DE
DE EN
DE
DE EN
Kontakt
Anmeldung
Themen
Finanzen & Versicherung
Handel
Industrie
IT & Beratung
Tourismus
Transport
Recht
Öffentlich

CISA warns of actively exploited Apache HugeGraph-Server bug

0
Teilen:

The U.S. Cybersecurity and Infrastructure Agency (CISA) has added five flaws to its Known Exploited Vulnerabilities (KEV) catalog, among which is a remote code execution (RCE) flaw impacting Apache HugeGraph-Server.

The flaw, tracked as CVE-2024-27348 and rated critical (CVSS v3.1 score: 9.8), is an improper access control vulnerability that impacts HugeGraph-Server versions from 1.0.0 and up to, but not including 1.3.0.

Apache fixed the vulnerability on April 22, 2024, with the release of version 1.3.0. Apart from upgrading to the latest version, users were also recommended to use Java 11 and enable the Auth system.

Also, enabling the “Whitelist-IP/port” function was proposed to improve the security of the RESTful-API execution, which was involved in potential attack chains.

Now, CISA has warned that active exploitation of CVE-2024-27348 has been observed in the wild, giving federal agencies and other critical infrastructure organizations until October 9, 2024, to apply mitigations or discontinue the use of the product.

Apache HugeGraph-Server is the core component of the Apache HugeGraph project, an open-source graph database designed for handling large-scale graph data with high performance and scalability, supporting complex operations required in deep relationship exploitation, data clustering, and path searches.

The product is used, among others, by telecom providers for fraud detection and network analysis, financial services for risk control and transaction pattern analysis, and social networks for connection analysis and automated recommendation systems.

With active exploitation underway and the product used in apparently high-value enterprise environments, applying the available security updates and mitigations as soon as possible is exigent.

The other four flaws added to KEV this time are:

  • CVE-2020-0618: Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability
  • CVE-2019-1069: Microsoft Windows Task Scheduler Privilege Escalation Vulnerability
  • CVE-2022-21445: Oracle JDeveloper Remote Code Execution Vulnerability
  • CVE-2020-14644: Oracle WebLogic Server Remote Code Execution Vulnerability

The inclusion of these older vulnerabilities is not an indication of recent exploitation but serves to enrich the KEV catalog by documenting security flaws that were confirmed to have been used in attacks at some point in the past.

Bill Toulas

Kommentar verfassen

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert

lade-bild
London, GB
10:42 am, Juni 24, 2025
Wetter-Symbol 19°C
L: 18° | H: 20°
broken clouds
Luftfeuchtigkeit: 77 %
Druck: 1012 mb
Wind: 12 mph WSW
Windböe: 0 mph
UV-Index: 0
Niederschlag: 0 mm
Wolken: 75%
Regen Chance: 0%
Sichtbarkeit: 10 km
Sonnenaufgang: 4:43 am
Sonnenuntergang: 9:21 pm
TäglichStündlich
Tägliche VorhersageStündliche Vorhersage
Today 10:00 pm
Wetter-Symbol
18° | 20°°C 0 mm 0% 14 mph 76 % 1012 mb 0 mm/h
Tomorrow 10:00 pm
Wetter-Symbol
16° | 28°°C 0 mm 0% 8 mph 87 % 1013 mb 0 mm/h
Do. Juni 26 10:00 pm
Wetter-Symbol
17° | 23°°C 0.97 mm 97% 14 mph 88 % 1017 mb 0 mm/h
Fr. Juni 27 10:00 pm
Wetter-Symbol
15° | 27°°C 0 mm 0% 15 mph 67 % 1021 mb 0 mm/h
Sa. Juni 28 10:00 pm
Wetter-Symbol
17° | 26°°C 0 mm 0% 9 mph 81 % 1024 mb 0 mm/h
Today 1:00 pm
Wetter-Symbol
19° | 20°°C 0 mm 0% 13 mph 76 % 1012 mb 0 mm/h
Today 4:00 pm
Wetter-Symbol
22° | 24°°C 0 mm 0% 14 mph 60 % 1011 mb 0 mm/h
Today 7:00 pm
Wetter-Symbol
24° | 24°°C 0 mm 0% 13 mph 50 % 1011 mb 0 mm/h
Today 10:00 pm
Wetter-Symbol
20° | 20°°C 0 mm 0% 10 mph 67 % 1012 mb 0 mm/h
Tomorrow 1:00 am
Wetter-Symbol
18° | 18°°C 0 mm 0% 8 mph 79 % 1012 mb 0 mm/h
Tomorrow 4:00 am
Wetter-Symbol
16° | 16°°C 0 mm 0% 6 mph 87 % 1012 mb 0 mm/h
Tomorrow 7:00 am
Wetter-Symbol
17° | 17°°C 0 mm 0% 7 mph 81 % 1013 mb 0 mm/h
Tomorrow 10:00 am
Wetter-Symbol
22° | 22°°C 0 mm 0% 6 mph 59 % 1013 mb 0 mm/h
Wetter von OpenWeatherMap
Name Preis24H (%)
Bitcoin(BTC)
€90,894.45
3.80%
Ethereum(ETH)
€2,089.08
7.66%
Fesseln(USDT)
€0.86
0.05%
XRP(XRP)
€1.89
9.14%
Solana(SOL)
€124.84
7.90%
USDC(USDC)
€0.86
0.01%
Dogecoin(DOGE)
€0.141466
7.40%
Shiba Inu(SHIB)
€0.000010
8.76%
Pepe(PEPE)
€0.000009
13.33%
Risikomonitor
Erkennen und überwachen Sie IT-Schwachstellen mit nur einem Klick, bevor es zu spät ist.

Verbindung zum Dienstprogramm

Nützlicher Link

Newsletter

Folgen Sie uns

Facebook Twitter Youtube Linkedin

© 2025 risikomonitor.com gmbh

Nach oben scrollen