Experts find critical flaws
The Cyber Security Agency of Singapore has issued warning against three critical flaws in Apache software products. The Apache Software Foundation has released security patches to address these vulnerabilities, which can cause risk to users and organizations using these tools. The three critical vulnerabilities are CVE-2024-43441, CVE-2024-45387, and CVE-2024-52046.
About CVE-2024-43441, CVE-2024-45387, and CVE-2024-52046
Out of the affected Apache vulnerabilities, CVE-204-43441 impacts Apache HugeGraph-Server, a graph database server commonly used to deal with complex data relationships. This flaw lets hackers escape security checks, giving unauthorized access to data. Exploiting this flaw can allow threat actors to get entry to restricted systems without needing credentials.
The second flaw, CVE-2024-45387, has been found in Apache Traffic Control, a famous tool for optimizing and managing content delivery networks (CDNs). The flaw only affects Traffic Ops, an important part of Apache Traffic Control. Hackers can misuse this vulnerability to launch SQL injection attacks to modify databases, causing modification or unauthorized data access.
The third flaw, CVE-2024-52046, was found in a network application framework Apache MINA used for various applications. The vulnerability comes from the mishandling of Java’s des
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.