The US Cybersecurity and Infrastructure Security Agency (CISA) impacts Adobe ColdFusion and Oracle Agile Product Lifecycle Management (PLM) on known Exploited Vulnerabilities (KEV) catalogs based on evidence of active exploitation. Added two security flaws to give.
The vulnerabilities in question are listed below –
CVE-2017-3066 (CVSS score: 9.8) – A relaxation vulnerability affecting Adobe ColdFusion in the Apache Blazeds library that allows arbitrary code execution. (Fixed April 2017) CVE-2024-20953 (CVSS score: 8.8) – Relaxation vulnerability affecting low-master agile PLM with network access via HTTP. (Added to January 2024)
Currently, there are no public reports referring to vulnerability exploitation, but another flaw affecting Oracle Agile PLM (CVE-2024-21287, CVSS score: 7.5) was actively abused late last year. .
To mitigate the risks posed by potential attacks that weaponize these defects, users are encouraged to take steps to apply the necessary updates. Federal agencies have time to secure networks against threats until March 17, 2025.
The development is a current patched security flaw affecting vulnerable Cisco devices as threat intelligence company Greynoise revealed an aggressive exploitation attempt targeting CVE-2023-20198.
As many as 110 malicious IPS, which primarily resulted in Bulgaria, Brazil and Singapore, are associated with malicious activities.
“Two malicious IPS exploited SVE-2018-0171 in December 2024 and January 2025. It started in Switzerland and the US – Salt Typhoon, a threat group sponsored by China, has announced the CVE- It reportedly violated a communications network using 2023-20198 and CVE-2023-20273,” said the Greynoise research team.
Source link
