Security News > 2025 > February > CISA Adds Microsoft and Zimbra Flaws to KEV Catalog Amid Active Exploitation
2025-02-26 04:33
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday placed two security flaws impacting Microsoft Partner Center and Synacor Zimbra Collaboration Suite (ZCS) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities in question are as follows - CVE-2024-49035 (CVSS score: 8.7) - An improper access control
News URL
https://thehackernews.com/2025/02/cisa-adds-microsoft-and-zimbra-flaws-to.html
Related news
- CISA Adds NAKIVO Vulnerability to KEV Catalog Amid Active Exploitation (source)
- CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog, Urges Fixes by Feb 25 (source)
- CISA tags Microsoft .NET and Apache OFBiz bugs as exploited in attacks (source)
- Microsoft’s Patch Tuesday Fixes 63 Flaws, Including Two Under Active Exploitation (source)
- Ransomware criminals love CISA's KEV list – and that's a bug, not a feature (source)
- Cisco, Hitachi, Microsoft, and Progress Flaws Actively Exploited—CISA Sounds Alarm (source)
- CISA Adds Five Actively Exploited Vulnerabilities in Advantive VeraCore and Ivanti EPM to KEV List (source)
- CISA Warns of Active Exploitation in GitHub Action Supply Chain Compromise (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-26 | CVE-2024-49035 | Unspecified vulnerability in Microsoft Partner Center An improper access control vulnerability in Partner.Microsoft.com allows an a unauthenticated attacker to elevate privileges over a network. | 9.8 |