TheCyberThrone Security Weekly Review – January 04, 2025

Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings. This review is for the week ending Saturday, January 04, 2025.

CVE-2024-56512 impacts Apache NiFi

CVE-2024-56512 is a security vulnerability identified in Apache NiFi, specifically affecting versions 1.10.0 through 2.0.0. This vulnerability is due to missing fine-grained authorization checks when creating new Process Groups.

Nature of the Vulnerability

When creating a new Process Group in Apache NiFi, the framework did not perform authorization checks for the following:

• Parameter Contexts: These are collections of parameters that can be referenced by NiFi components.
• Referenced Controller Services: These provide shared services like database connections that can be used by various components.
• Referenced Parameter Providers: These allow for external parameter management…..

CVE-2024-21182: Oracle WebLogic Server Flaw Exploit Code Released

CVE-2024-21182 is a high-severity vulnerability identified in Oracle WebLogic Server. This security flaw affects specific versions of the software, namely Oracle WebLogic Server 12.2.1.4.0 and 14.1.1.0.0. The vulnerability allows remote attackers to exploit the system without requiring authentication, thereby gaining unauthorized access.

Technical Details:

The vulnerability is primarily associated with the T3 and IIOP (Internet Inter-ORB Protocol) protocols used by Oracle WebLogic Server. These protocols are responsible for enabling communication between the server and its clients. By sending specially crafted data packets through these protocols, attackers can exploit the vulnerability, leading to potential server compromise….

CVE-2024-49112 POC Code Released

The CVE-2024-49112 vulnerability, identified as LDAPNightmare, has seen the release of a Proof-of-Concept (PoC) code by SafeBreach Labs. This particular security flaw is critical as it affects the Windows Lightweight Directory Access Protocol (LDAP) system, which is a fundamental component of Windows Servers, including Domain Controllers.

Overview

CVE-2024-49112 is classified as a critical integer overflow vulnerability. Such vulnerabilities occur when an arithmetic operation attempts to create a numeric value that is outside the range that can be represented with a given number of bits. In this case, the integer overflow happens within the LDAP service, making the servers susceptible to remote code execution (RCE)….

Exploit Code released for Apache Traffic Control Flaw CVE-2024-45387

What is CVE-2024-45387?

CVE-2024-45387 is a critical vulnerability identified in Apache Traffic Control, specifically affecting the Traffic Ops module in versions 8.0.0 to 8.0.1. The nature of this vulnerability is an SQL injection flaw, which allows an attacker to inject and execute arbitrary SQL commands against the backend database.

How Does the Exploit Work?

The exploit leverages a specially crafted PUT request that is sent to the Traffic Ops API endpoint. By manipulating the payload of this request, a privileged user can inject malicious SQL commands. These commands can then be executed by the server, potentially leading to unauthorized data access, data manipulation, or even complete database compromise…..

CVE-2024-49113: PoC Exploit Code Released

The CVE-2024-49113 vulnerability is a significant Denial of Service (DoS) issue found in the Windows Lightweight Directory Access Protocol (LDAP). SafeBreach Labs developed the exploit code, which has now been released publicly. This vulnerability, if exploited, can lead to the crashing and rebooting of unpatched Windows Servers, including critical components like Active Directory Domain Controllers (DCs)…..

This brings the end of this week in review security coverage. Thanks for visiting TheCyberThrone. If you like us, please follow us on Facebook, Twitter, Instagram