Rewterz Threat Advisory – CVE-2023-46750 – Apache Shiro Vulnerability
December 19, 2023Rewterz Threat Advisory – CVE-2023-41314 – Apache Doris Vulnerability
December 19, 2023Rewterz Threat Advisory – CVE-2023-46750 – Apache Shiro Vulnerability
December 19, 2023Rewterz Threat Advisory – CVE-2023-41314 – Apache Doris Vulnerability
December 19, 2023Severity
Low
Analysis Summary
CVE-2023-30867 CVSS:5.4
Apache StreamPark (incubating) is vulnerable to SQL injection. A remote authenticated attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.
CVE-2023-49898 CVSS:2.2
Apache StreamPark (incubating) could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by improper validation by the compilation parameters of Maven. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
Impact
- Gain Access
- Data Manipulation
Indicators Of Compromise
CVE
- CVE-2023-30867
- CVE-2023-49898
Affected Vendors
Apache
Affected Products
- Apache StreamPark (incubating) 2.0.0
- Apache StreamPark (incubating) 2.1.1
Remediation
Upgrade to the latest version of StreamPark (incubating), available from the Apache Website.