Security News > 2025 > February > Two Actively Exploited Security Flaws in Adobe and Oracle Products Flagged by CISA

Two Actively Exploited Security Flaws in Adobe and Oracle Products Flagged by CISA
2025-02-25 04:10

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two security flaws impacting Adobe ColdFusion and Oracle Agile Product Lifecycle Management (PLM) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities in question are listed below - CVE-2017-3066 (CVSS score: 9.8) - A deserialization vulnerability impacting


News URL

https://thehackernews.com/2025/02/two-actively-exploited-security-flaws.html

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2017-04-27 CVE-2017-3066 Deserialization of Untrusted Data vulnerability in Adobe Coldfusion 10.0/11.0/2016
Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier have a Java deserialization vulnerability in the Apache BlazeDS library.
network
low complexity
adobe CWE-502
critical
 9.8
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Oracle 698 245 2219 1710 367 4541
Adobe 104 49 860 1691 629 3229