Vulnerability Management, Patch/Configuration Management

Updated CISA exploited vulnerabilities catalog adds several flaws

Share
binary code and magnifying glass

Five security flaws impacting Apache, Microsoft, and Oracle software have been added by the Cybersecurity and Infrastructure Security Agency to its Known Exploited Vulnerabilities catalog, with federal agencies urged to remediate all of the bugs by Oct. 9, Security Affairs reports.

Most recent of the newly added vulnerabilities is a critical remote command execution issue in Apache HugeGraph-Server, tracked as CVE-2024-27348, which could be leveraged to facilitate sandbox restriction evasion. Also part of the CISA advisory are a pair of critical RCEs in Oracle JDeveloper and WebLogic Server, tracked as CVE-2022-21445 and CVE-2020-14644, respectively, both of which could be exploited to allow software takeovers. On the other hand, threat actors could abuse a high-severity RCE flaw in Microsoft SQL Server Reporting Services, tracked as CVE-2020-0618, to permit arbitrary code execution following memory corruption flaw exploitation, while a high-severity bug in the Windows Task Scheduler, tracked as CVE-2019-1069, could allow privilege escalation.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.