According to the U.S. Cybersecurity and Infrastructure Security Agency ( CISA ), which four security flaws to its Known Exploited Vulnerabilities ( ) list on Tuesday, the agency cited evidence of active exploitation in the wild.
The record of threats follows:
- A remote attacker can use arbitrary code to execute arbitrary code on the server by using a forced browsing vulnerability in Apache OFBiz ( CVSS score: 7.5/9.8 ) ( Fixed in September 2024 ).
- ( CVSS score: 7.5 )- An information disclosure vulnerability in Microsoft.NET Framework that could expose the ObjRef URI and lead to remote code execution ( Fixed in )
- ( CVSS score: 7.2 )- An operating system command injection vulnerability in the Paessler PRTG Network Monitor that enables a hacker to use the PRTG System Administrator web console to execute commands ( Fixed in ).
- ( CVSS score: 9.8 )- A local file inclusion vulnerability in Paessler PRTG Network Monitor that allows a remote, unauthenticated attacker to create users with read-write privileges ( Fixed in )
There are no current studies of how these flaws may have been exploited in real-world problems, despite the sellers ‘ efforts to address them.
Federal Civilian Executive Branch (FCEB ) organizations are being urged to implement the necessary fixes by February 25th, 2025 to protect against potential active threats.
Found this post exciting? Follow us on and Twitter to access more unique information we article.