The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding five critical vulnerabilities that are being actively exploited in the wild.
Organizations using affected products are urged to apply vendor-provided mitigations or discontinue use if no solutions are available.
The vulnerabilities affect several major software platforms and pose significant data security and system integrity risks.
CVE-2024-27348 – Apache HugeGraph-Server Vulnerability
CVE-2024-27348 highlights a critical improper access control vulnerability in Apache HugeGraph-Server. This flaw allows remote attackers to execute arbitrary code, potentially leading to unauthorized access and control over affected systems.
While it remains unclear if this vulnerability has been used in ransomware campaigns, CISA advises immediate action to mitigate risks.
Decoding Compliance: What CISOs Need to Know – Join Free Webinar
CVE-2020-0618 – Microsoft SQL Server Reporting Services Vulnerability
Identified as CVE-2020-0618, this vulnerability affects Microsoft SQL Server Reporting Services.
It involves a deserialization flaw that authenticated attackers can exploit to execute code with the privileges of the Report Server service account. Organizations using this service should prioritize applying patches or discontinue use if no patch is available.
CVE-2019-1069 – Microsoft Windows Task Scheduler Vulnerability
CVE-2019-1069 concerns a privilege escalation vulnerability in the Microsoft Windows Task Scheduler. By exploiting the SetJobFileSecurityByName() function, attackers can gain SYSTEM privileges.
Though its use in ransomware attacks is unknown, the potential impact makes it imperative for users to implement recommended mitigations promptly.
CVE-2022-21445 – Oracle JDeveloper Vulnerability
Oracle JDeveloper, part of the Fusion Middleware suite, is affected by CVE-2022-21445.
This remote code execution vulnerability arises from a deserialization issue in the ADF Faces component, allowing unauthenticated attackers to execute arbitrary code remotely.
Users are advised to follow Oracle’s guidance on mitigation measures.
CVE-2020-14644 – Oracle WebLogic Server Vulnerability
CVE-2020-14644 affects Oracle WebLogic Server, another component of the Fusion Middleware suite.
Unauthenticated attackers with network access via T3 or IIOP protocols can exploit this deserialization vulnerability, enabling remote code execution.
Organizations should urgently address this vulnerability by applying patches or considering alternative solutions.
CISA’s alert underscores the critical nature of these vulnerabilities and the need for immediate action.
The agency has set October 9, 2024, as the due date for organizations to apply necessary mitigations or discontinue the use of vulnerable products.
Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN - 14-day free trial