FlagThis

CyberSecurity updates
2025-01-30 20:45:54 Pacfic
github.com
Acclaim USAHERDS Flaw Actively Exploited - 6d
Read more: github.com

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a critical vulnerability in the Acclaim Systems USAHERDS web application. This flaw, identified as CVE-2021-44207, has been actively exploited and carries a high severity score of 8.1. The vulnerability stems from the use of static ValidationKey and DecryptionKey values which are used to secure the ViewState feature, allowing malicious actors to craft malicious payloads that can bypass integrity checks. Exploiting this flaw allows attackers to execute arbitrary code on the affected server, potentially compromising the entire system and its network.

The vulnerability impacts Acclaim USAHERDS versions 7.4.0.1 and earlier, released prior to November 2021. CISA has added this flaw to its Known Exploited Vulnerabilities catalog, further underscoring the urgency of this security risk. Federal agencies are urged to apply the necessary patches and remediation by January 13, 2025. It has also been noted that APT41, a Chinese state-sponsored espionage group, has been linked to exploiting this vulnerability to compromise U.S. state government networks.

Original img attribution: https://thecyberexpress.com/wp-content/uploads/CVE-2021-44207.webp
ImgSrc: thecyberexpress.com
References:
  • cloud.google.com - CISA : (8.1 high) Acclaim Systems USAHERDS Use of Hard-Coded Credentials Vulnerability - 6d
  • @screaminggoat - CISA : (8.1 high) Acclaim Systems USAHERDS Use of Hard-Coded Credentials Vulnerability - 6d
  • Security Archives - Security Affairs - U.S. CISA adds Acclaim Systems USAHERDS flaw to its Known Exploited Vulnerabilities catalog - 6d
  • securityonline.info - CVE-2021-44207: Vulnerability in Acclaim USAHERDS Actively Exploited, CISA Warns - 6d
  • Vulnerability Archives ? Cybersecurity News - CVE-2021-44207: Vulnerability in Acclaim USAHERDS Actively Exploited, CISA Warns - 6d
  • Vulnerabilities ? The Cyber Express - The Cybersecurity and Infrastructure Security Agency (CISA) has announced the addition of a new vulnerability, CVE-2021-44207, to its Known Exploited Vulnerabilities (KEV) Catalog. - 6d
  • The Hacker News - CISA Adds Acclaim USAHERDS Vulnerability to KEV Catalog Amid Active Exploitation - 6d
  • CISO2CISO.COM & CYBER SECURITY GROUP - U.S. CISA adds Acclaim Systems USAHERDS flaw to its Known Exploited Vulnerabilities catalog – Source: securityaffairs.com - 6d
  • ciso2ciso.com - U.S. CISA adds Acclaim Systems USAHERDS flaw to its Known Exploited Vulnerabilities catalog - 5d
  • Osint10x - CISA Adds Acclaim USAHERDS Vulnerability to KEV Catalog Amid Active Exploitation - 5d
  • osint10x.com - CISA Adds Acclaim USAHERDS Vulnerability to KEV Catalog Amid Active Exploitation - 4d

Classification:
  • HashTags: CVE-2021-44207 USAHERDS CISA
  • Company: Acclaim Systems
  • Target: Acclaim Systems Users
  • Product: USAHERDS
  • Feature: Hard-coded Credentials
  • Type: Vulnerability
  • Severity: Major

This site is an experimental news aggregator using feeds I personally follow. You can provide me feedback using this form or using Bluesky.