June 30, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Bitter APT – Active IOCs
October 16, 2024CISA Alerts Users of Active Exploitation of SolarWinds Help Desk Software Flaw
October 16, 2024Bitter APT – Active IOCs
October 16, 2024CISA Alerts Users of Active Exploitation of SolarWinds Help Desk Software Flaw
October 16, 2024
Severity
High
Analysis Summary
CVE-2024-47554 CVSS:5.3
Apache Commons IO is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw in the org.apache.commons.io.input.XmlStreamReader class. By sending a specially crafted input, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2024-47561 CVSS:8.8
Apache Avro could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in schema parsing in the Java SDK. By sending a specially crafted request using the "java-class" attribute, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-45720 CVSS:7.8
Apache Subversion could allow a local authenticated attacker to execute arbitrary commands on the system, caused by a command line argument injection flaw. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands and execution of other programs on the system.
Impact
- Denial of Service
- Code Execution
- Gain Access
Indicators of Compromise
CVE
- CVE-2024-47554
- CVE-2024-47561
- CVE-2024-45720
Affected Vendors
Apache
Affected Products
- Apache Commons IO - 2.13.0
- Apache Avro - 1.11.3
- Apache Subversion - 1.14.3
Remediation
Upgrade to the latest version of Apache, available from the Apache Website.