Agency for cybersecurity and US infrastructure (CISA) has added Two disadvantages of security that affectShip) A catalog based on evidence of active operation.
The vulnerabilities in question are below –
- Cve-2017-3066 (CVSS assessment: 9.8) – a vulnerability of desserization that affects Adobe Coldfusion at Apache Blazeds Library, allowing an arbitrary code. (Corrected in April 2017)
- Cve-2014-20953 (CVSS assessment: 8.8) – a vulnerability of desserization that affects Oracle Agile Plm, which allows a low privileged attacker with network access via HTTP to threaten the system. (Corrected in January 2024)
There are currently no public reports that refer to vulnerabilities, though another drawback that affects Oracle Agile Plm (Cve-2024-21287CVSS assessment: 7.5) got into active abuses at the end of last year.
To mitigate the risks caused by potential attacks, armed with these shortcomings, it is recommended that users take action to apply the necessary updates. Federal agencies have time by March 17, 2025 to provide their threats.
Development occurs when the Greynoise threatening firm revealed active attempts to operate on the CVE-2013-20198, which is now inundated with a lack of safety affecting vulnerable Cisco devices.
As many as 110 malicious IPS, mainly the origin from Bulgaria, Brazil and Singapore, were associated with malicious activity.
“In December 2024 and January 2025, two malicious IP used CVE-2018-0171 The salt typhoonAs reported – Note.
