Rewterz Threat Alert – Quasar RAT – Active IOCs
December 28, 2021Rewterz Threat Alert – APT C-23 aka AridViper Active in Middle East Region – Active IOCs
December 28, 2021Rewterz Threat Alert – Quasar RAT – Active IOCs
December 28, 2021Rewterz Threat Alert – APT C-23 aka AridViper Active in Middle East Region – Active IOCs
December 28, 2021Severity
High
Analysis Summary
CVE-2021-45232
Apache APISIX Dashboard could allow a remote attacker to bypass security restrictions, caused by improper authentication validation by the Manager API. By sending a specially-crafted request using the interface of framework “gin”, an attacker could exploit this vulnerability to bypass authentication.
Impact
- Security Bypass
Affected Vendors
Apache
Affected Products
- Apache APISIX Dashboard 2.10
Remediation
Upgrade to the latest version of Apache APISIX, available from the apisix-dashboard GIT Repository.