September 11, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Microsoft Discovers Flaw in macOS Allowing to Circumvent Safari’s Privacy Controls
October 18, 2024
Multiple WordPress Plugins Vulnerabilities
October 18, 2024
Microsoft Discovers Flaw in macOS Allowing to Circumvent Safari’s Privacy Controls
October 18, 2024
Multiple WordPress Plugins Vulnerabilities
October 18, 2024
Severity
High
Analysis Summary
CVE-2024-45217 CVSS:8.1
Apache Solr could allow a remote authenticated attacker to bypass security restrictions, caused by an insecure default initialization of resource flaw. By sending a specially crafted request, an attacker could exploit this vulnerability to load custom code into classloaders.
CVE-2024-45216 CVSS:9.1
Improper Authentication vulnerability in Apache Solr. Solr instances using the PKIAuthenticationPlugin, which is enabled by default when Solr Authentication is used, are vulnerable to Authentication bypass. A fake ending at the end of any Solr API URL path, will allow requests to skip Authentication while maintaining the API contract with the original URL Path. This fake ending looks like an unprotected API path, however it is stripped off internally after authentication but before API routing.
CVE-2024-45462 CVSS:7.1
Apache CloudStack could allow a local authenticated attacker to bypass security restrictions, caused by not expire the user session completely by the logout operation. By gaining access to the user browser, an attacker could exploit this vulnerability to gain access to resources owned by the logged out user account.
CVE-2024-45461 CVSS:8.1
Apache CloudStack could allow a remote authenticated attacker to bypass security restrictions, caused by missing access check enforcement by the Quota plugin. By sending a specially crafted request, an attacker could exploit this vulnerability to access and modify quota-related configurations and data.
CVE-2024-45219 CVSS:9.8
Apache CloudStack could allow a remote attacker to bypass security restrictions, caused by improper for KVM-compatible templates or volumes. By uploading or registering specially crafted templates and volumes, an attacker could exploit this vulnerability to gain access to the host filesystems.
CVE-2024-45693 CVSS:9.1
Apache CloudStack could allow a remote attacker to bypass security restrictions, caused by missing validation of the origin of the requests. By sending a specially crafted request, an attacker could exploit this vulnerability to gain privileges and access to resources of the authenticated users and take over the account.
Impact
- Security Bypass
Indicators of Compromise
CVE
- CVE-2024-45217
- CVE-2024-45216
- CVE-2024-45462
- CVE-2024-45461
- CVE-2024-45219
- CVE-2024-45693
Affected Vendors
Apache
Affected Products
- Apache Solr - 6.6.0
- Apache Solr - 8.11.3
- Apache Solr - 9.0.0
- Apache Solr - 9.6.0
- Apache Solr - 5.3.0
- Apache CloudStack - 4.18.2.3
- Apache CloudStack - 4.19.1.1
- Apache Software Foundation Apache CloudStack - 4.15.1.0 - 4.19.0.0
- Apache Software Foundation Apache CloudStack - 4.0.0 - 4.19.0.0
- Apache CloudStack - 4.19.0.0
- Apache Software Foundation Apache CloudStack Quota plugin - 4.7.0 - 4.19.0.0
Remediation
Upgrade to the latest version of Apache, available from the Apache Website.