• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
cisa alert: oracle e business suite and sugarcrm vulnerabilities under attack

CISA Alert: Oracle E-Business Suite and SugarCRM Vulnerabilities Under Attack

You are here: Home / General Cyber Security News / CISA Alert: Oracle E-Business Suite and SugarCRM Vulnerabilities Under Attack
February 3, 2023

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on February 2 extra two security flaws to its Acknowledged Exploited Vulnerabilities (KEV) Catalog, citing proof of lively exploitation.

The first of the two vulnerabilities is CVE-2022-21587 (CVSS rating: 9.8), a critical issue impacting versions 12.2.3 to 12.2.11 of the Oracle Web Apps Desktop Integrator merchandise.

“Oracle E-Company Suite is made up of an unspecified vulnerability that permits an unauthenticated attacker with network access by using HTTP to compromise Oracle Web Programs Desktop Integrator,” CISA reported.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


The issue was addressed by Oracle as part of its Critical Patch Update produced in October 2022. Not substantially is recognised about the character of the attacks exploiting the vulnerability.

The 2nd security flaw to be additional to the KEV catalog is CVE-2023-22952 (CVSS rating: 8.8), which relates to a situation of missing enter validation in SugarCRM that could consequence in the injection of arbitrary PHP code. The bug has been mounted in SugarCRM variations 11..5 and 12..2.

The advancement will come a 7 days after CISA also additional CVE-2017-11357 (CVSS rating: 9.8), a extreme security vulnerability impacting Telerik UI that could facilitate arbitrary file uploads or distant code execution.

In mild of active exploitation makes an attempt, Federal Civilian Executive Branch (FCEB) businesses in the U.S. are necessary to utilize the patches by February 23, 2023.

Found this article exciting? Stick to us on Twitter  and LinkedIn to read through more exceptional written content we article.


Some elements of this short article are sourced from:
thehackernews.com

Previous Post: «Cyber Security News Threat Actors Use ClickFunnels to Bypass Security Services
Next Post: New High-Severity Vulnerabilities Discovered in Cisco IOx and F5 BIG-IP Products new high severity vulnerabilities discovered in cisco iox and f5 big ip»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • CISA Unveils Ransomware Notification Initiative
  • WooCommerce Patches Critical Plugin Flaw Affecting Half a Million Sites
  • GitHub Updates Security Protocol For Operations Over SSH
  • Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data
  • Some GitHub users must take action after RSA SSH host key exposed
  • THN Webinar: Inside the High Risk of 3rd-Party SaaS Apps
  • Pension Protection Fund confirms employee data exposed in GoAnywhere breach
  • GitHub Swiftly Replaces Exposed RSA SSH Key to Protect Git Operations
  • Now UK Parliament Bans TikTok from its Network and Devices
  • IRS Phishing Emails Used to Distribute Emotet

Copyright © TheCyberSecurity.News, All Rights Reserved.