News

CISA Active Exploit List – February Update

by Artie Kaye

The US Cybersecurity and Infrastructure Security Agency (CISA) has added several items to its list of must-address exploits.  As these are actively being used by attackers in the wild, it is recommended to resolve the issues as soon as possible.  Below are the companies, CVE numbers, and links to solutions for said problems. All links open in a new tab or window.

Oracle
CVE-2023-21587

E-Business Suite – https://www.oracle.com/security-alerts/cpuoct2022.html

SugarCRM
CVE-2023-22952

Multiple SugarCRM products affected – https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2023-001/

Telerik
CVE-2017-11357

UI for ASP.NET AJAZ – https://docs.telerik.com/devtools/aspnet-ajax/knowledge-base/asyncupload-insecure-direct-object-reference

Zoho
CVE-2022-47966

ManageEngine – https://www.manageengine.com/security/advisory/CVE/cve-2022-47966.html

CWP
CVE-2022-44877

Control Web Panel – https://control-webpanel.com/changelog#1669855527714-450fb335-6194

Microsoft
CVE-2023-21674
CVE-2022-41080

Windows – https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-21674

Exchange Server – https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-41080

Third-Party References:

Click the links below to learn more details. (Opens in a new tab/window.)

CISA Catalog

Wyo Support News

, , , , , ,