On March 3, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) updated its Known Exploited Vulnerabilities (KEV) catalog by adding several new vulnerabilities, including those affecting Hitachi Vantara and other products. Here are the details of the newly added vulnerabilities:
CVE-2023-20118 – Cisco Small Business RV Series Routers Command Injection Vulnerability
- Description: This vulnerability resides in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers. It allows authenticated remote attackers to execute arbitrary commands due to improper input validation. Exploiting it requires admin credentials and grants root access. Cisco will not release a fix for this issue.
- CVSS Score: 6.5
CVE-2022-43939 – Hitachi Vantara Pentaho BA Server Authorization Bypass Vulnerability
- Description: This vulnerability in Hitachi Vantara Pentaho BA Server allows attackers to bypass authorization mechanisms, potentially leading to unauthorized access to sensitive data.
- CVSS Score: 9.8
CVE-2022-43769 – Hitachi Vantara Pentaho BA Server Special Element Injection Vulnerability
- Description: This vulnerability in Hitachi Vantara Pentaho BA Server involves special element injection, which can be exploited to execute arbitrary commands or access sensitive information.
- CVSS Score: 7.2
CVE-2018-8639 – Microsoft Windows Win32k Improper Resource Shutdown or Release Vulnerability
- Description: This elevation of privilege vulnerability impacts Windows when the Win32k component fails to properly handle objects in memory. An attacker could exploit the vulnerability to run arbitrary code in kernel mode, and then install programs, view, change, or delete data, or create new accounts with full user rights.
- CVSS Score: 7.8
CVE-2024-4885 – Progress WhatsUp Gold Path Traversal Vulnerability
- Description: This unauthenticated Remote Code Execution vulnerability impacts Progress WhatsUp Gold. The WhatsUp.ExportUtilities.Export.GetFileWithoutZip allows execution of commands with iisapppool\nmconsole privileges.
- CVSS Score: 9.8
These vulnerabilities have been added to the KEV catalog based on evidence of active exploitation, highlighting the importance of timely patching and mitigation to protect against potential attacks.
For more detailed information, you can refer to the CISA Known Exploited Vulnerabilities Catalog.
