Lucene search

K
cveApacheCVE-2024-27348
HistoryApr 22, 2024 - 2:15 p.m.

CVE-2024-27348

2024-04-2214:15:07
CWE-284
apache
web.nvd.nist.gov
59
In Wild
20
apache hugegraph-server
remote command execution
cve-2024-27348
java8
java11
upgrade
auth system

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.7

Confidence

Low

EPSS

0.963

Percentile

99.6%

RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11

Users are recommended to upgrade to version 1.3.0 with Java11 & enable the Auth system, which fixes the issue.

Affected configurations

Nvd
Vulners
Vulnrichment
Node
apachehugegraphRange1.0.01.3.0
AND
oraclejdkMatch8
OR
oraclejdkMatch11
OR
oraclejreMatch8
OR
oraclejreMatch11
VendorProductVersionCPE
apachehugegraph*cpe:2.3:a:apache:hugegraph:*:*:*:*:*:*:*:*
oraclejdk8cpe:2.3:a:oracle:jdk:8:*:*:*:*:*:*:*
oraclejdk11cpe:2.3:a:oracle:jdk:11:*:*:*:*:*:*:*
oraclejre8cpe:2.3:a:oracle:jre:8:*:*:*:*:*:*:*
oraclejre11cpe:2.3:a:oracle:jre:11:*:*:*:*:*:*:*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Apache HugeGraph-Server",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThan": "1.3.0",
        "status": "affected",
        "version": "1.0.0",
        "versionType": "semver"
      }
    ]
  }
]

Social References

More

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.7

Confidence

Low

EPSS

0.963

Percentile

99.6%