CVE-2024-43441

high-risk

Published 2024-12-24

Authentication Bypass by Assumed-Immutable Data vulnerability in Apache HugeGraph-Server. This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.5.0. Users are recommended to upgrade to version 1.5.0, which fixes the issue.

Do I need to act?

90.2% chance of exploitation in next 30 days

EPSS score — higher than 10% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Fix available

Upgrade to: 8b90977f8d62efa34786928aad6721580dea9d51

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (1)

Hugegraph

Affected Vendors

Apache

References (2)

Mailing List https://lists.apache.org/thread/h2607yv32wgcrywov960jpxhvsmmlf12

Mailing List http://www.openwall.com/lists/oss-security/2024/12/24/2

/ 100

high-risk

Severity 32/34 · Critical

Exploitability 20/34 · Moderate

Exposure 5/34 · Minimal