The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog.
- CVE-2023-48788 Fortinet FortiClient EMS SQL Injection Vulnerability with a CVSS score 9.3 is a critical pervasive SQL injection issue that resides in the DAS component
- CVE-2021-44529 Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) Code Injection Vulnerability. The issue is a code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA), an unauthenticated user can exploit the flaw to execute arbitrary code with limited permissions (nobody).
- CVE-2019-7256 Nice Linear eMerge E3-Series OS Command Injection Vulnerability
CISA orders federal agencies to fix this vulnerability by April 15, 2024.