Connect with us

Hi, what are you looking for?



Hackers Set Sights on Apache NiFi Flaw That Exposes Many Organizations to Attacks

Hackers have set their sights on CVE-2023-34468, an RCE vulnerability in Apache NiFi that impacts thousands of organizations. 

A high-severity remote code execution (RCE) vulnerability in Apache NiFi, for which an exploitation tool already exists, can lead to unauthorized access and data breaches, cybersecurity firm Cyfirma warns.

An open-source data integration and automation tool, Apache NiFi is used for the processing and distribution of data.

Tracked as CVE-2023-34468 (CVSS score of 8.8) and addressed in June 2023, the issue can be exploited by authenticated users to “configure a database URL with the H2 driver that enables custom code execution”.

The issue exists because certain NiFi services support configurable access to databases using JDBC and because any string could be introduced when setting properties such as the connection URL.

This essentially allows an attacker to craft connection strings for H2 – an embedded Java-based database typically used in Apache NiFi – to execute code remotely on vulnerable NiFi instances and gain unauthorized access to systems and data.

“The impact of this vulnerability is severe, as it grants attackers the ability to gain unauthorized access to systems, exfiltrate sensitive data, and execute malicious code remotely,” Cyfirma notes in an analysis of the bug and its exploitation.

The bug impacts NiFi versions 0.0.2 through 1.21.0 and was addressed with the release of NiFi version 1.22.0, which “disables H2 JDBC URLs in the default configuration”.

As of August 30, a public exploit exists for this vulnerability, but no malicious exploitation of the flaw has been observed to date, Cyfirma notes.

Advertisement. Scroll to continue reading.

However, considering the severity and impact of the bug, and the fact that vulnerabilities in similar software products are known to have been exploited in malicious attacks, organizations are advised to update their NiFi instances and remain vigilant of potential exploitation attempts.

“It is important to acknowledge that threat actors may attempt to exploit CVE-2023-34468 in Apache NiFi. This could lead to unauthorized access, data breaches, or network compromise. Organizations should take this risk seriously and apply patches or updates to secure their systems,” Cyfirma notes.

In fact, Cyfirma notes that it has observed cyber actors “actively discussing or exploiting CVE-2023-34468” on the dark web and that the attack complexity level for this bug is low.

The cybersecurity firm has identified roughly 2,700 Apache NiFi instances exposed to the internet, belonging to organizations in various sectors, including finance, government, healthcare, telecommunications, and others.

Related: Azure HDInsight Flaws Allowed Data Access, Session Hijacking, Payload Delivery

Related: OpenMeetings Flaws Allow Hackers to Hijack Instances, Execute Code on Servers

Related: Organizations Warned of Security Risk in Default Apache Superset Configurations

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...


A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...


Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.