CISA KEV Catalog Update Part I-March 2023
Share this:
The US CISA added the three vulnerabilities to the exploited flaws to its Known Exploited Vulnerabilities Catalog
- Teclib GLPI Remote Code Execution Vulnerability tracked as CVE-2022-35914 with a CVSS score 9.8
- Apache Spark Command Injection Vulnerability tracked as CVE-2022-33891 with a CVSS score of 8.8
- Zoho ManageEngine ADSelfService Plus Remote Code Execution Vulnerability tracked as CVE-2022-28810 with a CVSS score of 6.8
The CVE-2022-35914 is a PHP code injection vulnerability that resides in the /vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2. A remote, unauthenticated attacker can exploit this flaw, via a specially crafted message to execute arbitrary code. GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking, and software auditing.
The CVE-2022-33891 flaw is a command injection vulnerability in Apache Spark. In December 2022, Microsoft Threat Intelligence Center researchers discovered a new variant of the Zerobot botnet aka ZeroStresser that was improved with the capabilities to target more Internet of Things (IoT) devices. The variant spotted by Microsoft spreads by exploiting vulnerabilities in Apache and Apache Spark and supports new DDoS attack capabilities.
The third vulnerability added to the catalog, tracked as CVE-2022-28810, is a remote code execution issue in Zoho ManageEngine ADSelfService Plus.
CISA orders federal agencies to fix this flaw by March 28, 2023.
