all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Apache Ivy Injection Flaw Let Attackers Exfiltrate Sensitive Data

Add to bookmarks
Aug. 22, 2023, 2:31 p.m. | Eswar

GBHackers On Security gbhackers.com

A blind XPath injection vulnerability was discovered in Apache Software Foundation Apache Ivy, which allows threat actors to exfiltrate data and access sensitive information that is restricted to only the machine that runs Apache Ivy. This vulnerability exists in the parsing of XML files in versions lesser than 2.5.2 while parsing its own configuration, Maven […]


The post Apache Ivy Injection Flaw Let Attackers Exfiltrate Sensitive Data appeared first on GBHackers - Latest Cyber Security News | Hacker News.

access apache apache software foundation attackers data exfiltrate data files flaw foundation information injection injection flaw machine parsing restricted sensitive data sensitive information software threat threat actors vulnerability xml

Visit resource

More from gbhackers.com / GBHackers On Security

Mal.Metrica Malware Hijacks 17,000+ WordPress Sites 15 hours ago | gbhackers.com
attackers bypassing captcha captchas +25
Hackers Exploit Microsoft Graph API For C&C Communications 16 hours ago | gbhackers.com
amp analysts api called +28
ApacheMQ Authentication Flaw Let Unauthorized Users Perform Multiple Actions 16 hours ago | gbhackers.com
actions activemq apache apache activemq +20
68% of Data Breach Occurs Due to Social Engineering Attacks 16 hours ago | gbhackers.com
attacks breach breaches cyber +20
U.S. Govt Warns of Massive Social Engineering Attack from North Korean Hackers 20 hours ago | gbhackers.com
advanced advisory agency attack +31
Cisco IP Phone Vulnerability Let Attackers Trigger DoS Attack 22 hours ago | gbhackers.com
access attack attackers attacks +24
Threat Actors Renting Out Compromised Routers To Other Criminals 22 hours ago | gbhackers.com
anonymization apt apt group botnet +27
New “Goldoon” Botnet Hijacking D-Link Routers to Use for Other Attacks 23 hours ago | gbhackers.com
april attacks botnet control +23
LayerX Security Raises $24M for its Browser Security Platform, Enabling Employees to Work Securely From … 1 day, 14 hours ago | gbhackers.com
browser browser security capital cyber security +24

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Security Specialist

@ Nestlé | St. Louis, MO, US, 63164
View on infosec-jobs.com

Cybersecurity Analyst

@ Dana Incorporated | Pune, MH, IN, 411057
View on infosec-jobs.com

Sr. Application Security Engineer

@ CyberCube | United States
View on infosec-jobs.com

Linux DevSecOps Administrator (Remote)

@ Accenture Federal Services | Arlington, VA
View on infosec-jobs.com

Cyber Security Intern or Co-op

@ Langan | Parsippany, NJ, US, 07054-2172
View on infosec-jobs.com

Security Advocate - Application Security

@ Datadog | New York, USA, Remote
View on infosec-jobs.com
View more jobs