CISA Adds Critical RocketMQ Bug to Must-Patch List

All federal civilian agencies are required by US law to correct a serious Apache RocketMQ flaw that is currently being used in the field. In its list of known exploited vulnerabilities, the US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2023-33246. It implies that private businesses are urged to do the same, but government organizations have until September 27 to install a vendor patch to compromised systems.

Versions 5.1.0 and earlier of the well-known distributed messaging and streaming platform are affected by the problem. It received a CVSS score of 9.8. NameServer, Broker, and Controller are just a few of the RocketMQ components that lack permission verification and are exposed on the extranet. This flaw can be used by an attacker to execute commands as the system by exploiting the update configuration function.

CISA Adds Critical RocketMQ Bug to Must-Patch List

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address

CISA Adds Critical RocketMQ Bug to Must-Patch List

08-Sep-23

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address