Rewterz Threat Advisory – Multiple Kubernetes Vulnerabilities Exploited
October 22, 2023Rewterz Threat Advisory – Multiple VMware Products Vulnerabilities
October 22, 2023Rewterz Threat Advisory – Multiple Kubernetes Vulnerabilities Exploited
October 22, 2023Rewterz Threat Advisory – Multiple VMware Products Vulnerabilities
October 22, 2023Severity
Medium
Analysis Summary
CVE-2023-44483
Apache Santuario could allow a remote authenticated attacker to obtain sensitive information, caused by the storage of a private key in the log files when using the JSR 105 API. By gaining access to the log files, an attacker could exploit this vulnerability to obtain the private key information, and use this information to launch further attacks against the affected system.
Impact
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2023-44483
Affected Vendors
Apache
Affected Products
- Apache Santuario 2.2.5
- Apache Santuario 2.3.3
- Apache Santuario 3.0.2
Remediation
Upgrade to the latest version of Santuario available from the Apache Web site.