Rewterz Threat Advisory – Multiple Apache Airflow Vulnerabilities
February 24, 2023Rewterz Threat Alert – Bitter APT Group – Active IOCs
February 24, 2023Rewterz Threat Advisory – Multiple Apache Airflow Vulnerabilities
February 24, 2023Rewterz Threat Alert – Bitter APT Group – Active IOCs
February 24, 2023Severity
High
Analysis Summary
CVE-2023-25621
Apache Sling could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper access control in the i18n module. By creating specially-crafted i18n dictionaries, an attacker could exploit this vulnerability to gain elevated privileges.
Impact
- Privilege Escalation
Indicators Of Compromise
CVE
- CVE-2023-25621
Affected Vendors
Apache
Affected Products
- Apache Sling 2.5.18
Remediation
Upgrade to the latest version of Sling, available from the Apache Website.