CISA Active Exploit List – February Update
by Artie Kaye
The US Cybersecurity and Infrastructure Security Agency (CISA) has added several items to its list of must-address exploits. As these are actively being used by attackers in the wild, it is recommended to resolve the issues as soon as possible. Below are the companies, CVE numbers, and links to solutions for said problems. All links open in a new tab or window.
| Company | CVE | Platform | Details |
|---|---|---|---|
| CWP | CVE-2022-44877 | Control Web Panel | https://control-webpanel.com/changelog#1669855527714-450fb335-6194 |
| Microsoft | CVE-2023-21674 | Windows | https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-21674 |
| CVE-2022-41080 | Exchange Server | https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-41080 | |
| Oracle | CVE-2023-21587 | E-Business Suite | https://www.oracle.com/security-alerts/cpuoct2022.html |
| Sugar CRM | CVE-2023-22952 | Multiple Products | https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2023-001/ |
| Telerik | CVE-2017-11357 | UI for ASP.NET AJAZ | https://docs.telerik.com/devtools/aspnet-ajax/knowledge-base/asyncupload-insecure-direct-object-reference |
| Zoho | CVE-2022-47966 | ManageEngine | https://www.manageengine.com/security/advisory/CVE/cve-2022-47966.html |
For a more comprehensive list of all vulnerabilities, visit cisa.gov (Opens in a new tab/window.)