Critical deserialization bugs in Adobe, Oracle software actively exploited, warns CISA

CSO Online

Factuality

Ownership

Critical deserialization bugs in Adobe, Oracle software actively exploited, warns CISA

CISA is warning Adobe and Oracle customers about in-the-wild exploitation of critical vulnerabilities affecting the services of these leading enterprise software providers. The US cybersecurity watchdog added vulnerabilities in Adobe ColdFusion (CVE-2017-3066) and Oracle Agile Product Lifecycle Management (PLM) (CVE-2024-20953) to its known exploited vulnerabilities (KEV) catalog on Monday. “These type of vulnerabilities are frequent attack vect…

The Cyber Express

Factuality

Ownership

CISA Adds CVE-2017-3066 And CVE-2024-20953 To KEV Catalog

The Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its Known Exploited Vulnerabilities (KEV) Catalog by adding two critical vulnerabilities, both actively being exploited in the wild. These vulnerabilities, related to Adobe ColdFusion and Oracle Agile Product Lifecycle Management (PLM), have been identified as security risks to federal agencies and organizations worldwide. The vulnerabilities in question are CVE-201…

Heise

Factuality

Ownership

The U.S. IT security agency CISA warns of ongoing attacks on Adobe Coldfusion and Oracle Agile PLM.

unsafe.sh

The Hacker News

View article

Reposted by

The Hacker News

Factuality

Ownership

Two Actively Exploited Security Flaws in Adobe and Oracle Products Flagged by CISA

美国网络安全机构CISA将Adobe ColdFusion和Oracle Agile PLM的两个高危漏洞加入已知被利用漏洞目录。这两个反序列化漏洞分别允许任意代码执行和低权限攻击者通过HTTP网络访问控制受影响系统。同时，GreyNoise报告称活跃攻击正针对已修复的Cisco设备漏洞CVE-2023-20198。