Rewterz Threat Advisory – CVE-2022-0516 – Linux Kernel Vulnerability
February 14, 2022Rewterz Threat Advisory – Multiple TP-Link Vulnerabilities
February 14, 2022Rewterz Threat Advisory – CVE-2022-0516 – Linux Kernel Vulnerability
February 14, 2022Rewterz Threat Advisory – Multiple TP-Link Vulnerabilities
February 14, 2022Severity
High
Analysis Summary
CVE-2022-24289
Apache Cayenne could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in the Hessian Component. By sending a specially-crafted payload, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2022-24112
Apache APISIX could allow a remote attacker to execute arbitrary code on the system, caused by an IP restriction of Admin API bypass flaw. By sending specially-crafted requests using the batch-requests plugin, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2021-44521
Apache Cassandra could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw when include configurations for enable_user_defined_functions: true, enable_scripted_user_defined_functions: true, and enable_user_defined_functions_threads: flase. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
- Code Execution
Indicators of Compromise
CVE
- CVE-2022-24289
- CVE-2022-24112
- CVE-2021-44521
Affected Vendors
Apache
Affected Products
- Apache Cayenne 4.1
- Apache APISIX 2.10
- Apache APISIX 2.12
Remediation
Upgrade to the latest version of Apache, available from the Apache Web site.
Apache Cayenne
Apache APISIX
Apache Cassandra