Summary: The US Cybersecurity & Infrastructure Security Agency (CISA) has added four vulnerabilities to its Known Exploited Vulnerabilities catalog, urging immediate attention from federal agencies and large organizations. Among these are critical flaws in Microsoft .NET Framework and Apache OFBiz, which have been marked as actively exploited but lack detailed information on the exploitation. CISA has set a patching deadline of February 25, 2025, for affected products to mitigate these risks.
Affected: Microsoft .NET Framework, Apache OFBiz, Paessler PRTG
Keypoints :
- The .NET Framework flaw (CVE-2024-29059) has a CVSS score of 7.5 and was initially disclosed in November 2023.
- Apache OFBiz contains a critical vulnerability (CVE-2024-45195) with a CVSS score of 9.8, exposing users to remote code execution attacks.
- CISA urges agencies to patch or discontinue use of these products by February 25, 2025, as there is no detailed information on exploitation methods.