Rewterz Threat Advisory – CVE-2021-20034 – SonicWall SMA 100 series appliances
September 27, 2021Rewterz Threat Advisory – CVE-2021-23054 – F5 BIG-IP (APM) resource information page Vulnerability
September 27, 2021Rewterz Threat Advisory – CVE-2021-20034 – SonicWall SMA 100 series appliances
September 27, 2021Rewterz Threat Advisory – CVE-2021-23054 – F5 BIG-IP (APM) resource information page Vulnerability
September 27, 2021Severity
High
Analysis Summary
CVE-2021-36749
Apache Druid could allow a remote authenticated attacker to obtain sensitive information, caused by improper access control by the HTTP inputSource. By passing a file URL to the HTTP InputSource, an attacker could exploit this vulnerability to obtain data from other sources than intended, and use this information to launch further attacks against the affected system.
Impact
- Information Disclosure
Affected Vendors
- Apache
Affected Products
- Apache Druid 0.21.0
- Apache Druid 0.21.1
Remediation
Upgrade to the latest version of Apache Druid, available from the Apache Web site.