Five security flaws impacting Apache, Microsoft, and Oracle software have been added by the Cybersecurity and Infrastructure Security Agency to its Known Exploited Vulnerabilities catalog, with federal agencies urged to remediate all of the bugs by Oct. 9, Security Affairs reports.
Most recent of the newly added vulnerabilities is a critical remote command execution issue in Apache HugeGraph-Server, tracked as CVE-2024-27348, which could be leveraged to facilitate sandbox restriction evasion. Also part of the CISA advisory are a pair of critical RCEs in Oracle JDeveloper and WebLogic Server, tracked as CVE-2022-21445 and CVE-2020-14644, respectively, both of which could be exploited to allow software takeovers. On the other hand, threat actors could abuse a high-severity RCE flaw in Microsoft SQL Server Reporting Services, tracked as CVE-2020-0618, to permit arbitrary code execution following memory corruption flaw exploitation, while a high-severity bug in the Windows Task Scheduler, tracked as CVE-2019-1069, could allow privilege escalation.
