Cybersecurity and US Infrastructure Agency (CISA) added Four Security Disads in Known Exploved Vulneration (Ship) Catalog, citing evidence of active exploitation in the wild.
The list of vulnerabilities is the following –
- Cve-2024-45195 (CVSS assessment: 7.5/9.8) – Forced vulnerability in Apache ofbiz, which allows remote attackers to gain unauthorized access and execute an arbitrary code on the server (fixed in September 2024)
- Cve-2024-29059 (CVSS assessment: 7.5) – vulnerability of information about disclosure in Microsoft .Net. March 2024)
- Cve-2018-9276 (CVSS assessment: 7.2) – vulnerability of the operating system in the network monitor April 2018)
- Cve-2018-19410 (CVSS assessment: 9.8) – vulnerability of local file enable in the network monitor April 2018)
Although these deficiencies have since been resolved by appropriate suppliers, there are currently no public messages on how they could be used in real attacks.
Federal Civil Executive Agency (FCEB) has called for the use of the necessary fixes by February 25, 2025 to protect against active threats.
