• Latest
  • Trending
  • All
  • Industry
  • Compliance
  • Global Trade
  • Industry
  • Sustainability & Ethics
  • Video
  • Security & Risk
A man in a hoodie is holding a tablet in front of a monitor, checking alerts on Apache Superset.

CISA Alerts on Exploitation of Apache Superset Vulnerability

01/09/2024
EU and UK Agreement Set to Boost Trade and Ease Tariff Burdens Across the Supply Chain

EU and UK Agreement Set to Boost Trade and Ease Tariff Burdens Across the Supply Chain

06/05/2025
UK Rail Freight Expansion Strengthens Supply Chain Resilience and Lowers Tariff-Linked Costs

UK Rail Freight Expansion Strengthens Supply Chain Resilience and Lowers Tariff-Linked Costs

06/05/2025
London’s EV Congestion Charge Review Signals Policy Shift with Trade and Tariff Implications

London’s EV Congestion Charge Review Signals Policy Shift with Trade and Tariff Implications

06/05/2025
Global Air Cargo Alliance Led by Carriers from Qatar, UK, and Malaysia to Boost Trade Connectivity and Tariff Efficiency

Global Air Cargo Alliance Led by Carriers from Qatar, UK, and Malaysia to Boost Trade Connectivity and Tariff Efficiency

06/05/2025
Germany’s Hamburg Port Expands Shore Power to Cut Emissions and Prepare for Future Tariffs

Germany’s Hamburg Port Expands Shore Power to Cut Emissions and Prepare for Future Tariffs

06/05/2025
UK Temporarily Exempted from U.S. Metal Tariff Increase

UK Temporarily Exempted from U.S. Metal Tariff Increase

06/04/2025
Trump Pushes Tariff Hikes Amid Legal Obstacles

Trump Pushes Tariff Hikes Amid Legal Obstacles

06/04/2025
U.S. trade deal efforts challenged by tight deadlines and tariff issues.

U.S. trade deal efforts challenged by tight deadlines and tariff issues.

06/04/2025
OECD Cuts U.S. Growth Forecast Over Rising Trade Costs

OECD Cuts U.S. Growth Forecast Over Rising Trade Costs

06/04/2025
U.S. Steel and Aluminium Tariffs Raised to 50%

U.S. Steel and Aluminium Tariffs Raised to 50%

06/04/2025
Tariff Hikes on Steel and Aluminum to Raise Consumer Prices

Tariff Hikes on Steel and Aluminum to Raise Consumer Prices

06/03/2025
U.S. Tariffs Add Pressure to China and EU Trade Talks

U.S. Tariffs Add Pressure to China and EU Trade Talks

06/03/2025
supplychainreport
Saturday, June 7, 2025
  • Home
  • Industry
    • Supply Chain
    • Logistics & Transportation
    • Importing & Exporting
    • Manufacturing
    • Warehousing & Distribution
  • Compliance
    • Supply Chain Transparency
    • Anti-Money Laundering (AML)
    • Know Your Customer (KYC)
    • Risk Management
    • Export Controls
    • Sanctions
  • Global Trade
    • Market Trends
    • Economic Indicators
    • Sourcing
    • Trade Policies
    • International Relations
    • Trade Agreements
    • Tariffs & Duties
    • Import/Export Statistics
  • Luxury Goods
  • Industry
    • Blockchain in Supply Chain
    • Importing & Exporting
    • Automation & Robotics
    • Artificial Intelligence in Trade
    • Data & Analytics
  • Sustainability & Ethics
    • Green Supply Chains
    • Sustainable Logistics
    • Ethical Sourcing
    • Corporate Social Responsibility
    • Environmental Policies
  • Security & Risk
    • Cybersecurity in Trade
    • Fraud & Scams
    • Risk Mitigation
    • Security Protocols
    • Data Protection
  • ITC News
    • ITC Featured Members
    • ITC Business Councils Highlights
  • Events
    • Upcoming Conferences
    • Upcoming FREE Educational Webinars
No Result
View All Result
supplychainreport
No Result
View All Result

CISA Alerts on Exploitation of Apache Superset Vulnerability

by Richie
01/09/2024
in Cybersecurity in Trade, Security & Risk, Security Protocols

YOU MAY ALSO LIKE

Social Media Videos Raise Questions on Luxury Goods Manufacturing, Prompt Denials and Investigations

Saviynt Unveils AI-Powered Identity Security Tool for Risk Management

The US Cybersecurity and Infrastructure Security Agency (CISA) has recently expanded its Known Exploited Vulnerabilities (KEV) catalog to include six additional entries, one of which is a vulnerability in Apache Superset disclosed in April 2023.

Apache Superset, an open-source Python application, is designed to assist users in exploring and visualizing large datasets. The vulnerability in question revolves around the application’s session cookies, signed with a secret key for authentication. Although the key is intended to be randomly generated, a report from penetration testing firm Horizon3.ai in April last year revealed that Superset instances were defaulting the key to a specific value. Approximately 2,000 instances accessible from the internet were found to be using this default key.

Exploiting this vulnerability could allow attackers to log in as administrators, gain access to connected databases, manipulate data, and execute code remotely. While database connections are typically set up with read-only permissions, an attacker with admin access could enable writes and data model language (DML) statements. The SQL Lab interface in Superset also permits attackers to run arbitrary SQL statements against connected databases.

The issue was initially discovered in 2021, with the secret key value rotated in 2022 to a new default and a warning added to the logs. The bug, now tracked as CVE-2023-27524, has been addressed in Superset version 2.1, which prevents the server from starting if the secret key value is the default one.

CISA’s addition of this vulnerability to the KEV catalog indicates that threat actors have initiated exploitation in the wild. However, specific details about observed attacks have not been provided by the agency.

In addition to the Apache Superset vulnerability, CISA added two recently resolved Adobe ColdFusion flaws, a code execution bug in Apple products, an improper access check issue in Joomla, and a command injection issue in D-Link DSL-2750B devices to the KEV catalog.

Organizations, not just federal agencies affected by the Binding Operational Directive (BOD) 22-01, are advised to review the KEV catalog and prioritize patching for the listed vulnerabilities or discontinue the use of impacted products without available mitigations.

Your source for supply chain report news updates: The Supply Chain Report. For international trade insights and tools, head to ADAMftd.com.

#Cybersecurity #CISA #KnownExploitedVulnerabilities #ApacheSuperset #VulnerabilityManagement #DataSecurity #PenetrationTesting #Horizon3ai #AdobeColdFusion #AppleSecurity #Joomla #DLink #SecurityPatches #VulnerabilityAssessment

ShareTweet

Subscribe Our Newsletter

Share Your News

Whether it’s a groundbreaking achievement, a heartwarming tale, or an insightful perspective, we want to hear it. Share your news with us, and let’s amplify your voice in the digital symphony of stories.

Submit

A man is riding a bike on a hill.

The Supply Chain Report is your essential daily news website, serving as a trusted source for comprehensive coverage of the complex and ever-evolving global supply chain dynamics. Our expert team delves into the intricacies of international trade, manufacturing, logistics, importing, exporting, and supply chain management; providing in-depth analysis and up-to-date news on the latest trends, disruptions, and technological advancements affecting industries worldwide. From detailed reports on international trade through to insights into procurement strategies and inventory management, we offer valuable content that helps professionals stay informed and make knowledgeable decisions in a fast-paced market.

Each day, we bring you cutting-edge news and expert commentary that dissect significant international trade and supply chain issues Our coverage spans a wide array of sectors including manufacturing, retail, healthcare, food, consumer goods, and technology, ensuring that no matter your field, you have the strategic information needed to navigate the challenges and opportunities of today’s supply chain landscape. By synthesizing complex data and presenting actionable insights, The Supply Chain Report empowers business leaders, policymakers, and logistics professionals to optimize their operations and drive forward with confidence in an interconnected world.

Connect With Us

  • About
  • Events
  • Privacy Policy
  • Contact Us

© 2024 International Centre for Trade Transparency Limited. Incorporated in the United Kingdom.

No Result
View All Result
  • Home
  • Industry
    • Supply Chain
    • Logistics & Transportation
    • Importing & Exporting
    • Manufacturing
    • Warehousing & Distribution
  • Compliance
    • Supply Chain Transparency
    • Anti-Money Laundering (AML)
    • Know Your Customer (KYC)
    • Risk Management
    • Export Controls
    • Sanctions
  • Global Trade
    • Market Trends
    • Economic Indicators
    • Sourcing
    • Trade Policies
    • International Relations
    • Trade Agreements
    • Tariffs & Duties
    • Import/Export Statistics
  • Luxury Goods
  • Industry
    • Blockchain in Supply Chain
    • Importing & Exporting
    • Automation & Robotics
    • Artificial Intelligence in Trade
    • Data & Analytics
  • Sustainability & Ethics
    • Green Supply Chains
    • Sustainable Logistics
    • Ethical Sourcing
    • Corporate Social Responsibility
    • Environmental Policies
  • Security & Risk
    • Cybersecurity in Trade
    • Fraud & Scams
    • Risk Mitigation
    • Security Protocols
    • Data Protection
  • ITC News
    • ITC Featured Members
    • ITC Business Councils Highlights
  • Events
    • Upcoming Conferences
    • Upcoming FREE Educational Webinars

© 2024 International Centre for Trade Transparency Limited. Incorporated in the United Kingdom.