RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11 Users are recommended to upgrade to version 1.3.0 with Java11 & enable the Auth system, which fixes the issue.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HApache Hugegraph
APPApache1.0.0 – 1.3.0 (bez)
CISA KEV — detailsi
- Vendori
- Apache ↗
- Producti
- HugeGraph-Server
- Added to KEVi
- September 18, 2024
- Remediation deadline (US Federal)i
- October 9, 2024(overdue)
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Apache HugeGraph-Server contains an improper access control vulnerability that could allow a remote attacker to execute arbitrary code.
Related vulnerabilities
Authentication Bypass w Apache HugeGraph-Server (zakładane niezmienne dane)
Pominięcie uwierzytelnienia przez spoofing w Apache HugeGraph-Server
A remote code execution vulnerability exists where a malicious Raft node can exploit insecure Hessian deserial...
Apache Tomcat: Path Equivalence prowadzący do RCE i ujawnienia danych
Apache OFBiz — nieautoryzowane wykonanie kodu przez błędną autoryzację