit this vulnerability to obtain user email addresses information, and use this information to launch further attacks against the affected system.
CVE-2024-23454 CVSS:3.3
Apache Hadoop could allow a remote attacker to obtain sensitive information, caused by not set permissions for temporary directory by default in the RunJar.run() function. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
Impact
- Information Disclosure
Indicators of Compromise
CVE
- CVE-2024-40761
- CVE-2024-23454
Affected Vendors
Affected Products
- Apache Apache Hadoop - 3.3.0
- Apache Software Foundation Apache Answer - 0
- Apache Answer - 1.3.5
Remediation
Upgrade to the latest version of Apache, available from the Apache Website.