On February 2, the U.S. Cybersecurity and Infrastructure Security Agency (CISA), citing evidence of active exploitation, added two security weaknesses to its Known Exploited Vulnerabilities (KEV) Catalog.
The first of the two flaws is CVE-2022-21587 (CVSS score: 9.8), a serious problem affecting Oracle Web Applications Desktop Integrator versions 12.2.3 through 12.2.11.
An unauthenticated attacker with network access via HTTP could compromise Oracle Web Applications Desktop Integrator by using a vulnerability in the Oracle E-Business Suite, according to CISA read the complete article Oracle E Business Suite and SugarCRM Vulnerabilities Under Attack.
You can protect your business and yourself by keeping up with the latest cybersecurity news and articles with the help of reconbee.com.