Vulnerability Summary for the Week of July 29, 2024

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
Apache Software Foundation–Apache SeaTunnel Web
 
Web Authentication vulnerability in Apache SeaTunnel. Since the jwt key is hardcoded in the application, an attacker can forge any token to log in any user. Attacker can get secret key in /seatunnel-server/seatunnel-app/src/main/resources/application.yml and then create a token. This issue affects Apache SeaTunnel: 1.0.0. Users are recommended to upgrade to version 1.0.1, which fixes the issue. 2024-07-30 9.1 CVE-2023-48396
security@apache.org
security@apache.org
 
n/a–n/a
 
An issue was discovered in Italtel i-MCS NFV 12.1.0-20211215. There is Incorrect Access Control. 2024-07-29 9.1 CVE-2024-28805
cve@mitre.org
 
n/a–n/

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from Bulletins

Read the original article: