CISA has added CVE-2021-44207, a high-severity flaw in Acclaim Systems' USAHERDS software, to its Known Exploited Vulnerabilities (KEV) catalog. This vulnerability, with a CVSS score of 8.1, arises from hard-coded static credentials in version 7.4.0.1 and earlier, which could enable attackers to achieve remote code execution by exploiting maliciously crafted ViewState data. While there are no recent reports of exploitation, it was previously abused by the China-linked APT41 group in attacks against U.S. state government networks. Federal agencies must apply mitigations by January 13, 2025.

Additionally, Adobe has disclosed a critical vulnerability (CVE-2024-53961, CVSS score: 7.8) in ColdFusion, allowing arbitrary file system reads. The flaw has a known proof-of-concept (PoC) exploit and has been fixed in ColdFusion 2021 Update 18 and ColdFusion 2023 Update 12. Users are urged to apply the updates immediately to mitigate risks.

‍