CVE-2024-27348 Scanner
CVE-2024-27348 scanner - Remote Code Execution (RCE) vulnerability in Apache HugeGraph-Server
Short Info
Level
High
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
4 weeks
Scan only one
Domain, IPv4, Subdomain
Toolbox
-
Apache HugeGraph-Server is an open-source graph database designed for managing and analyzing large-scale graph data. It is widely used by organizations requiring high-performance graph data solutions. HugeGraph-Server supports environments running Java8 and Java11. The software is often implemented in complex data analysis and storage systems, providing scalable and efficient graph database management.
The vulnerability CVE-2024-27348 allows Remote Code Execution (RCE) within the Apache HugeGraph-Server. Specifically, it affects versions prior to 1.3.0, compromising the security of the system. This vulnerability enables attackers to execute arbitrary commands remotely through the gremlin component. Proper mitigations should be implemented to secure the affected systems.
The Remote Code Execution vulnerability in Apache HugeGraph-Server is found within the gremlin component. It allows an attacker to execute arbitrary commands by exploiting a specific endpoint with crafted input data. The vulnerable parameter involves manipulating Java objects via reflection. This could potentially enable unauthorized actions on the server by sending a specially crafted POST request to the gremlin endpoint.
Exploitation of this vulnerability can lead to complete compromise of the affected server. Attackers could execute arbitrary commands, resulting in unauthorized access to sensitive data, disruption of services, and further network infiltration. The severity of this vulnerability is critical as it allows remote execution of commands without any prior authentication.
Join the S4E platform to safeguard your digital assets effectively. With our comprehensive scanning tools, you can identify and mitigate vulnerabilities like the CVE-2024-27348 RCE in Apache HugeGraph-Server before they are exploited. Our platform provides detailed reports, timely updates, and expert recommendations to enhance your cybersecurity posture. Protect your infrastructure with our advanced, easy-to-use solutions and stay ahead of potential threats.
References:
- http://www.openwall.com/lists/oss-security/2024/04/22/3
- https://hugegraph.apache.org/docs/config/config-authentication/#configure-user-authentication
- https://lists.apache.org/thread/nx6g6htyhpgtzsocybm242781o8w5kq9
- https://github.com/Zeyad-Azima/CVE-2024-27348
- https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2024-27348
- https://nvd.nist.gov/vuln/detail/CVE-2024-27348
