Security News > 2025 > February > CISA Adds Microsoft and Zimbra Flaws to KEV Catalog Amid Active Exploitation

CISA Adds Microsoft and Zimbra Flaws to KEV Catalog Amid Active Exploitation
2025-02-26 04:33

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday placed two security flaws impacting Microsoft Partner Center and Synacor Zimbra Collaboration Suite (ZCS) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities in question are as follows - CVE-2024-49035 (CVSS score: 8.7) - An improper access control


News URL

https://thehackernews.com/2025/02/cisa-adds-microsoft-and-zimbra-flaws-to.html

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-11-26 CVE-2024-49035 Unspecified vulnerability in Microsoft Partner Center
An improper access control vulnerability in Partner.Microsoft.com allows an a unauthenticated attacker to elevate privileges over a network.
network
low complexity
microsoft
critical
 9.8
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 394 52 1467 2974 184 4677
Zimbra 7 0 40 15 8 63