CVE-2024-45387

Name of the Vulnerable Software and Affected Versions Apache Traffic Control versions 8.0.0 through 8.0.1

Description A critical SQL injection vulnerability in Apache Traffic Control allows a privileged user with roles such as "admin", "federation", "operations", "portal", or "steering" to execute arbitrary SQL against the database by sending a specially crafted PUT request. This flaw can be easily exploited, potentially compromising sensitive data and disrupting critical services. It is estimated that over 365,000 services may be affected.

Recommendations Update to version 8.0.2 as soon as possible to patch the vulnerability. Audit access permissions for high-risk roles. Double-check database configurations for security loopholes.