Rewterz Threat Alert – PatchWork APT Threat Actor Group – Active IOCs
February 20, 2024Rewterz Threat Alert – Mustang Panda Uses Advanced PlugX Variant DOPLUGS to Target Asian Countries – Active IOCs
February 22, 2024Rewterz Threat Alert – PatchWork APT Threat Actor Group – Active IOCs
February 20, 2024Rewterz Threat Alert – Mustang Panda Uses Advanced PlugX Variant DOPLUGS to Target Asian Countries – Active IOCs
February 22, 2024Severity
High
Analysis Summary
CVE-2024-23807 CVSS:8.1
Apache Xerces C++ XML parser could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free flaw during the scanning of external DTDs. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-25141 CVSS:7.8
Apache Airflow Mongo Provider could provide weaker than expected security, caused by missing certificates validation due to default settings included “allow_insecure”. An attacker could exploit this vulnerability to launch further attacks on the system.
CVE-2023-49250 CVSS:9.8
Apache Dolphinscheduler is vulnerable to a man-in-the-middle attack, caused by an insecure TLS TrustManager used in HttpUtil. An attacker could exploit this vulnerability to launch a man-in-the-middle attack and gain access to the communication channel between endpoints to obtain sensitive information or further compromise the system.
CVE-2023-51770 CVSS:7.5
Apache Dolphinscheduler could allow a remote attacker to obtain sensitive information, caused by an arbitrary file read flaw. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVE-2023-50270 CVSS:9.8
Apache Dolphinscheduler could allow a remote attacker to bypass security restrictions, caused by a flaw with session do not expire after password change. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass access restrictions.
CVE-2023-49109 CVSS:9.8
Apache Dolphinscheduler could allow a remote attacker to execute arbitrary code on the system, caused by a code injection flaw. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
- Gain Access
- Code Execution
- Security Bypass
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2024-23807
- CVE-2024-25141
- CVE-2023-49250
- CVE-2023-51770
- CVE-2023-50270
- CVE-2023-49109
Affected Vendors
Apache
Affected Products
- Apache DolphinScheduler 3.0.0
- Apache DolphinScheduler 3.2.0
- Apache Xerces C++ XML parser 3.0.0
- Apache Xerces C++ XML parser 3.2.4
- Apache Airflow Mongo Provider 1.0.0
- Apache Airflow Mongo Provider 3.0.0
Remediation
Refer to Apache Website for patch, upgrade, or suggested workaround information.