Rewterz Threat Alert – WSHRAT aka Houdini – Active IOCs
April 28, 2023Rewterz Threat Advisory – CVE-2023-30444 – IBM Watson Machine Learning on Cloud Vulnerability
April 28, 2023Rewterz Threat Alert – WSHRAT aka Houdini – Active IOCs
April 28, 2023Rewterz Threat Advisory – CVE-2023-30444 – IBM Watson Machine Learning on Cloud Vulnerability
April 28, 2023Severity
High
Analysis Summary
CVE-2023-30845
Google Cloud Platform ESPv2 could allow a remote attacker to bypass security restrictions, caused by improper authentication validation. By sending a specially crafted request using the X-HTTP-Method-Override header, an attacker could exploit this vulnerability to bypass JWT authentication.
Impact
- Bypass Security
Indicators Of Compromise
CVE
- CVE-2023-30845
Affected Vendors
Affected Products
- Google Cloud Platform ESPv2 2.20.0
- Google Cloud Platform ESPv2 2.42.0
Remediation
Upgrade to the latest version of ESPv2, available from the ESPv2 GIT Repository.