One Article Review
| Source |  Cyble |
|---|---|
| Identifiant | 8647026 |
| Date de publication | 2025-02-05 12:25:39 (vue: 2025-02-05 13:08:15) |
| Titre | CISA Adds New Vulnerabilities to Known Exploited Vulnerabilities Catalog – Critical Updates Required |
| Texte | 
Overview
The Cybersecurity and Infrastructure Security Agency (CISA) has recently added four vulnerabilities to its Known Exploited Vulnerabilities Catalog. These vulnerabilities, identified in widely-used software products, have been actively exploited by cyber attackers.
With these updates, CISA highlights the importance of addressing these flaws promptly to mitigate the risks they pose, particularly to federal enterprises and other critical infrastructure sectors. The newly added vulnerabilities include CVE-2024-45195, CVE-2024-29059, CVE-2018-9276, and CVE-2018-19410, all of which could have severe consequences for the security of affected systems.
Detailed List of Vulnerabilities Highlighed in the Known Exploited Vulnerabilities Catalog
CVE-2024-45195: Apache OFBiz Forced Browsing Vulnerability
The first of the vulnerabilities, CVE-2024-45195, relates to a flaw in Apache OFBiz, an open-source enterprise resource planning (ERP) and e-commerce solution. This vulnerability is a forced browsing issue, where attackers can gain unauthorized access to certain parts of a website by bypassing security restrictions through direct URL requests. The flaw was discovered in Apache OFBiz versions before 18.12.16, and users are advised to upgrade to this version or later to mitigate the threat.
The vulnerability can allow attackers to gain unauthorized access to sensitive data by leveraging weak authorization mechanisms. It is listed in the CISA Known Exploited Vulnerabilities Catalog due to active exploitation, with evidence showing malicious actors targeting vulnerable systems to escalate privileges.
CVE-2024-29059: Microsoft .NET Framework Info |
| Notes | ★★★ |
| Envoyé | Oui |
| Condensat | 1683 19410 19410: 2018 2024 29059 29059: 300x150 45195 45195: 9276 9276: about access accessing actionable actions active actively actors added adding addition additionally address addressing adds administrative administrator advised affect affected affecting after agencies agency alerts all allow allowing allows also another apache arbitrary are attack attacker attackers attention authorization been before being better both breaches browsing businesses bypass bypassing can caption= catalog catalog certain cisa com/wp command commands commerce complete compromises compromising concern conclusion confirmed connected consequences content/uploads/2025/02/cisa continuous control could crafting create critical cutting cve cvss cyber cybercriminals cybersecurity cyble dark data delay detailed determining devices direct disclosure disclosure discovered driven due edge empowers encouraged enterprise enterprises entire erp error escalate evidence execute exploitation exploited exploiting federal file file= first flaw flaws forced four framework from gain handling has have helps high highlighed highlights http https://cyble identified image immediate impact importance include included including inclusion inclusion individuals information infrastructure inject injection injection insights intelligence involves issue its jpg known large later lead level leveraging lfi like list listed local making malformed malicious management mechanisms medium microsoft mitigate monitor monitoring must need net network networked networks new newly ofbiz offers older once ongoing open operating organizations other over overview paessler parameters particularly parts patch patching perform planning platform platforms pose posture potential potentially powerful prevent prior privileged privileges products promptly protect protected providing prtg read recently regularly reinforcing relates relying requests required required resource restrictions risks running score second sectors security sending sensitive serious server severe showing significant software solution source space specifically stay stored strengthen such surface system systems targeted targeting technologies these threat through timely title= tools trends unauthenticated unauthorized update updates upgrade url used users vector version versions vision vulnerabilities vulnerability vulnerability vulnerable weak weaknesses web website where which widely widespread windows within without write |
| Tags | Tool Vulnerability Threat Patching |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.