According to the U.S. Cybersecurity and Infrastructure Security Agency ( CISA ), which four security flaws to its Known Exploited Vulnerabilities ( ) list on Tuesday, the agency cited evidence of active exploitation in the wild.
The record of flaws is as follows:
- A remote attacker can use arbitrary code to execute arbitrary code on the server by leveraging CVE-2024-45195 ( CVSS score: 7.5/9.8 ) in Apache OFBiz.
- ( CVSS score: 7.5 )- An information disclosure vulnerability in Microsoft.NET Framework that could expose the ObjRef URI and lead to remote code execution ( Fixed in )
- ( CVSS score: 7.2 )- An operating system command injection vulnerability in the Paessler PRTG Network Monitor that enables a hacker with administrative rights to execute commands from the PRTG System Administrator web console ( Fixed in ).
- ( CVSS score: 9.8 )- A local file inclusion vulnerability in Paessler PRTG Network Monitor that allows a remote, unauthenticated attacker to create users with read-write privileges ( Fixed in )
Although the individual vendors have since addressed these issues, there are no current open reports regarding how they might have been used in real-world attacks.
Federal Civilian Executive Branch (FCEB ) organizations are urged to implement the necessary fixes by February 25th, 2025, to protect against potential active threats.
Found this post interesting? Following us on and Twitter to access more unique content.