Rewterz Threat Update – International Law Enforcement Operation Disrupts LockBit Ransomware
February 20, 2024Rewterz Threat Alert – Russia-Linked Winter Vivern APT Leverages Roundcube Vulnerabilities to Target Over 80 Organizations – Active IOCs
February 20, 2024Rewterz Threat Update – International Law Enforcement Operation Disrupts LockBit Ransomware
February 20, 2024Rewterz Threat Alert – Russia-Linked Winter Vivern APT Leverages Roundcube Vulnerabilities to Target Over 80 Organizations – Active IOCs
February 20, 2024Severity
High
Analysis Summary
CVE-2024-23114 CVSS:9.8
Apache Camel could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in the CassandraAggregationRepository component. By sending specially crafted requests, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-22369 CVSS:9.8
Apache Camel could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in the JDBCAggregationRepository component. By sending specially crafted requests, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-23608 CVSS:5.5
Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error. By persuading a victim to open a specially crafted Pack200 file, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2024-25710 CVSS:5.5
Apache Commons Compress is vulnerable to a denial of service, caused by an infinite loop flaw. By persuading a victim to open a specially crafted DUMP file, a remote attacker could exploit this vulnerability to cause a denial of service condition.
Impact
- Denial of Service
- Gain Access
- Code Execution
Indicators Of Compromise
CVE
- CVE-2024-23114
- CVE-2024-22369
- CVE-2024-23608
- CVE-2024-25710
Affected Vendors
Apache
Affected Products
- Apache Camel 3.0.0
- Apache Camel 3.21.3
- Apache Camel 3.22.0
- Apache Camel 4.0.0
- Apache Camel 4.0.3
- Apache Camel 4.1.0
- Apache Camel 4.3.0
- Apache Commons Compress 1.25.0
- Apache Commons Compress 1.21
Remediation
Refer to the Apache Website for patch, upgrade, or suggested workaround information.