Hackers Set Sights on Apache NiFi Flaw That Exposes Many Organizations to Attacks

A high-severity remote code execution (RCE) vulnerability in Apache NiFi, for which an exploitation tool already exists, can lead to unauthorized access and data breaches, cybersecurity firm Cyfirma warns. An open-source data integration and automation tool, Apache NiFi is used for the processing and distribution of data. Tracked as CVE-2023-34468 (CVSS score of 8.8) and addressed in June 2023, the issue can be exploited by authenticated users to “configure a database URL with the H2 driver that enables custom code execution”. The issue exists because certain NiFi services support configurable access to databases using JDBC and because any string could be introduced when setting properties such as the connection URL. This essentially allows an attacker to craft connection strings for H2 – an embedded Java-based database typically used in Apache NiFi – to execute code remotely on vulnerable NiFi instances and gain unauthorized access to systems and data.