Rewterz Threat Advisory – Multiple Apache Portable Runtime (APR) Products Vulnerabilities
February 6, 2023Rewterz Theat Update – Royal Ransomware’s Linux Version Targeting VMware ESXi servers
February 6, 2023Rewterz Threat Advisory – Multiple Apache Portable Runtime (APR) Products Vulnerabilities
February 6, 2023Rewterz Theat Update – Royal Ransomware’s Linux Version Targeting VMware ESXi servers
February 6, 2023Severity
High
Analysis Summary
CVE-2023-24997 CVSS:7.5
Apache InLong could allow a remote attacker to bypass security restrictions, caused by a Bypass Through User-Controlled Key vulnerability. By using a JDBC connection, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2023-24977 CVSS:7.5
Apache InLong could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read error. By using a JDBC connection, an attacker could exploit this vulnerability to read arbitrary files on the system.
Impact
- Security Bypass
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2023-24997
- CVE-2023-24977
Affected Vendors
Apache
Affected Products
- Apache InLong 1.2.0
- Apache InLong 1.1.0
- Apache InLong 1.3.0
- Apache InLong 1.4.0
- Apache InLong 1.5.0
Remediation
Upgrade to the latest version of Apache InLong, available from the Apache Web site.