CVE detail
CVE-2024-27348: Apache HugeGraph-Server Improper Access Control Vulnerability
Source: CISA Known Exploited Vulnerabilities catalog · back to feed
Vendor / product
Apache · HugeGraph-Server
- Date added (KEV)
- Sep 18, 2024
- CISA due date
- Oct 09, 2024
- Ransomware campaign use
- Unknown
Required action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Vendor fix: Vendor advisory
Scorifya interpretation
AI-generatedA short, structured read of the record above — generated when this page first loads, then cached for a week.
Plain English
Technical detail
From CISA
Apache HugeGraph-Server contains an improper access control vulnerability that could allow a remote attacker to execute arbitrary code.
This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://lists.apache.org/thread/nx6g6htyhpgtzsocybm242781o8w5kq9 ; https://nvd.nist.gov/vuln/detail/CVE-2024-27348
References
- https://lists.apache.org/thread/nx6g6htyhpgtzsocybm242781o8w5kq9Mailing ListVendor Advisory
- https://lists.apache.org/thread/nx6g6htyhpgtzsocybm242781o8w5kq9Mailing ListVendor Advisory
- http://www.openwall.com/lists/oss-security/2024/04/22/3Mailing ListThird Party Advisory
- https://hugegraph.apache.org/docs/config/config-authentication/#configure-user-authenticationProduct
- http://www.openwall.com/lists/oss-security/2024/04/22/3
Other recent CVEs from Apache
- CVE-2026-34197ActiveMQ — Apache ActiveMQ Improper Input Validation Vulnerability
- CVE-2024-38475HTTP Server — Apache HTTP Server Improper Escaping of Output Vulnerability
- CVE-2025-24813Tomcat — Apache Tomcat Path Equivalence Vulnerability
- CVE-2024-45195OFBiz — Apache OFBiz Forced Browsing Vulnerability
- CVE-2024-38856OFBiz — Apache OFBiz Incorrect Authorization Vulnerability
Check your domain's public posture
Scorifya doesn't test for specific CVEs, but if patching Apache changed your headers or TLS, a fresh hardening scan helps confirm nothing regressed externally.