December 6, 2023

The U.S. CISA added three new vulnerabilities to its Known Exploited Vulnerabilities catalog.

Below is the list of the three added vulnerabilities:

  • CVE-2023-36584 Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability
  • CVE-2023-1671 Sophos Web Appliance Command Injection Vulnerability. This fflaw is a pre-auth command injection issue that resides in the warn-proceed handler. It affects appliances older than version
  • CVE-2023-2551 Oracle Fusion Middleware Unspecified Vulnerability. The issue is a PHP Remote File Inclusion in GitHub repository unilogies/bumsys prior to 2.1.1

CISA orders federal agencies to fix these vulnerabilities by November 17, 2023

2 thoughts on “CISA KEV Update Part III – November 2023

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.