Apache HugeGraph-Server RCE Vulnerability Under Active Attack

Attackers are actively exploiting a serious a ways away code execution (RCE) vulnerability in Apache HugeGraph-Server, which is tracked as CVE-2024-27348. The vulnerability impacts variations 1.0.0 to 1.3.0 of the liked start-offer graph database plan.

The flaw, which carries a severe CVSS earn of 9.8, enables unauthenticated attackers to withhold out arbitrary running system commands on inclined servers by exploiting lacking reflection filtering in the SecurityManager.

This offers attackers entire alter over the affected programs, doubtlessly enabling recordsdata theft, network infiltration, ransomware deployment, and diverse malicious activities.

The Shadowserver Basis has reported watching exploitation makes an try of CVE-2024-27348 from a couple of sources, namely concentrated on the “/gremlin” endpoint with POST requests.

The difficulty has develop into extra pressing since early June when proof-of-theory (PoC) exploit code used to be publicly released on GitHub, making it more straightforward for malicious actors to establish and compromise inclined programs.

To mitigate this serious security risk, users of Apache HugeGraph-Server are strongly told to rob the following actions straight away:

1. Upgrade to version 1.3.0 or later, which incorporates patches for this vulnerability.
2. Swap to Java 11, which offers improved security aspects.
3. Enable the authentication system to beef up earn admission to manage.
4. Enforce the “Whitelist-IP/port” impartial to limit RESTful-API execution to relied on sources.

Given the severity of the vulnerability and the continuing exploitation makes an try, organizations the utilization of Apache HugeGraph-Server will possess to prioritize these security measures to present protection to their programs and recordsdata from attainable compromise.

The particular variations of Apache HugeGraph-Server plagued by the CVE-2024-27348 vulnerability are:

• Apache HugeGraph-Server variations 1.0.0 to 1.2.1

This vulnerability impacts all variations from the initial start 1.0.0 up to, nonetheless not including, version 1.3.0. The affected variations elope on each and each Java 8 and Java 11 environments.

It’s well-known to point out that version 1.3.0 and later have to not inclined, as this version entails the patch that fixes the a ways away code execution vulnerability. Users are strongly told to give a seize to to version 1.3.0 or later to mitigate this security risk.