Apache Submarine Server Core: authorization bypass
CVE-2024-36265

9.8CRITICAL

Key Information:

Vendor: Apache
Status: Apache Submarine Server Core
Vendor: CVE Published:; 12 June 2024

Summary

An incorrect authorization vulnerability has been identified in Apache Submarine Server Core, affecting version 0.8.0 and later. As this project has been retired, no further support or patches will be provided to address this issue. Users operating this product are strongly advised to seek alternative solutions or implement stringent access restrictions to safeguard their instances. The lack of ongoing support emphasizes the importance of migrating to a maintained product to ensure continued protection against security threats.

Affected Version(s)

Apache Submarine Server Core 0.8.0

References

https://lists.apache.org/thread/prckhhst19qxof064hsm8cccx...

vendor-advisory

http://www.openwall.com/lists/oss-security/2024/06/12/3

EPSS Score

4% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 12, 2024

Collectors

NVD DatabaseMitre Database

Credit

L0ne1y