Rewterz Threat Advisory – CVE-2022-29405 – Apache Archiva Vulnerability

May 30, 2022

Severity

High

Analysis Summary

CVE-2022-29405

Apache Archiva could allow a remote authenticated attacker to bypass security restrictions, caused by a weakly configured password changing mechanism. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass authentication and obtain administrative access.

Impact

Security Bypass

Indicators Of Compromise

CVE

CVE-2022-29405

Affected Vendors

Apache

Affected Products

Apache Archiva 2.2.1
Apache Archiva 2.2.2
Apache Archiva 2.2.3
Apache Archiva 2.2.4

Remediation

Refer to the Archiva Website for patch, upgrade or suggested workaround information.

Archiva Website

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Threat Actors Conceal Malware in WordPress Sites for Remote Code Execution

Multiple Apple Products Vulnerabilities

Multiple WordPress Plugins Vulnerabilities

Threat Insights

About Us

Our Leadership

CSR

Connect with Us