Two old security vulnerabilities impacting TIBCO Software's Java-based reporting and data analytics platform JasperReports are being leveraged in ongoing attacks, prompting their addition to the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog, reports The Hacker News.
Threat actors have been exploiting CVE-2018-5430, an information disclosure flaw patched in April 2018, to facilitate read-only access to arbitrary files.
"The impact includes the possible read-only access by authenticated users to web application configuration files that contain the credentials used by the server. Those credentials could then be used to affect external systems accessed by the JasperReports Server," said TIBCO.
Meanwhile, CVE-2018-18809, a directory traversal bug addressed in March 2019, could be abused to enable sensitive file access for web server users and eventually allow credential theft and further system infiltrations.
While no specifics have been provided by CISA regarding the ongoing attacks leveraging the flaws, federal agencies have been required to remediate both vulnerabilities by Jan. 19.
CyberScoop reports that millions of files that may have sensitive information have been exposed by 314,000 internet-connected devices and servers with open directory listings, indicating potential significant exploitation.
Nearly 12,000 internet-facing Juniper firewall devices were discovered by VulnCheck to be impacted by a new medium-severity remote code execution vulnerability, which could be exploited to facilitate the execution of arbitrary code without the need to create a file, The Hacker News reports.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news