Focus Friday: TPRM Insights on Qlik Sense, Cleo File Transfer, And SAP NetWeaver JAVA Vulnerabilities
Written by: Ferdi Gül
Welcome to this week’s Focus Friday blog! As the cybersecurity landscape evolves, organizations are tasked with managing an ever-growing array of threats, especially within their vendor ecosystems. Third-Party Risk Management (TPRM) professionals play a crucial role in safeguarding operations against vulnerabilities that could ripple through the supply chain. This week, we delve into three critical vulnerabilities affecting Qlik Sense Enterprise, Cleo File Transfer software, and SAP NetWeaver JAVA. Each of these incidents highlights the importance of proactive risk management and showcases how Black Kite’s FocusTags™ empower organizations to stay ahead of emerging threats.
CVE-2024-55579 and CVE-2024-55580: Critical Vulnerabilities in Qlik Sense Enterprise
What are the vulnerabilities in Qlik Sense Enterprise?
Qlik Sense Enterprise for Windows has been identified with two critical vulnerabilities:
CVE-2024-55579 vulnerability allows unprivileged users with network access to create connection objects that can trigger the execution of arbitrary executable files on the Qlik Sense server. It has a CVSS score of 8.8, indicating high severity. CVE-2024-55580: This flaw enables unprivileged users with network access to execute remote commands, potentially causing significant impacts on system availability, integrity, and confidentiality. It carries a CVSS score of 7.5.
Both vulnerabilities were publicly disclosed on December 8, 2024. As of now, there is no evidence of active exploitation in the wild, and they have not been added to CISA’s Known Exploited Vulnerabilities catalog. Qlik has released security patches to address these issues and strongly advises immediate application to mitigate associated risks.
Why should TPRM professionals be concerned about these vulnerabilities?
Third-Party Risk Management (TPRM) professionals should be vigilant regarding these vulnerabilities due to the following reasons:
What questions should TPRM professionals ask vendors regarding these vulnerabilities?
To assess and mitigate risks associated with these vulnerabilities, consider posing the following questions to your vendors:
Remediation recommendations for vendors affected by these vulnerabilities
Vendors utilizing Qlik Sense Enterprise should implement the following remediation steps:
How can TPRM professionals leverage Black Kite’s FocusTagsTM regarding these vulnerabilities?
Black Kite has issued a FocusTag™ for Qlik Sense Enterprise, enabling TPRM professionals to:
CVE-2024-50623: Remote Code Execution Vulnerability in Cleo File Transfer Software
What is the Remote Code Execution Vulnerability in Cleo File Transfer Software?
CVE-2024-50623 is a high-severity unrestricted file upload and download vulnerability affecting Cleo’s file transfer products: Harmony®, VLTrader®, and LexiCom®, in versions prior to 5.8.0.21. This flaw allows attackers to upload malicious files to the software’s autorun directory, which are then automatically executed, enabling remote code execution. The vulnerability has a CVSS score of 8.8. It was publicly disclosed on December 10, 2024. PoC exploit code is available, and active exploitation has been observed in the wild, notably by the Termite ransomware group targeting sectors such as logistics, shipping, and consumer products. As of now, this vulnerability has not been added to CISA’s Known Exploited Vulnerabilities catalog.
We published an article on December 11, 2024, stating that the Cleo vulnerability (CVE-2024-50623) was actively exploited by ransomware groups. You can find more details in the related blog post.
Why should TPRM professionals be concerned about this vulnerability?
Third-Party Risk Management (TPRM) professionals should be attentive to this vulnerability due to its potential impact on data integrity and operational continuity. Exploitation can lead to unauthorized access and control over systems, resulting in data breaches, service disruptions, and propagation of malware across networks. Given the widespread use of Cleo’s file transfer solutions among vendors and partners, this vulnerability poses a significant supply chain risk, potentially affecting interconnected systems and data exchanges.
What questions should TPRM professionals ask vendors regarding this vulnerability?
To assess and mitigate risks associated with CVE-2024-50623, TPRM professionals should inquire:
Remediation recommendations for vendors affected by this vulnerability
Vendors utilizing Cleo’s file transfer products should implement the following remediation steps:
How can TPRM professionals leverage Black Kite’s FocusTagsTM regarding this vulnerability?
Black Kite has issued a FocusTag™ for Cleo File Transfer, enabling TPRM professionals to:
Recommended by LinkedIn
CVE-2024-47578: Server-Side Request Forgery Vulnerability in SAP NetWeaver AS for JAVA
What is the SAP NetWeaver AS for JAVA SSRF Vulnerability?
CVE-2024-47578 is a critical Server-Side Request Forgery (SSRF) vulnerability in SAP NetWeaver AS for JAVA, specifically within the Adobe Document Services component. An attacker with administrator privileges can exploit this flaw by sending crafted requests from a vulnerable web application, targeting internal systems behind firewalls that are typically inaccessible from external networks. Successful exploitation enables the attacker to read or modify any file and potentially render the entire system unavailable. It has a CVSS score of 9.1, indicating critical severity. SAP has released a security patch addressing this vulnerability and strongly recommends immediate application to mitigate associated risks.
Why should TPRM professionals be concerned about this vulnerability?
Third-Party Risk Management (TPRM) professionals should be concerned about CVE-2024-47578 due to its potential to compromise data confidentiality, integrity, and availability. Exploitation of this vulnerability can lead to unauthorized access to sensitive information and disruption of critical business operations. Given the widespread use of SAP NetWeaver AS for JAVA among vendors, this vulnerability poses a significant risk to the supply chain, potentially affecting interconnected systems and data exchanges.
What questions should TPRM professionals ask vendors regarding this vulnerability?
To assess and mitigate risks associated with CVE-2024-47578, TPRM professionals should inquire:
Remediation recommendations for vendors affected by this vulnerability
Vendors utilizing SAP NetWeaver AS for JAVA should implement the following remediation steps:
How can TPRM professionals leverage Black Kite’s FocusTagsTM regarding this vulnerability?
Black Kite has issued a FocusTag™ for SAP NetWeaver, enabling TPRM professionals to:
Enhancing TPRM Strategies with Black Kite’s FocusTags™
In today’s dynamic cybersecurity environment, managing third-party risks requires precision and timely intelligence. Black Kite’s FocusTags™ are an indispensable tool for organizations navigating critical vulnerabilities like those in Qlik Sense Enterprise, Cleo File Transfer, and SAP NetWeaver JAVA. These tags are designed to provide:
Black Kite’s FocusTags™ transform complex cybersecurity challenges into actionable intelligence, allowing TPRM professionals to mitigate risks efficiently and strengthen overall security. By leveraging these insights, organizations can proactively address vulnerabilities, ensuring resilience in an ever-evolving threat landscape.
About Focus Friday
Every week, we delve into the realms of critical vulnerabilities and their implications from a Third-Party Risk Management (TPRM) perspective. This series is dedicated to shedding light on pressing cybersecurity threats, offering in-depth analyses, and providing actionable insights.
FocusTagsTM in the Last 30 Days: