Saturday, February 8, 2025
HomeApacheCISA Adds Actively Exploited Apache and Microsoft Vulnerabilities to its Database

CISA Adds Actively Exploited Apache and Microsoft Vulnerabilities to its Database

Published on

SIEM as a Service

Follow Us on Google News

The Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities Catalog with several critical security flaws, prompting heightened vigilance among organizations using affected software platforms.

Among these newly added vulnerabilities are severe flaws in Apache OFBiz, Microsoft .NET Framework, and Paessler PRTG Network Monitor.

These vulnerabilities, if exploited, could enable attackers to gain unauthorized access, execute malicious commands, or expose sensitive information, posing significant security risks.

Apache OFBiz Forced Browsing Vulnerability (CVE-2024-45195)

CVE-2024-45195 highlights a forced browsing issue in Apache OFBiz, an open-source enterprise resource planning (ERP) system.

The vulnerability, identified under CWE-425 (Direct Request), allows remote attackers to bypass authentication protocols and access restricted resources without authorization.

While there is no evidence yet of this flaw being weaponized in ransomware attacks, CISA has recommended immediate action.

Organizations are urged to implement the mitigations provided by Apache or consider discontinuing the use of the product if no patch is available.

The deadline for remediation is February 25, 2025, to mitigate potential risks.

Microsoft .NET Framework Information Disclosure Flaw (CVE-2024-29059)

The Microsoft .NET Framework has also come under scrutiny for an information disclosure vulnerability, tracked as CVE-2024-29059.

This flaw occurs due to improper handling of sensitive information, specifically exposing the ObjRef URI to attackers.

Exploitation of this vulnerability could ultimately lead to remote code execution.

Classified under CWE-209 (Information Exposure Through an Error Message), the vulnerability could potentially allow attackers to target software relying on the .NET Framework.

Similar to the Apache vulnerability, there is no confirmation of active exploitation in ransomware campaigns.

Microsoft has advised applying vendor-recommended mitigations or ceasing the use of affected versions until a comprehensive fix is available.

CISA has also included two older vulnerabilities in Paessler’s PRTG Network Monitor—CVE-2018-9276 and CVE-2018-19410.

The first, an OS Command Injection flaw (CWE-78), allows attackers with administrative privileges to execute arbitrary commands via the system administrator web interface.

The second vulnerability, a Local File Inclusion issue (CWE-98), could enable unauthenticated attackers to gain remote access with administrator-level privileges by exploiting improperly handled file paths.

Despite their age, these flaws remain a critical concern due to their inherent risk to enterprise network environments, especially if unpatched.

Though none of these vulnerabilities have been definitively linked to ransomware campaigns, CISA’s inclusion of these flaws in its catalog underscores their potential exploitation by threat actors.

Organizations using affected software must proactively address these vulnerabilities by adhering to vendor-provided mitigations or discontinuing the use of unpatched systems.

The deadline for remediation, set for February 25, 2025, reflects the urgency of addressing these security risks to avert potential breaches.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free

Aman Mishra
Aman Mishra
Aman Mishra is a Security and privacy Reporter covering various data breach, cyber crime, malware, & vulnerability.

Latest articles

Autonomous LLMs Reshaping Pen Testing: Real-World AD Breaches and the Future of Cybersecurity

Large Language Models (LLMs) are transforming penetration testing (pen testing), leveraging their advanced reasoning...

Securing GAI-Driven Semantic Communications: A Novel Defense Against Backdoor Attacks

Semantic communication systems, powered by Generative AI (GAI), are transforming the way information is...

Cybercriminals Target IIS Servers to Spread BadIIS Malware

A recent wave of cyberattacks has revealed the exploitation of Microsoft Internet Information Services...

Hackers Leveraging Image & Video Attachments to Deliver Malware

Cybercriminals are increasingly exploiting image and video files to deliver malware, leveraging advanced techniques...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Autonomous LLMs Reshaping Pen Testing: Real-World AD Breaches and the Future of Cybersecurity

Large Language Models (LLMs) are transforming penetration testing (pen testing), leveraging their advanced reasoning...

Securing GAI-Driven Semantic Communications: A Novel Defense Against Backdoor Attacks

Semantic communication systems, powered by Generative AI (GAI), are transforming the way information is...

Cybercriminals Target IIS Servers to Spread BadIIS Malware

A recent wave of cyberattacks has revealed the exploitation of Microsoft Internet Information Services...