CISA Adds Known Exploited Vulnerabilities to Catalog - 20250205003¶
Overview¶
CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
What is the vulnerability?¶
| CVE | Product Vulnerabilities Identified | Version(s) | CVSS v4/v3 | Severity |
|---|---|---|---|---|
| CVE-2024-45195 | Apache OFBiz Forced Browsing Vulnerability | Apache OFBiz: before 18.12.16 | 7.5 | High |
| CVE-2024-29059 | Microsoft .NET Framework Information Disclosure Vulnerability | Microsoft .NET Framework 4.8: affected from 4.8.0 before 4.8.04690.02 | 7.5 | High |
| CVE-2018-9276 | Paessler PRTG Network Monitor OS Command Injection Vulnerability | PRTG Network Monitor: before 18.2.39 | 7.2 | High |
| CVE-2018-19410 | Paessler PRTG Network Monitor Local File Inclusion Vulnerability | PRTG Network Monitor: before 18.2.40.1683 | 9.8 | Critical |
What has been observed?¶
CISA has listed this vulnerabilty in their Known Exploited Vulnerabilties catalog.
Recommendation¶
Due to the report of active exploitation, it is strongly recommended to patch this vulnerability within 2 weeks across all affected platforms as per vendor instructions.