Security News > 2024 > December > Critical SQL Injection Vulnerability in Apache Traffic Control Rated 9.9 CVSS — Patch Now

Critical SQL Injection Vulnerability in Apache Traffic Control Rated 9.9 CVSS — Patch Now
2024-12-25 13:30

The Apache Software Foundation (ASF) has shipped security updates to address a critical security flaw in Traffic Control that, if successfully exploited, could allow an attacker to execute arbitrary Structured Query Language (SQL) commands in the database. The SQL injection vulnerability, tracked as CVE-2024-45387, is rated 9.9 out of 10.0 on the CVSS scoring system. "An SQL injection


News URL

https://thehackernews.com/2024/12/critical-sql-injection-vulnerability-in.html

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-12-23 CVE-2024-45387 SQL Injection vulnerability in Apache Traffic Control 8.0.0/8.0.1
An SQL injection vulnerability in Traffic Ops in Apache Traffic Control <= 8.0.1, >= 8.0.0 allows a privileged user with role "admin", "federation", "operations", "portal", or "steering" to execute arbitrary SQL against the database by sending a specially-crafted PUT request. Users are recommended to upgrade to version Apache Traffic Control 8.0.2 if you run an affected version of Traffic Ops.
network
low complexity
apache CWE-89
8.8
8.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apache 283 13 567 725 381 1686