CVE-2024-36265: CWE-863 Incorrect Authorization in Apache Software Foundation Apache Submarine Server Core
CVE-2024-36265 is a critical incorrect authorization vulnerability in Apache Submarine Server Core version 0.8.0. An attacker can bypass authentication by sending specially crafted REST requests. The project is retired and no fix will be released. Users should restrict access to trusted users or find alternatives.
AI Analysis
Technical Summary
CVE-2024-36265 affects Apache Submarine Server Core version 0.8.0 and allows an attacker to bypass authentication via specially crafted REST requests, resulting in incorrect authorization (CWE-863). The vulnerability has a CVSS 3.1 base score of 9.8, indicating critical impact on confidentiality, integrity, and availability. Since the project is retired, no patch or official fix will be provided. Users are advised to restrict access to trusted users or migrate to alternative solutions.
Potential Impact
Successful exploitation allows unauthenticated attackers to bypass authentication controls, potentially gaining full unauthorized access to the affected Apache Submarine Server Core instance. This compromises confidentiality, integrity, and availability of the system. Because the product is no longer supported, the vulnerability remains unpatched.
Mitigation Recommendations
No official fix or patch is available because the Apache Submarine Server Core project is retired. Users should restrict access to the affected instance to trusted users only or migrate to alternative supported solutions to mitigate risk.
CVE-2024-36265: CWE-863 Incorrect Authorization in Apache Software Foundation Apache Submarine Server Core
Description
CVE-2024-36265 is a critical incorrect authorization vulnerability in Apache Submarine Server Core version 0.8.0. An attacker can bypass authentication by sending specially crafted REST requests. The project is retired and no fix will be released. Users should restrict access to trusted users or find alternatives.
CVSS v3.1
Score 9.8critical
Affected software
pkg:maven/Apache Software Foundation/org.apache.submarine:submarine-server-coreRun on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2024-36265 affects Apache Submarine Server Core version 0.8.0 and allows an attacker to bypass authentication via specially crafted REST requests, resulting in incorrect authorization (CWE-863). The vulnerability has a CVSS 3.1 base score of 9.8, indicating critical impact on confidentiality, integrity, and availability. Since the project is retired, no patch or official fix will be provided. Users are advised to restrict access to trusted users or migrate to alternative solutions.
Potential Impact
Successful exploitation allows unauthenticated attackers to bypass authentication controls, potentially gaining full unauthorized access to the affected Apache Submarine Server Core instance. This compromises confidentiality, integrity, and availability of the system. Because the product is no longer supported, the vulnerability remains unpatched.
Mitigation Recommendations
No official fix or patch is available because the Apache Submarine Server Core project is retired. Users should restrict access to the affected instance to trusted users only or migrate to alternative supported solutions to mitigate risk.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- apache
- Date Reserved
- 2024-05-22T10:11:18.013Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a56106268715ace43515fff
Added to database: 07/14/2026, 10:33:06 UTC
Last enriched: 07/14/2026, 10:47:28 UTC
Last updated: 07/14/2026, 10:51:19 UTC
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.