CVE-2021-45232 – Apache / APISIX – Missing authentication for critical function

January 6, 2022

CVE-2021-45232 is a missing authentication for critical function vulnerability impacting Apache APISIX versions 2.10.0 and earlier. An exploit was observed in open source and a link to an exploit was shared in the underground.

Summary:

CVE-2021-45232 is a missing authentication for critical function vulnerability impacting Apache APISIX versions 2.10.0 and earlier. An exploit was observed in open source and a link to an exploit was shared in the underground.

PoC Links(if available):

GitHub commit exploit –
https://github.com/wuppp/cve-2021-45232-exp

Known Counter Measures:

Apache addressed the vulnerability in APISIX version 2.10.1.

Links to patches(if available)

https://apisix.apache.org/downloads/

You may have missed

Basta

Black Basta Ransomware Victim: bdcm[.]com

April 30, 2024
ai checkout2

Smart devices: new law helps citizens to choose secure products

April 30, 2024
CISA Logo

CISA: CISA Releases Four Industrial Control Systems Advisories

April 30, 2024
CISA Logo

CISA: CISA and Partners Release Advisory on Akira Ransomware

April 30, 2024
CISA Logo

CISA: Oracle Releases Critical Patch Update Advisory for April 2024

April 30, 2024