Multiple SAP Products Vulnerabilities
August 6, 2024Bitter APT – Active IOCs
August 7, 2024Multiple SAP Products Vulnerabilities
August 6, 2024Bitter APT – Active IOCs
August 7, 2024Severity
Medium
Analysis Summary
CVE-2024-27182 CVSS:4.9
Apache Linkis could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw in the Basic management services. By sending a specially crafted request, an attacker could exploit this vulnerability to delete arbitrary files accessible by the Linkis system user.
CVE-2024-27181 CVSS:6.5
Apache Linkis could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Basic management services. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges to obtain Token information.
Impact
- Security Bypass
- Privilege Escalation
Indicators of Compromise
CVE
- CVE-2024-27182
- CVE-2024-27181
Affected Vendors
Affected Products
- Apache Linkis 1.5.0
- Apache Linkis 1.3.2
Remediation
Upgrade to the latest version of Apache, available from the Apache Website.