Alert: Active Exploitation of TP-Link, Apache, and Oracle Vulnerabilities Detected

2023-05-02 05:35

The U.S. Cybersecurity and Infrastructure Security Agency has added three flaws to the Known Exploited Vulnerabilities catalog, based on evidence of active exploitation.

The second flaw to be added to the KEV catalog is CVE-2021-45046, a remote code execution affecting the Apache Log4j2 logging library that came to light in December 2021.

Completing the list is a high-severity bug in Oracle WebLogic Server versions 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0 that could allow unauthorized access to sensitive data.

"Oracle WebLogic Server contains an unspecified vulnerability that allows an unauthenticated attacker with network access via T3, IIOP, to compromise Oracle WebLogic Server," CISA said.

While there exists proof-of-concept exploits for the flaw, there do not appear to be any public reports of malicious exploitation.

Of the 42 vulnerabilities, an overwhelming majority are related to exploitation by Mirai-like botnets, followed by ransomware gangs and other threat actors.

News URL

https://thehackernews.com/2023/05/active-exploitation-of-tp-link-apache.html

#apache #exploitation #oracle #vulnerabilities #CVE-2021-45046

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2021-12-14	CVE-2021-45046	Expression Language Injection vulnerability in multiple products It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. network high complexity apache intel cvat siemens debian sonicwall fedoraproject CWE-917 critical	9.0

Related vendor

VENDOR	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Oracle	973	1149	6156	1150	737	9192
Apache	305	59	859	659	313	1890
TP Link	430	16	97	106	115	334