![\"\"](\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/03\/patchwatch_27_image1-1024x559.png\")
<\/p>\nThe US CyberSecurity and Infrastructure Security Agency (CISA) has been close ly following threat actors, new variants, and the vulnerabilities that are being exploited in the wild. Based on these, CISA added 18 vulnerabilities in the first two months of 2023.\u00a0 In this blog, we will take a look at the vulnerabilities that CISA requires the federal agencies to patch by February 28, 2023. From our analysis, we have found:<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
All 7 vulnerabilities are weaponized and have been exploited in the wild.<\/p>\n<\/li>\n
CVE-2023-21674<\/a>\u00a0and\u00a0CVE-2022-41080<\/a>\u00a0are Microsoft privilege escalation vulnerabilities. CVE-2022-41080 chained with the ProxyNotShell vulnerability CVE-2022-41082 is exploited by attackers to achieve privilege escalation through Outlook Web Access (OWA).<\/p>\n<\/li>\n CVE-2022-21587<\/a>\u00a0is a vulnerability in Oracle Business Suite that allows an unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator.<\/p>\n<\/li>\n CVE-2022-47966<\/a>\u00a0affects multiple Zoho ManageEngine products. It is an unauthenticated remote code execution vulnerability caused by the usage of an outdated third-party dependency, Apache Santuario.<\/p>\n<\/li>\n CVE-2017-11357<\/a>\u00a0is a vulnerability in RadAsyncUpload, Telerik that can result in file uploads in a limited location and\/or remote code execution if exploited.<\/p>\n<\/li>\n Multiple SugarCRM products contain a remote code execution vulnerability,\u00a0CVE-2023-22952<\/a>\u00a0in the EmailTemplates. Using a specially crafted request, custom PHP code can be injected through the EmailTemplates.<\/p>\n<\/li>\n
![\"\"](\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/03\/patchwatch_27_image2-1024x724.png\")
<\/p>\n![\"\"](\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/03\/patchwatch_27_image3-1024x682.png\")
<\/p>\n![\"\"](\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/03\/patchwatch_27_image4-1024x849.png\")
<\/p>\n![\"\"](\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/03\/patchwatch_27_image5-1024x625.png\")
<\/p>\n