Rewterz Threat Alert – Russian SVR/APT29 Reactivated After SolarWinds Supply Chain Attack
April 27, 2021Rewterz Threat Advisory – Multiple Google Chrome Vulnerabilities
April 28, 2021Rewterz Threat Alert – Russian SVR/APT29 Reactivated After SolarWinds Supply Chain Attack
April 27, 2021Rewterz Threat Advisory – Multiple Google Chrome Vulnerabilities
April 28, 2021Severity
High
Analysis Summary
CVE-2021-30638
Apache Tapestry allows a remote attacker to obtain sensitive information on the affected system. The vulnerability is caused by a flaw in the context asset handling. The vulnerability can be exploited by an attacker by sending a specially crafted URL request that downloads arbitrary files inside WEB-INF. This information can be used to launch further attacks on the system.
CVE-2021-30128; CVE-2021-29200
Apache OFBiz allows a remote attacker to execute arbitrary codes on the system. The vulnerability is caused by an unsafe deserialization flaw. The vulnerability can be exploited by an attacker by sending a specially crafted input request to execute arbitrary codes on the system.
CVE-2021-28125
Apache Superset allows a remote attacker to conduct phishing attacks. The vulnerability is caused by an open redirect vulnerability in the dashboard. The vulnerability can be exploited by an attacker by sending a specially crafted URL request that redirects a victim to arbitrary websites.
CVE-2020-17517
Apache Ozone allows a remote attacker to obtain sensitive information on the affected system. The vulnerability is caused by improper access control. The vulnerability can be exploited by an attacker by sending a specially crafted curl command or HTTP request that obtains buckets and keys information. This information can be used to launch further attacks on the system.
Impact
- Denial of Service
- Information Security
- Information Disclosure
- Remote Code Execution
Affected Vendors
Apache
Affected Products
- Apache Tapestry 4.0
- Apache OFBiz 17.12.06
- Apache Superset 1.0.0
- Apache Ozone 1.0.0
- Apache Tapestry 5.6.3
- Apache Tapestry 5.7.0
- Apache Tapestry 5.7.1
Remediation
Download the latest patches and upgrade to the latest versions of Apache Tapestry, Apache OFBiz, Apache Superset, and Apache Ozone from https://www.apache.org/