CVE-2024-36265 – Apache Submarine Server Core: authorization bypass
https://notcve.org/view.php?id=CVE-2024-36265
Incorrect Authorization vulnerability in Apache Submarine Server Core. This issue affects Apache Submarine Server Core: from 0.8.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Vulnerabilidad de autorización incorrecta en Apache Submarine Server Core. Este problema afecta a Apache Submarine Server Core: desde 0.8.0. Como este proyecto está retirado, no planeamos lanzar una versión que solucione este problema. • http://www.openwall.com/lists/oss-security/2024/06/12/3 https://lists.apache.org/thread/prckhhst19qxof064hsm8cccxtofvflz • CWE-863: Incorrect Authorization •
CVE-2024-36263 – Apache Submarine Server Core: SQL injection
https://notcve.org/view.php?id=CVE-2024-36263
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Submarine Server Core. This issue affects Apache Submarine Server Core: all versions. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ("inyección SQL") en Apache Submarine Server Core. Este problema afecta a Apache Submarine Server Core: todas las versiones. Como este proyecto está retirado, no planeamos lanzar una versión que solucione este problema. • http://www.openwall.com/lists/oss-security/2024/06/12/1 https://github.com/apache/submarine/pull/1121 https://lists.apache.org/thread/8q9kbdg9gk9kpz5p8x6t7q8709l3vrmt • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •