Urgent Apache HugeGraph Security Vulnerability Being Exploited – Apply Patch Immediately
Malicious actors are actively taking advantage of a recently exposed severe security weakness affecting Apache HugeGraph-Server which might result in attacks allowing remote code execution.
Identified as CVE-2024-27348 (CVSS score: 9.8), the vulnerability impacts all editions of the software before 1.3.0. It has been characterized as a flaw for executing commands remotely in the Gremlin graph traversal language API.
“Users are advised to update to version 1.3.0 with Java11 and activate the Authentication system, addressing the problem,” noted the Apache Software Foundation in late April 2024. “Additionally, you may enable the ‘Whitelist-IP/port’ feature to boost the security of RESTful-API execution.”
Further detailed technical information about the vulnerability was made public by the penetration testing company SecureLayer7 in early June, illustrating that it enables a hacker to bypass barriers and achieve code execution, giving them full control over a vulnerable server.
This week, the Shadowserver Foundation reported detecting actual exploitation attempts using the vulnerability, making it necessary for users to promptly implement the most recent updates.
“We are witnessing exploitation attempts of Apache HugeGraph-Server CVE-2024-27348 RCE ‘POST /gremlin’ from various sources,” it stated. “Proof-of-concept code has been public since early June. Update immediately if you are utilizing HugeGraph.”
Weaknesses discovered in Apache projects have become attractive attack channels for both nation-state and financially motivated threat actors in recent times, with vulnerabilities in Log4j, ActiveMQ, and RocketMQ being extensively exploited to infiltrate targeted environments.
About Author
