• Latest
  • Trending
  • All
  • Industry
  • Compliance
  • Global Trade
  • Industry
  • Sustainability & Ethics
  • Video
  • Security & Risk
A man in a hoodie is holding a tablet in front of a monitor, checking alerts on Apache Superset.

CISA Alerts on Exploitation of Apache Superset Vulnerability

01/09/2024
Larry Company Nominated for Go Global Awards 2025

Larry Company Emerges as Iraq’s Largest Name in Pools Spas and Construction

06/26/2025
Larry Company Nominated for Go Global Awards 2025

Larry Company Nominated for Go Global Awards 2025

06/26/2025
The Allied Founders Celebrates Over 5 Decades of Excellence in Cast Iron Manufacturing and Global Export

The Allied Founders Pvt Ltd Nominated for Go Global Awards 2025

06/25/2025
The Allied Founders Celebrates Over 5 Decades of Excellence in Cast Iron Manufacturing and Global Export

The Allied Founders Celebrates Over 5 Decades of Excellence in Cast Iron Manufacturing and Global Export

06/25/2025
Comet Web Solutions LLP Nominated for Go Global Awards 2025

Comet Web Solutions Empowers Global Businesses Through Digital Innovation

06/26/2025
Comet Web Solutions LLP Nominated for Go Global Awards 2025

Comet Web Solutions LLP Nominated for Go Global Awards 2025

06/25/2025
CloudFirst Technology Private Limited Nominated for Go Global Awards 2025

CloudFirst Technology: Pioneering Cloud Innovation with Global Impact

06/25/2025
CloudFirst Technology Private Limited Nominated for Go Global Awards 2025

CloudFirst Technology Private Limited Nominated for Go Global Awards 2025

06/25/2025
UK Private Sector Growth Shows Modest Recovery Amid Ongoing Tariff Pressures

UK Private Sector Growth Shows Modest Recovery Amid Ongoing Tariff Pressures

06/23/2025
3rd Dairy Market Innovation Asia Pacific Summit 2025

Be Part of the 3rd Dairy Market Innovation Asia Pacific Summit 2025

06/20/2025
S.K.Singhi & Partners LLP Expands Global Legal Reach with LEXITS Platform and International Recognition

S.K.Singhi & Partners LLP Nominated for Go Global Awards 2025

06/19/2025
S.K.Singhi & Partners LLP Expands Global Legal Reach with LEXITS Platform and International Recognition

S.K.Singhi & Partners LLP Expands Global Legal Reach with LEXITS Platform and International Recognition

06/19/2025
supplychainreport
Friday, June 27, 2025
  • Home
  • Industry
    • Supply Chain
    • Logistics & Transportation
    • Importing & Exporting
    • Manufacturing
    • Warehousing & Distribution
  • Compliance
    • Supply Chain Transparency
    • Anti-Money Laundering (AML)
    • Know Your Customer (KYC)
    • Risk Management
    • Export Controls
    • Sanctions
  • Global Trade
    • Market Trends
    • Economic Indicators
    • Sourcing
    • Trade Policies
    • International Relations
    • Trade Agreements
    • Tariffs & Duties
    • Import/Export Statistics
  • Luxury Goods
  • Industry
    • Blockchain in Supply Chain
    • Importing & Exporting
    • Automation & Robotics
    • Artificial Intelligence in Trade
    • Data & Analytics
  • Sustainability & Ethics
    • Green Supply Chains
    • Sustainable Logistics
    • Ethical Sourcing
    • Corporate Social Responsibility
    • Environmental Policies
  • Security & Risk
    • Cybersecurity in Trade
    • Fraud & Scams
    • Risk Mitigation
    • Security Protocols
    • Data Protection
  • ITC News
    • ITC Featured Members
    • ITC Business Councils Highlights
  • Events
    • Upcoming Conferences
    • Upcoming FREE Educational Webinars
No Result
View All Result
supplychainreport
No Result
View All Result

CISA Alerts on Exploitation of Apache Superset Vulnerability

by Richie
01/09/2024
in Cybersecurity in Trade, Security & Risk, Security Protocols

YOU MAY ALSO LIKE

Merchant International Systems Ltd Nominated for 2025 Go Global Awards in London

Merchant International Systems Limited Recognized for Excellence in Safety and Technology Solutions

The US Cybersecurity and Infrastructure Security Agency (CISA) has recently expanded its Known Exploited Vulnerabilities (KEV) catalog to include six additional entries, one of which is a vulnerability in Apache Superset disclosed in April 2023.

