Rewterz Threat Advisory – CVE-2022-0330 – Linux Kernel Vulnerability
January 27, 2022Multiple Apple watchOS, tvOS, macOS Monterey, iOS and iPadOS Vulnerabilities
January 27, 2022Rewterz Threat Advisory – CVE-2022-0330 – Linux Kernel Vulnerability
January 27, 2022Multiple Apple watchOS, tvOS, macOS Monterey, iOS and iPadOS Vulnerabilities
January 27, 2022Severity
High
Analysis Summary
CVE-2022-23945
Apache ShenYu could allow a remote attacker to bypass security restrictions, caused by missing authentication on ShenYu Admin. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass access restrictions.
CVE-2022-23944
Apache ShenYu could allow a remote authenticated attacker to bypass security restrictions, caused by improper authentication. By sending a specially-crafted request, an attacker could exploit this vulnerability to access plugin api.
CVE-2022-23223
Apache ShenYu could allow a remote attacker to obtain sensitive information, caused by a flaw in the HTTP response. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information.
CVE-2022-22932
Apache Karaf could allow a remote attacker to traverse directories on the system, caused by a flaw in the karaf-maven-plugin. An attacker could send a specially-crafted URL request to view arbitrary folders on the system.
CVE-2021-45029
Apache ShenYu could allow a remote attacker to execute arbitrary code on the system, caused by Groovy Code Injection & SpEL Injection. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2021-41766
Apache Karaf could allow a remote attacker to execute arbitrary code on the system, caused by insecure java deserialization. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
- Security Bypass
- Information Disclosure
- Unauthorized Access
- Code Execution
Affected Vendors
Apache
Affected Products
- Apache ShenYu 2.4.0
- Apache ShenYu 2.4.1
- Apache Karaf 4.2.14
- Apache Karaf 4.3.5
Remediation
Upgrade to the latest version of Apache, available from the Apache Web site
Apache ShenYu:
Apache Karaf: