The US Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday announced that it will be introducing a known Exploitation Vulnerability (KEV) catalogue based on evidence of active exploitation, Microsoft Partner We have placed two security flaws affecting Collaboration Suite (ZCS).
The vulnerabilities in question are:
CVE-2024-49035 (CVSS score: 8.7) – Inappropriate access control vulnerability in Microsoft Partner Center that allows attackers to escalate privileges. (Fixed November 2024) CVE-2023-34192 (CVSS score: 9.0) – Cross-site script (XSS) Sinacol ZC vulnerability. function. (Fixed in July 2023 with version 8.8.15 patch 40)
Last year, Microsoft admitted that CVE-2024-49035 was exploited in the wild, but did not reveal any additional details on how it was weaponized in the actual attack. Currently, there are no public reports regarding the wild abuse of CVE-2023-34192.
In light of development, federal civil enforcement division (FCEB) agencies are required to apply necessary updates to ensure the network by March 18, 2025.
The development was based on evidence of aggressive exploitation in a known Exploited Vulnerability (KEV) catalogue the day after CISA added two security flaws affecting Adobe ColdFusion and Oracle Agile Product Lifecycle Management (PLM). It’s there.
Source link
