CVE-2024-45387

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Dec 23, 2024

Updated: Feb 11, 2025

CWE ID 285

CWE ID 89

Summary

CVE-2024-45387 is an SQL injection vulnerability affecting Apache Traffic Control's Traffic Ops component, versions 8.0.0 and 8.0.1. This issue allows privileged users with roles "admin", "federation", "operations", "portal", or "steering" to execute arbitrary SQL queries against the database via a maliciously crafted PUT request. Users are strongly advised to upgrade to Apache Traffic Control 8.0.2 to mitigate this risk. This vulnerability could potentially lead to data exposure, manipulation, or unauthorized access to the affected system.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Apache Traffic Control

Affected Vendors

Apache Software Foundation

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Predator Still Active, with New Client and Corporate Links Identified

Know What Matters

For Customers

For Partners