The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, highlighting the continued threat that these security gaps pose to organizations worldwide. These vulnerabilities have been flagged due to active exploitation, making them critical targets for cybercriminals seeking to infiltrate and damage federal and private-sector systems alike.
The vulnerabilities are identified as CVE-2024-27348 (Apache HugeGraph-Server Improper Access Control Vulnerability), CVE-2020-0618 (Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability), CVE-2019-1069 (Microsoft Windows Task Scheduler Privilege Escalation Vulnerability), CVE-2022-21445 (Oracle JDeveloper Remote Code Execution Vulnerability), and CVE-2020-14644 (Oracle WebLogic Server Remote Code Execution Vulnerability).
All five present significant risks and are actively being targeted by malicious actors, according to CISA’s evidence of exploitation.
CISA’s Known Exploited Vulnerabilities Catalog, which is updated regularly, highlights Common Vulnerabilities and Exposures (CVEs) that pose an immediate risk to organizations and their IT infrastructure. Each newly identified vulnerability, if left unaddressed, could lead to severe consequences such as unauthorized access, privilege escalation, and even remote code execution, potentially crippling networks, leaking sensitive information, or causing widespread operational disruptions.
Breaking Down New Vulnerabilities
1. CVE-2024-27348: Apache HugeGraph-Server Improper Access Control Vulnerability
Apache HugeGraph-Server, a graph database management system, suffers from an improper access control vulnerability that could allow remote attackers to execute arbitrary code on an affected server. The flaw stems from insufficient restrictions on access control mechanisms, opening a path for attackers to exploit the system remotely.
Action Required: Organizations using Apache HugeGraph-Server should immediately apply the vendor-provided mitigations to patch this vulnerability. If no patch is available, discontinuing the use of this product is advised to avoid potential compromise.
2. CVE-2020-0618: Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability
This vulnerability affects Microsoft SQL Server Reporting Services, where a deserialization flaw allows an authenticated attacker to execute arbitrary code on the server. By improperly handling page requests, the service becomes vulnerable to remote code execution, placing the server’s data and functionality at risk.
Action Required: Microsoft has issued guidance on how to mitigate this vulnerability. Organizations must promptly apply these mitigations to secure their systems. If mitigation isn’t feasible, discontinuing use is the recommended course of action to protect the network from exploitation.
3. CVE-2019-1069: Microsoft Windows Task Scheduler Privilege Escalation Vulnerability
Microsoft Windows Task Scheduler, a core system utility, contains a flaw in the SetJobFileSecurityByName() function, which could enable a local, authenticated attacker to gain elevated SYSTEM privileges. This elevation could provide the attacker with full control over the affected system, allowing for far-reaching malicious activities.
Action Required: Organizations should implement Microsoft’s recommended patches or security updates. Failure to address this issue could leave the system open to severe privilege escalation, allowing attackers to execute commands with SYSTEM-level privileges.
4. CVE-2022-21445: Oracle JDeveloper Remote Code Execution Vulnerability
A remote code execution vulnerability has been identified in Oracle JDeveloper, a popular development tool within Oracle’s Fusion Middleware suite. The vulnerability lies within the ADF Faces component, which suffers from deserialization flaws. These weaknesses can be exploited remotely, potentially allowing attackers to execute malicious code without the need for authentication.
Action Required: Oracle users should follow the recommended steps provided in Oracle’s advisory to mitigate this vulnerability. If mitigations are unavailable or ineffective, organizations should consider discontinuing the use of Oracle JDeveloper to prevent remote exploitation.
5. CVE-2020-14644: Oracle WebLogic Server Remote Code Execution Vulnerability
Another critical vulnerability identified in Oracle’s Fusion Middleware suite affects the WebLogic Server. This remote code execution vulnerability allows attackers to exploit deserialization weaknesses, enabling unauthenticated remote access via T3 or IIOP protocols. This can lead to the compromise of the entire server.
Action Required: Oracle has issued a patch for this vulnerability. Immediate application of this patch is essential for ensuring system security. As with the other vulnerabilities, if no patch or workaround is available, discontinuing the use of the product is strongly recommended to avoid an attack.
A Call to Action for Federal Agencies and Beyond
The addition of these vulnerabilities to the Known Exploited Vulnerabilities Catalog comes under CISA’s Binding Operational Directive (BOD) 22-01, which mandates that Federal Civilian Executive Branch (FCEB) agencies address and remediate these vulnerabilities by a set due date. This is part of an ongoing effort to protect federal networks from active cyber threats.
Although BOD 22-01 specifically applies to FCEB agencies, CISA urges all organizations—both public and private—to adopt the same level of diligence. With the increasing sophistication of cyberattacks, organizations cannot afford to leave these vulnerabilities unpatched. Implementing timely remediation and incorporating vulnerability management practices are vital steps to protecting networks from exploitation.
Understanding the Broader Impact of These Vulnerabilities
Vulnerabilities like the ones listed above are often the most popular entry points for cybercriminals. Whether it’s through improper access controls, privilege escalation, or remote code execution, these security flaws present significant risks to any organization handling sensitive data or operating complex systems.
If exploited, such vulnerabilities can result in:
- Data breaches: Leading to the exposure of sensitive or personal information.
- Operational disruptions: As attackers could seize control of servers, halt services, or demand ransoms.
- Reputational damage: Companies that fall victim to cyberattacks often suffer long-term damage to their reputation and customer trust.
- Legal and financial consequences: Non-compliance with security standards, such as failing to address known vulnerabilities, could result in heavy fines and legal action.
The continued addition of vulnerabilities to CISA’s Known Exploited Vulnerabilities Catalog is a reminder of the importance of proactive cybersecurity measures. Organizations must prioritize remediation and keep their systems updated to prevent these threats from wreaking havoc on their networks.
