Security News > 2025 > February > CISA Adds Microsoft and Zimbra Flaws to KEV Catalog Amid Active Exploitation
2025-02-26 04:33
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday placed two security flaws impacting Microsoft Partner Center and Synacor Zimbra Collaboration Suite (ZCS) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities in question are as follows - CVE-2024-49035 (CVSS score: 8.7) - An improper access control
News URL
https://thehackernews.com/2025/02/cisa-adds-microsoft-and-zimbra-flaws-to.html
Related news
- CISA Adds NAKIVO Vulnerability to KEV Catalog Amid Active Exploitation (source)
- CISA Adds CrushFTP Vulnerability to KEV Catalog Following Confirmed Active Exploitation (source)
- Commvault CVE-2025-34028 Added to CISA KEV After Active Exploitation Confirmed (source)
- Critical Langflow Flaw Added to CISA KEV List Amid Ongoing Exploitation Evidence (source)
- CISA Warns of Active Exploitation in GitHub Action Supply Chain Compromise (source)
- CISA Adds Actively Exploited Broadcom and Commvault Flaws to KEV Database (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-26 | CVE-2024-49035 | Unspecified vulnerability in Microsoft Partner Center An improper access control vulnerability in Partner.Microsoft.com allows an a unauthenticated attacker to elevate privileges over a network. | 9.8 |