Rewterz Threat Alert – Remcos RAT – Active IOCs
November 19, 2021Rewterz Threat Alert – Quasar RAT – Active IOCs
November 22, 2021Rewterz Threat Alert – Remcos RAT – Active IOCs
November 19, 2021Rewterz Threat Alert – Quasar RAT – Active IOCs
November 22, 2021Severity
High
Analysis Summary
CVE-2021-36372
Apache Ozone could allow a remote authenticated attacker to bypass security restrictions, caused by an error when initially generated block tokens are persisted to the metadata database. An attacker could exploit this vulnerability to retrieve block tokens even after access is revoked.
CVE-2021-39231
Apache Ozone could allow a remote attacker to bypass security restrictions, caused by the availability of various internal server-to-server RPC endpoints for connections. An attacker could exploit this vulnerability to download raw data from Datanode and Ozone manager and modify Ratis replication configuration
CVE-2021-39233
Apache Ozone could allow a remote attacker to bypass security restrictions, caused by the improper authorization of container related Datanode requests of Ozone Datanode. An attacker could exploit this vulnerability to allow any client to make calls.
CVE-2021-39234
Apache Ozone could allow a remote authenticated attacker to bypass security restrictions. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass security checks like ACL and gain access to an existing block.
CVE-2021-39235
Apache Ozone could allow a remote authenticated attacker to bypass security restrictions, caused by the failure to check the access mode parameter of the block token by Ozone Datanode. An attacker could exploit this vulnerability to perform any write operation on the same block.
CVE-2021-39236
Apache Ozone could allow a remote authenticated attacker to bypass security restrictions. By creating specific OM requests, an attacker could exploit this vulnerability to impersonate any other user.
CVE-2021-41532
Apache Ozone could allow a remote attacker to obtain sensitive information, caused by a bug in Recon HTTP endpoints. An attacker could exploit this vulnerability to access the data from these endpoints.
Impact
- Security Bypass
- Unauthorized Access
- Information Disclosure
Affected Vendors
Apache
Affected Products
- Apache Ozone 1.1.0
Remediation
Upgrade to the latest version of Ozone, available from the Apache Website.