Cequence Security reports critical flaw in AppDynamics
Take action: If you are running Cisco AppDynamics, reach out to the vendor for all relevant patches and plan an update of your AppDynamics infrastructure.
Learn More
Cequence Security reports a critical vulnerability in AppDynamics, exposing the IT infrastructure of a large food and drug retailer.
This vulnerability, discovered on May 9, 2024, exposed sensitive data through four subdomains that inadvertently revealed an actuator endpoint. The exposure carried a CVSS score of 9.8, underscoring its high severity, but CVE is not disclosed. The vulnerability has since been patched with support from Cequence’s security team.
AppDynamics, owned by Cisco is an Application Performance Management (APM) and IT operations analytics platform designed to monitor and optimize the performance of applications across cloud and on-premises environments.
The issue centered around the retailer’s access to AppDynamics, an observability platform used for application performance monitoring. By accessing the exposed actuator endpoint, unauthorized parties could retrieve root passwords and administrative credentials from heap dumps, which provide snapshots of active system objects. This access could lead to significant exploitation opportunities, including:
Malicious actors could then add or remove employee login access, modify permissions, and control other administrative functions within AppDynamics. Attackers could also track traffic across all applications, gaining insights into online orders, in-store transactions, and customer activity and view or export sensitive data, potentially leading to breaches.
The retailer is not disclosed, but users of AppDynamics should review their systems and apply all relevant patches.
