- CISA announced that the agency has added three new vulnerabilities to the Known Exploited Vulnerabilities catalog.
- The vulnerabilities affect Teclib GLPI, Apache Spark, and Zoho ManageEngine, and they have CVSS scores of 9.8, 8.8, and 6.8, respectively.
- CISA warns FCEB agencies to take measures for those vulnerabilities and urges all organizations to patch their systems against them.
The U.S. Cybersecurity and Infrastructure Security Agency, shortly CISA, has added three new vulnerabilities to its Known Exploited Vulnerabilities catalog and states that those vulnerabilities are being exploited. Those vulnerabilities affect Teclib GLPI, Apache Spark, and Zoho ManageEngine.
Critical, high, and medium-severity flaws
The highest severity vulnerability is CVE-2022-35914, which affects Teclip GLPI, which is an open-source IT and asset management software and has a CVSS severity score of 9.8. This critical vulnerability allows attackers to execute remote code. The first exploitation attempts for GLPI vulnerability were seen in October last year.
The second vulnerability, which can be tracked as CVE-2022-33891, affects Apache Spark, which is an analytics and data science engine. The vulnerability has a CVSS score of 8.8, which allows attackers to inject commands into the engine.
The last vulnerability, which can be tracked as CVE-2022-28810, has a rather lower severity score in the CVSS system with 6.8 points. It affects Zoho ManageEngine’s ADSelfService Plus and allows attackers the execute remote code in the system.
The Federal Civilian Executive Branch (FCEB) agencies take the necessary steps for these vulnerabilities immediately. CISA also urges all organizations to patch their systems for related vulnerabilities to reduce the risk of a hacking incident.