Summary: The CISA has added two significant vulnerabilities affecting Microsoft Partner Center and Synacor Zimbra Collaboration Suite (ZCS) to its Known Exploited Vulnerabilities (KEV) catalog due to evidence of active exploitation. One is a privilege escalation flaw in Microsoft Partner Center, and the other is a cross-site scripting vulnerability in ZCS. Federal agencies are required to apply updates by March 18, 2025, to mitigate these threats.
Affected: Microsoft Partner Center, Synacor Zimbra Collaboration Suite (ZCS)
Keypoints :
- CVE-2024-49035: A privilege escalation vulnerability in Microsoft Partner Center with a CVSS score of 8.7; patched in November 2024.
- CVE-2023-34192: A cross-site scripting vulnerability in Synacor ZCS with a CVSS score of 9.0; fixed in July 2023 with version 8.8.15 Patch 40.
- Federal Civilian Executive Branch agencies must apply necessary updates by March 18, 2025, to protect their networks.
- Last year, CVE-2024-49035 was acknowledged as exploited in the wild by Microsoft, while CVE-2023-34192 has no public reports of exploitation.
Source: https://thehackernews.com/2025/02/cisa-adds-microsoft-and-zimbra-flaws-to.html
Views: 9