Vulnerability Management, Network Security

Attacks leveraging critical Apache HugeGraph bug underway

Vulnerable Apache HugeGraph-Server instances impacted by the critical remote command execution flaw, tracked as CVE-2024-27348, were discovered by the Shadowserver Foundation to have been targeted by threat actors in attacks originating from various sources since the emergence of a proof-of-concept exploit last month, The Hacker News reports.

Exploitation of the security issue, which is an RCE within the Gremlin graph traversal language API that was addressed by the Apache Software Foundation in April, could potentially enable sandbox restriction evasion and eventual server takeovers, according to a report from SecureLayer7 last month. Apache previously urged organizations with the impacted HugeGraph-Server instances to implement the version 1.3.0 update with Java11 and activate the Auth system. "Also you could enable the 'Whitelist-IP/port' function to improve the security of RESTful-API execution," said Apache. Such a development comes after various attacks exploiting vulnerabilities in Apache Log4j, RocketMQ, and ActiveMQ.

An In-Depth Guide to Network Security

Get essential knowledge and practical strategies to fortify your network security.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds