CISA adds Apache OFBiz and Android kernel bugs to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apache OFBiz and Android kernel bugs to its Known Exploited Vulnerabilities catalog.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) an Android Kernel Remote Code Execution flaw () and an Apache OFBiz Path Traversal issue () to its .
Below are the descriptions of the two flaws:
- CVE-2024-36971 is a remote code execution vulnerability impacting the Android kernel. The vulnerability was by Clement Lecigne of Google’s Threat Analysis Group (TAG). The TAG team investigates attacks carried out by nation-state actors and commercial spyware vendors. The IT giant is aware that the vulnerability has been actively exploited in the wild. The company did not share details of the attacks exploiting this vulnerability.
- CVE-2024-32113 is a path traversal issue in the Apache OFBiz. The exploitation of this vulnerability could lead to remote command execution. Researchers from SANS recently observed a surge in the attacks targeting CVE-2024-32113.
According to , FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.
Experts recommend also private organizations review the and address the vulnerabilities in their infrastructure.
CISA orders federal agencies to fix this vulnerability by August 28, 2024.
Follow me on Twitter: and and Mastodon
(SecurityAffairs – hacking, Known Exploited Vulnerabilities Catalog)