Apache Superset, an open-source Python application, is designed to assist users in exploring and visualizing large datasets. The vulnerability in question revolves around the application’s session cookies, signed with a secret key for authentication. Although the key is intended to be randomly generated, a report from penetration testing firm Horizon3.ai in April last year revealed that Superset instances were defaulting the key to a specific value. Approximately 2,000 instances accessible from the internet were found to be using this default key.

Exploiting this vulnerability could allow attackers to log in as administrators, gain access to connected databases, manipulate data, and execute code remotely. While database connections are typically set up with read-only permissions, an attacker with admin access could enable writes and data model language (DML) statements. The SQL Lab interface in Superset also permits attackers to run arbitrary SQL statements against connected databases.

The issue was initially discovered in 2021, with the secret key value rotated in 2022 to a new default and a warning added to the logs. The bug, now tracked as CVE-2023-27524, has been addressed in Superset version 2.1, which prevents the server from starting if the secret key value is the default one.

CISA’s addition of this vulnerability to the KEV catalog indicates that threat actors have initiated exploitation in the wild. However, specific details about observed attacks have not been provided by the agency.

In addition to the Apache Superset vulnerability, CISA added two recently resolved Adobe ColdFusion flaws, a code execution bug in Apple products, an improper access check issue in Joomla, and a command injection issue in D-Link DSL-2750B devices to the KEV catalog.

Organizations, not just federal agencies affected by the Binding Operational Directive (BOD) 22-01, are advised to review the KEV catalog and prioritize patching for the listed vulnerabilities or discontinue the use of impacted products without available mitigations.

Your source for supply chain report news updates: The Supply Chain Report. For international trade insights and tools, head to ADAMftd.com.

#Cybersecurity #CISA #KnownExploitedVulnerabilities #ApacheSuperset #VulnerabilityManagement #DataSecurity #PenetrationTesting #Horizon3ai #AdobeColdFusion #AppleSecurity #Joomla #DLink #SecurityPatches #VulnerabilityAssessment

ShareTweet

Subscribe Our Newsletter

Share Your News

Whether it’s a groundbreaking achievement, a heartwarming tale, or an insightful perspective, we want to hear it. Share your news with us, and let’s amplify your voice in the digital symphony of stories.

Submit

A man is riding a bike on a hill.

The Supply Chain Report is your essential daily news website, serving as a trusted source for comprehensive coverage of the complex and ever-evolving global supply chain dynamics. Our expert team delves into the intricacies of international trade, manufacturing, logistics, importing, exporting, and supply chain management; providing in-depth analysis and up-to-date news on the latest trends, disruptions, and technological advancements affecting industries worldwide. From detailed reports on international trade through to insights into procurement strategies and inventory management, we offer valuable content that helps professionals stay informed and make knowledgeable decisions in a fast-paced market.

Each day, we bring you cutting-edge news and expert commentary that dissect significant international trade and supply chain issues Our coverage spans a wide array of sectors including manufacturing, retail, healthcare, food, consumer goods, and technology, ensuring that no matter your field, you have the strategic information needed to navigate the challenges and opportunities of today’s supply chain landscape. By synthesizing complex data and presenting actionable insights, The Supply Chain Report empowers business leaders, policymakers, and logistics professionals to optimize their operations and drive forward with confidence in an interconnected world.

Connect With Us

  • About
  • Events
  • Privacy Policy
  • Contact Us

© 2024 International Centre for Trade Transparency Limited. Incorporated in the United Kingdom.

No Result
View All Result
  • Home
  • Industry
    • Supply Chain
    • Logistics & Transportation
    • Importing & Exporting
    • Manufacturing
    • Warehousing & Distribution
  • Compliance
    • Supply Chain Transparency
    • Anti-Money Laundering (AML)
    • Know Your Customer (KYC)
    • Risk Management
    • Export Controls
    • Sanctions
  • Global Trade
    • Market Trends
    • Economic Indicators
    • Sourcing
    • Trade Policies
    • International Relations
    • Trade Agreements
    • Tariffs & Duties
    • Import/Export Statistics
  • Luxury Goods
  • Industry
    • Blockchain in Supply Chain
    • Importing & Exporting
    • Automation & Robotics
    • Artificial Intelligence in Trade
    • Data & Analytics
  • Sustainability & Ethics
    • Green Supply Chains
    • Sustainable Logistics
    • Ethical Sourcing
    • Corporate Social Responsibility
    • Environmental Policies
  • Security & Risk
    • Cybersecurity in Trade
    • Fraud & Scams
    • Risk Mitigation
    • Security Protocols
    • Data Protection
  • ITC News
    • ITC Featured Members
    • ITC Business Councils Highlights
  • Events
    • Upcoming Conferences
    • Upcoming FREE Educational Webinars

© 2024 International Centre for Trade Transparency Limited. Incorporated in the United Kingdom.