CVE-2024-36265
** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Submarine Server Core. This issue affects Apache Submarine
CVSS
9.8
Critical
EPSS
0.7%
p50
KEV
—
Exploit Today
15
0-100
Published: Jun 12, 2024 · Last modified: Jul 14, 2026 · CWE-863
** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Submarine Server Core. This issue affects Apache Submarine Server Core: from 0.8.0. An attacker can bypass authentication by sending specially crafted REST requests. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.