CISA Warns of Actively Exploited Apache, Microsoft, and Oracle Vulnerabilities

Oracle WebLogic

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning to federal agencies and organizations worldwide: five newly identified security vulnerabilities are being actively exploited by malicious actors. These flaws, recently added to the Known Exploited Vulnerabilities (KEV) catalog, span a range of popular software and pose a significant risk to unpatched systems.

Apache HugeGraph-Server Under Siege

Among the most concerning is CVE-2024-27348, a remote code execution (RCE) vulnerability in Apache HugeGraph-Server. This flaw, rated with a critical CVSS score of 9.8, allows attackers to bypass security measures and execute malicious code on affected systems. The situation is exacerbated by the availability of a proof-of-concept exploit, making it easier for threat actors to launch attacks.

Microsoft and Oracle Products Also Targeted

Microsoft products are also in the crosshairs. CVE-2020-0618, an RCE vulnerability in Microsoft SQL Server Reporting Services, and CVE-2019-1069, a privilege escalation flaw in Microsoft Windows Task Scheduler, are both being actively exploited.

Oracle users are not immune either. CVE-2022-21445 and CVE-2020-14644, both critical RCE vulnerabilities affecting Oracle JDeveloper and Oracle WebLogic Server respectively, have also been added to the KEV catalog.

The Urgency of Patching

The active exploitation of these vulnerabilities underscores the critical importance of timely patching. CISA has mandated that federal agencies address these flaws by October 9, 2024. However, all organizations are strongly urged to apply the necessary updates as soon as possible to protect their systems and data from compromise.

Related Posts: