The US CISA adds two vulnerabilities to its Known Exploited Vulnerabilities Catalog based on the evidence of active exploitation
The first vulnerability tracked as CVE-2024-43461, Microsoft Windows MSHTML Platform contains a user interface misrepresentation of critical information vulnerability that allows an attacker to spoof a web page. This vulnerability was exploited in conjunction with CVE-2024-38112.
The second vulnerability tracked as CVE-2024-6670, Progress WhatsUp Gold contains a SQL injection vulnerability that allows an unauthenticated attacker to retrieve the user’s encrypted password if the application is configured with only a single user.
CISA has set 7th October 2024 as a deadline for federal agencies to remediate the vulnerability
