Menace actors are actively exploiting a not too long ago disclosed important security flaw impacting Apache HugeGraph-Server that might result in distant code execution assaults.
Tracked as CVE-2024-27348 (CVSS rating: 9.8), the vulnerability impacts all variations of the software program earlier than 1.3.0. It has been described as a distant command execution flaw within the Gremlin graph traversal language API.
“Customers are really useful to improve to model 1.3.0 with Java11 and allow the Auth system, which fixes the difficulty,” the Apache Software program Basis famous in late April 2024. “Additionally you may allow the ‘Whitelist-IP/port’ operate to enhance the security of RESTful-API execution.”
Extra technical specifics in regards to the flaw had been launched by penetration testing firm SecureLayer7 in early June, stating it permits an attacker to bypass sandbox restrictions and obtain code execution, giving them full management over a vulnerable server.
This week, the Shadowserver Basis stated it noticed in-the-wild exploitation makes an attempt that leverage the flaw, making it crucial that customers transfer rapidly to use the most recent fixes.
“We’re observing Apache HugeGraph-Server CVE-2024-27348 RCE ‘POST /gremlin’ exploitation makes an attempt from a number of sources,” it stated. “[Proof-of-concept] code is public since early June. In the event you run HugeGraph, be certain that to replace.”
Vulnerabilities found in Apache tasks have been profitable assault vectors for the nation-state and financially motivated menace actors in recent times, with flaws in Log4j, ActiveMQ, and RocketMQ coming beneath heavy exploitation to infiltrate goal environments.
