CISA Adds Microsoft and Zimbra Flaws to KEV Catalog Amid Active Exploitation

Published by The Hacker News on in Hacking
Tags: cisa microsoft partner center zimbra collaboration suite cvss score known exploited vulnerabilities cev-2024-49035 improper access control cybersecurity news exploited vulnerabilities software updates vulnerability management employee education cybersecurity agency
AI Analysis

:The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The CVE-2024-49035 vulnerability carries a CVSS score of 8.7 and involves improper access control in Microsoft Partner Center and Synacor Zimbra Collaboration Suite (ZCS). Organizations using these services are advised to take immediate action to patch the vulnerabilities. As the cybersecurity landscape evolves, it's essential for businesses to prioritize vulnerability management, employee education, and regular software updates to prevent exploitation. Coordination with CISA and other stakeholders is also crucial in mitigating the impact of these exploits.

Key Points

  • Immediate Action Required: The presence of two security flaws in Microsoft Partner Center and Synacor Zimbra Collaboration Suite (ZCS) highlights the importance of prompt action to patch these vulnerabilities. Organizations relying on these services must take immediate steps to remediate the issues.r
  • Cybersecurity Landscape Evolution: As new vulnerabilities emerge, it's crucial for businesses and organizations to stay vigilant and adapt their cybersecurity measures. This includes regular software updates, robust monitoring, and employee education to prevent exploitation.r
  • Coordination and Information Sharing: The involvement of CISA in cataloging these exploits underscores the need for interagency coordination and information sharing. Effective communication between stakeholders can help mitigate the spread of vulnerabilities and enhance overall cybersecurity resilience.Summary :The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The CVE-2024-49035 vulnerability carries a CVSS score of

Original Article

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday placed two security flaws impacting Microsoft Partner Center and Synacor Zimbra Collaboration Suite (ZCS) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities in question are as follows - CVE-2024-49035 (CVSS score: 8.7) - An improper access control

Source: The Hacker News

Share This Article

Hashtags for Sharing

Related Articles

Comments