Rewterz Threat Alert – Raccoon Infostealer – Active IOCs
October 24, 2023Rewterz Threat Advisory – Multiple IBM Sterling Partner Engagement Manager Vulnerabilities
October 24, 2023Rewterz Threat Alert – Raccoon Infostealer – Active IOCs
October 24, 2023Rewterz Threat Advisory – Multiple IBM Sterling Partner Engagement Manager Vulnerabilities
October 24, 2023Severity
Medium
Analysis Summary
CVE-2023-46288
Apache Airflow could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw when “non-sensitive-only” configuration is set. By executing a specially crafted program, an attacker could exploit this vulnerability to obtain sensitive configuration information and then use this information to launch further attacks against the affected system.
Impact
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2023-46288
Affected Vendors
Apache
Affected Products
- Apache Airflow 2.4.0
- Apache Airflow 2.5.0
- Apache Airflow 2.7.0
- Apache Airflow 2.6.0
Remediation
Upgrade to the latest version of Santuario available from the Apache Web site.