08/21/2024-08/28/2024 Apache OFBiz RCE Flaw, Critical WPML Plugin Flaw, Supply Chain Vulnerabilities in MLOps Platforms And More.

1. CISA Warns About Actively Exploited Apache OFBiz RCE Flaw

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has warned of two exploited vulnerabilities, including a path traversal flaw in Apache OFBiz (CVE-2024-32113). Apache OFBiz, an open-source ERP system, is widely used due to its versatility. The flaw affects versions before 18.12.13 and allows remote execution of arbitrary commands. Federal agencies must apply security updates or stop using the product by August 28, 2024. Another vulnerability, CVE-2024-36971, affecting the Android kernel, was also flagged. A newer OFBiz flaw, CVE-2024-38856, impacts versions up to 18.12.14 and poses a critical pre-authentication remote code execution risk. Users should upgrade to version 18.12.15 to secure their systems.

2. Critical WPML Plugin Flaw Exposes WordPress Sites to Remote Code Execution

A critical flaw in the WPML WordPress plugin (CVE-2024-6386, CVSS score: 9.9) could let authenticated users execute arbitrary code remotely. This vulnerability affects all versions before 4.6.13, released on August 20, 2024. Caused by missing input validation, the issue allows attackers with Contributor-level access or higher to exploit server-side template injection (SSTI) via shortcodes. WPML, used on over a million sites for multilingual content, failed to properly sanitize input in Twig templates, leading to potential server takeover. Users are strongly advised to update to the latest version to mitigate this risk.

3. SonicWall SonicOS Vulnerability Let Attackers Gain Unauthorized Access & Crash Firewall

SonicWall has disclosed a critical vulnerability (CVE-2024-40766) in its SonicOS management access, rated with a high CVSS score of 9.3. This flaw, identified as an improper access control issue, could lead to unauthorized resource access and potentially cause firewall crashes. The vulnerability affects a wide range of SonicWall devices, including Gen 5, Gen 6, and Gen 7 models. SonicWall strongly advises updating to the latest firmware versions to mitigate these risks and suggests restricting or disabling WAN management access from untrusted sources. Updated firmware versions are available, and users are urged to apply these patches immediately. 

4. Researchers Identify Over 20 Supply Chain Vulnerabilities in MLOps Platforms

Cybersecurity researchers have uncovered over 20 vulnerabilities in machine learning (ML) software supply chains, posing significant risks to MLOps platforms. These flaws, both inherent and implementation-based, could lead to severe outcomes such as arbitrary code execution or loading malicious datasets.

MLOps platforms enable the creation and execution of ML models, but vulnerabilities like automatic code execution in models and datasets, particularly in tools like JupyterLab, can open doors for malware attacks. Implementation weaknesses, such as lack of authentication, have been exploited by attackers to deploy cryptocurrency miners, as seen with unpatched Anyscale Ray instances. Additionally, a container escape vulnerability in Seldon Core allows attackers to move laterally in cloud environments, compromising models and data.

5. Hardcoded Credential Vulnerability Found in SolarWinds Web Help Desk

SolarWinds has issued patches to address a new security flaw in its Web Help Desk (WHD) software that could allow remote unauthenticated users to gain unauthorized access to susceptible instances. The issue, tracked as CVE-2024-28987, is rated 9.1 on the CVSS scoring system, indicating critical severity. Horizon3.ai security researcher Zach Hanley has been credited with discovering and reporting the flaw. Users are recommended to update to version 12.8.3 Hotfix 2, but applying the fix requires Web Help Desk 12.8.3.1813 or 12.8.3 HF1. The disclosure comes a week after SolarWinds moved to resolve another critical vulnerability in the same software that could be exploited to execute arbitrary code (CVE-2024-28986, CVSS score: 9.8). Additional details about CVE-2024-28987 are expected to be released next month.