Rewterz Threat Alert – Microsoft SQL Servers Exploited to Deploy FreeWorld Ransomware – Active IOCs
September 5, 2023Rewterz Threat Alert – SideWinder APT Group aka Rattlesnake – Active IOCs
September 5, 2023Rewterz Threat Alert – Microsoft SQL Servers Exploited to Deploy FreeWorld Ransomware – Active IOCs
September 5, 2023Rewterz Threat Alert – SideWinder APT Group aka Rattlesnake – Active IOCs
September 5, 2023Severity
Medium
Analysis Summary
CVE-2023-41180
Apache NiFi MiNiFi C++ is vulnerable to a man-in-the-middle attack, caused by an incorrect certificate validation in InvokeHTTP. An attacker could exploit this vulnerability to launch a man-in-the-middle attack and gain access to the communication channel between endpoints to obtain sensitive information or further compromise the system.
Impact
- Unauthorized Access
Indicators Of Compromise
CVE
- CVE-2023-41180
Affected Vendors
Apache
Affected Products
- Apache NiFi MiNiFi C++ 0.13
- Apache NiFi MiNiFi C++ 0.14
Remediation
Upgrade to the latest version of Apache NiFi MiNiFi C++, available from the Apache Website.