Security News > 2025 > February > CISA Adds Microsoft and Zimbra Flaws to KEV Catalog Amid Active Exploitation
2025-02-26 04:33
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday placed two security flaws impacting Microsoft Partner Center and Synacor Zimbra Collaboration Suite (ZCS) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities in question are as follows - CVE-2024-49035 (CVSS score: 8.7) - An improper access control
News URL
https://thehackernews.com/2025/02/cisa-adds-microsoft-and-zimbra-flaws-to.html
Related news
- CISA Flags Critical Flaws in Mitel and Oracle Systems Amid Active Exploitation (source)
- CISA Adds Second BeyondTrust Flaw to KEV Catalog Amid Active Attacks (source)
- CISA shares guidance for Microsoft expanded logging capabilities (source)
- CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog, Urges Fixes by Feb 25 (source)
- CISA tags Microsoft .NET and Apache OFBiz bugs as exploited in attacks (source)
- Microsoft’s Patch Tuesday Fixes 63 Flaws, Including Two Under Active Exploitation (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-26 | CVE-2024-49035 | Unspecified vulnerability in Microsoft Partner Center An improper access control vulnerability in Partner.Microsoft.com allows an a unauthenticated attacker to elevate privileges over a network. | 9.8 |