CISA Adds Three Security Flaws with Active Exploitation to KEV Catalog
Nov 17, 2023
Patch Management / Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added three security flaws to its Known Exploited Vulnerabilities ( KEV ) catalog based on evidence of active exploitation in the wild. The vulnerabilities are as follows - CVE-2023-36584 (CVSS score: 5.4) - Microsoft Windows Mark-of-the-Web (MotW) Security Feature Bypass Vulnerability CVE-2023-1671 (CVSS score: 9.8) - Sophos Web Appliance Command Injection Vulnerability CVE-2020-2551 (CVSS score: 9.8) - Oracle Fusion Middleware Unspecified Vulnerability CVE-2023-1671 relates to a critical pre-auth command injection vulnerability that allows for the execution of arbitrary code. CVE-2020-2551 is a flaw in the WLS Core Components that allows an unauthenticated attacker with network access to compromise the WebLogic Server. There are currently no public reports documenting in-the-wild attacks leveraging CVE-2023-1671, but Cybernews disclosed in July ...
