- Apache Software Foundation discovers flaws in MINA, HugeGraph-Server and Traffic Control
- One of the defects has a severity rating of 10/10
- All bugs have been fixed, administrators are urged to apply the fixes as soon as possible
The Apache Software Foundation has released fixes for multiple vulnerabilities discovered in three different solutions: MINA, HugeGraph-Server, and Traffic Control. The maximum score for one flaw is 10/10.
Apache MINA is a network application framework that simplifies the development of high-performance and scalable communication protocols and applications by abstracting low-level I/O operations. Multiple versions (2.0 – 2.0.26, 2.1 – 2.1.9, and 2.2 – 2.2.3) were found to be vulnerable to allowing threat actors Remotely execute arbitrary codeso the severity score is 10/10.
It is tracked as CVE-2024-52046 and resolved in versions 2.0.27, 2.1.10, and 2.2.4. However, as Computer beeps Merely applying the patch is not enough, the report says, as users will also need to manually set denials for all categories unless explicitly allowed by one of the three methods provided.
Attacks during the winter holidays
The other two vulnerabilities are tracked as CVE-2024-43441 and CVE-2024-45387. The first is described as an authentication bypass issue, discovered in Apache HugeGraph-Server versions 1.0 – 1.3, and resolved in version 1.5.0. The last one is a SQL injection vulnerability affecting Traffic Ops versions 8.0.0 – 8.0.1, which has been resolved in version 8.0.2. It has a severe severity rating of 9.9.
The winter holidays are notorious for being the most active time of year for hackers. With increased traffic and many employees on furlough, businesses are facing greater risks than usual. Cybercriminals are aware of this and are taking advantage of this fact to launch devastating attacks starting on Christmas Eve.
Therefore, the Apache Software Foundation urges system administrators to upgrade their software to the latest version as soon as possible.
through Computer beeps