CVE-2024-42323

Apache HertzBeat: RCE by snakeYaml deser load malicious xml

CVSS 8.8 HIGHEPSS 4.1%CWE-502

Vexday Risk Score

21Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 8.8EPSS 4.1%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Ciclo de vida

21 set 2024Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

SnakeYaml Deser Load Malicious xml rce vulnerability in Apache HertzBeat (incubating). This vulnerability can only be exploited by authorized attackers. This issue affects Apache HertzBeat (incubating): before 1.6.0. Users are recommended to upgrade to version 1.6.0, which fixes the issue.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Produtos afetados

Apache Software Foundation · Apache HertzBeat

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://lists.apache.org/thread/dwpwm572sbwon1mknlwhkpbom2y7skbx https://lists.apache.org/thread/r0c4tost4bllqc1n9q6rmzs1slgsq63t http://www.openwall.com/lists/oss-security/2024/09/21/1