May 20, 2024

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog.

  • CVE-2023-48788 Fortinet FortiClient EMS SQL Injection Vulnerability with a CVSS score 9.3 is a critical pervasive SQL injection issue that resides in the DAS component
  • CVE-2021-44529 Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) Code Injection Vulnerability. The issue is a code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA), an unauthenticated user can exploit the flaw to execute arbitrary code with limited permissions (nobody).
  • CVE-2019-7256 Nice Linear eMerge E3-Series OS Command Injection Vulnerability

CISA orders federal agencies to fix this vulnerability by April 15, 2024.

Tags:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You may have missed

Intel fixes Critical Vulnerability -CVE-2024-22476

May 19, 2024

Git fixes critical RCE Vulnerability -CVE-2024-32002

May 18, 2024

LockBit Breaches City of Wichita

May 18, 2024

CISA KEV Update – May 2024

May 17, 2024

Google fixes 2nd Zeroday in a Week – CVE-2024-4947

May 16, 2024

US Authorities took control of BreachForums

May 16, 2024

Discover more from TheCyberThrone

Subscribe now to keep reading and get access to the full archive.

Continue reading