all InfoSec news
Active Exploitation of Apache RocketMQ updateConfig Command Execution Vulnerability (CVE-2023-33246)
July 6, 2023, 4:52 p.m. |
FortiGuard Labs | FortiGuard Center - Threat Signal Report fortiguard.fortinet.com
Apache RocketMQ is an open-source distributed messaging middleware developed by the Alibaba. It was later donated to Apache.
What is the Attack?
CVE-2023-33246 is a command injection vulnerability that affects Apache RocketMQ versions 5.1 and lower. Successful exploitation of the vulnerability allows a remote attacker to execute commands as the system user under which RocketMQ is running by using the update configuration function.
Why is this Significant?
This is significant because CVE-2023-33246 is reportedly being …
alibaba apache attack command command injection cve distributed exploitation injection messaging middleware vmware vulnerability what is
More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - Threat Signal Report
Jobs in InfoSec / Cybersecurity
Social Engineer For Reverse Engineering Exploit Study
@ Independent study | Remote
Senior Software Engineer, Security
@ Niantic | Zürich, Switzerland
Consultant expert en sécurité des systèmes industriels (H/F)
@ Devoteam | Levallois-Perret, France
Cybersecurity Analyst
@ Bally's | Providence, Rhode Island, United States
Digital Trust Cyber Defense Executive
@ KPMG India | Gurgaon, Haryana, India
Program Manager - Cybersecurity Assessment Services
@ TestPros | Remote (and DMV), DC