CVSS: 9.8EPSS: 35%CPEs: 1EXPL: 0CVE-2024-43441 – Apache HugeGraph-Server: Fixed JWT Token(Secret)
https://notcve.org/view.php?id=CVE-2024-43441
24 Dec 2024 — Authentication Bypass by Assumed-Immutable Data vulnerability in Apache HugeGraph-Server. This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.5.0. Users are recommended to upgrade to version 1.5.0, which fixes the issue. • https://lists.apache.org/thread/h2607yv32wgcrywov960jpxhvsmmlf12 • CWE-302: Authentication Bypass by Assumed-Immutable Data •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27349 – Apache HugeGraph-Server: Bypass whitelist in Auth mode
https://notcve.org/view.php?id=CVE-2024-27349
22 Apr 2024 — Authentication Bypass by Spoofing vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0. Users are recommended to upgrade to version 1.3.0, which fixes the issue. Vulnerabilidad de omisión de autenticación mediante suplantación de identidad en Apache HugeGraph-Server. Este problema afecta a Apache HugeGraph-Server: desde 1.0.0 antes de 1.3.0. Se recomienda a los usuarios actualizar a la versión 1.3.0, que soluciona el problema. • http://www.openwall.com/lists/oss-security/2024/04/22/4 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 10.0EPSS: 94%CPEs: 1EXPL: 8CVE-2024-27348 – Apache HugeGraph-Server Improper Access Control Vulnerability
https://notcve.org/view.php?id=CVE-2024-27348
22 Apr 2024 — RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11 Users are recommended to upgrade to version 1.3.0 with Java11 & enable the Auth system, which fixes the issue. Vulnerabilidad de ejecución remota de comandos RCE en Apache HugeGraph-Server. Este problema afecta a Apache HugeGraph-Server: desde 1.0.0 antes de 1.3.0 en Java8 y Java11. Se recomienda a los usuarios actualizar a la versión 1.3.0 con Java11 y ... • https://packetstorm.news/files/id/178986 • CWE-284: Improper Access Control •