The US Cybersecurity and Infrastructure Security Agency (CISA) added two security flaws to its Kevn Exploited Vulnerabilities (KEV) catalog on February 2, citing evidence of active exploitation

Created with Sketch.

The US Cybersecurity and Infrastructure Security Agency (CISA) added two security flaws to its Kevn Exploited Vulnerabilities (KEV) catalog on February 2, citing evidence of active exploitation

The first of the two vulnerabilities is CVE-2022-21587 (CVSS score: 9.8), a critical issue affecting versions 12.2.3 through 12.2.11 of the Oracle Web Applications Desktop Integrator product.

The vulnerabilities were addressed by Oracle as part of the update

Its critical published in October 2022.

The second security flaw to be added to the KEV catalog is CVE-2023-22952 (CVSS score: 8.8), which relates to a case of missing input validation in SugarCRM that could lead to the injection of malicious PHP code. The bug was fixed in SugarCRM versions 11.0.5 and 12.0.2.

In light of active exploitation attempts, US Federal Civil Protection Board (FCEB) agencies are required to apply the patches by February 23, 2023.

https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Leave a Reply

Your email address will not be published. Required fields are marked *

    © 2023 Cybecs

    Skip to content