The U.S. Cybersecurity and Infrastructure Safety Company (CISA) on Tuesday added 4 safety flaws to its Identified Exploited Vulnerabilities (KEV) catalog, citing proof of lively exploitation within the wild.
The record of vulnerabilities is as follows –
- CVE-2024-45195 (CVSS rating: 7.5/9.8) – A compelled looking vulnerability in Apache OFBiz that permits a distant attacker to acquire unauthorized entry and execute arbitrary code on the server (Mounted in September 2024)
- CVE-2024-29059 (CVSS rating: 7.5) – An info disclosure vulnerability in Microsoft .NET Framework that would expose the ObjRef URI and result in distant code execution (Mounted in March 2024)
- CVE-2018-9276 (CVSS rating: 7.2) – An working system command injection vulnerability in Paessler PRTG Community Monitor that permits an attacker with administrative privileges to execute instructions by way of the PRTG System Administrator internet console (Mounted in April 2018)
- CVE-2018-19410 (CVSS rating: 9.8) – An area file inclusion vulnerability in Paessler PRTG Community Monitor that permits a distant, unauthenticated attacker to create customers with read-write privileges (Mounted in April 2018)
Though these shortcomings have since been addressed by the respective distributors, there are at present no public stories about how they could have been exploited in real-world assaults.
Federal Civilian Government Department (FCEB) companies have been urged to use the required fixes by February 25, 2025, to safeguard towards lively threats.
Source link