CRITICAL🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2024-27348

CVSS 9.8v3.1pub. 2024-04-22upd. 2025-10-23

RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11 Users are recommended to upgrade to version 1.3.0 with Java11 & enable the Auth system, which fixes the issue.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Apache Hugegraph

    APP
    Apache
    1.0.0 – 1.3.0 (bez)

CISA KEV — detailsi

Vendori
Apache
Producti
HugeGraph-Server
Added to KEVi
September 18, 2024
Remediation deadline (US Federal)i
October 9, 2024(overdue)
Required action (CISA)i

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

CISA descriptioni

Apache HugeGraph-Server contains an improper access control vulnerability that could allow a remote attacker to execute arbitrary code.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 9 października 2024
CWE
References

Related vulnerabilities

CVE-2024-43441CRITICAL9.8PL ✓ten sam produkt

Authentication Bypass w Apache HugeGraph-Server (zakładane niezmienne dane)

CVE-2024-27349CRITICAL9.1PL ✓ten sam produkt

Pominięcie uwierzytelnienia przez spoofing w Apache HugeGraph-Server

CVE-2025-26866HIGH8.8ten sam produkt

A remote code execution vulnerability exists where a malicious Raft node can exploit insecure Hessian deserial...

CVE-2025-24813CRITICAL9.8⚠ KEVPL ✓ten sam vendor

Apache Tomcat: Path Equivalence prowadzący do RCE i ujawnienia danych

CVE-2024-38856CRITICAL9.8⚠ KEVPL ✓ten sam vendor

Apache OFBiz — nieautoryzowane wykonanie kodu przez błędną autoryzację