• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
cisa alert: oracle e business suite and sugarcrm vulnerabilities under attack

CISA Alert: Oracle E-Business Suite and SugarCRM Vulnerabilities Under Attack

You are here: Home / General Cyber Security News / CISA Alert: Oracle E-Business Suite and SugarCRM Vulnerabilities Under Attack
February 3, 2023

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on February 2 extra two security flaws to its Acknowledged Exploited Vulnerabilities (KEV) Catalog, citing proof of lively exploitation.

The first of the two vulnerabilities is CVE-2022-21587 (CVSS rating: 9.8), a critical issue impacting versions 12.2.3 to 12.2.11 of the Oracle Web Apps Desktop Integrator merchandise.

“Oracle E-Company Suite is made up of an unspecified vulnerability that permits an unauthenticated attacker with network access by using HTTP to compromise Oracle Web Programs Desktop Integrator,” CISA reported.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


The issue was addressed by Oracle as part of its Critical Patch Update produced in October 2022. Not substantially is recognised about the character of the attacks exploiting the vulnerability.

The 2nd security flaw to be additional to the KEV catalog is CVE-2023-22952 (CVSS rating: 8.8), which relates to a situation of missing enter validation in SugarCRM that could consequence in the injection of arbitrary PHP code. The bug has been mounted in SugarCRM variations 11..5 and 12..2.

The advancement will come a 7 days after CISA also additional CVE-2017-11357 (CVSS rating: 9.8), a extreme security vulnerability impacting Telerik UI that could facilitate arbitrary file uploads or distant code execution.

In mild of active exploitation makes an attempt, Federal Civilian Executive Branch (FCEB) businesses in the U.S. are necessary to utilize the patches by February 23, 2023.

Found this article exciting? Stick to us on Twitter  and LinkedIn to read through more exceptional written content we article.


Some elements of this short article are sourced from:
thehackernews.com

Previous Post: «Cyber Security News Threat Actors Use ClickFunnels to Bypass Security Services
Next Post: New High-Severity Vulnerabilities Discovered in Cisco IOx and F5 BIG-IP Products new high severity vulnerabilities discovered in cisco iox and f5 big ip»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Qilin Ransomware Adds “Call Lawyer” Feature to Pressure Victims for Larger Ransoms
  • Iran’s State TV Hijacked Mid-Broadcast Amid Geopolitical Tensions; $90M Stolen in Crypto Heist
  • 6 Steps to 24/7 In-House SOC Success
  • Massive 7.3 Tbps DDoS Attack Delivers 37.4 TB in 45 Seconds, Targeting Hosting Provider
  • 67 Trojanized GitHub Repositories Found in Campaign Targeting Gamers and Developers
  • New Android Malware Surge Hits Devices via Overlays, Virtualization Fraud and NFC Theft
  • BlueNoroff Deepfake Zoom Scam Hits Crypto Employee with MacOS Backdoor Malware
  • Secure Vibe Coding: The Complete New Guide
  • Uncover LOTS Attacks Hiding in Trusted Tools — Learn How in This Free Expert Session
  • Russian APT29 Exploits Gmail App Passwords to Bypass 2FA in Targeted Phishing Campaign

Copyright © TheCyberSecurity.News, All Rights Reserved.