The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the JetBrains TeamCity flaw CVE-2023-42793 (CVSS score: 9.8) and Windows bug CVE-2023-28229 (CVSS score: 7.0) to its Known Exploited Vulnerabilities Catalog.
Below are the descriptions of the two vulnerabilities:
According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.
Experts recommend also private organizations review the Catalog and address the vulnerabilities in their infrastructure.
CISA orders federal agencies to fix this flaw by October 25, 2023.
This week the US CISA also added a Use-After-Free Vulnerability, tracked as CVE-2023-4211, in Arm Mali GPU Kernel Driver to the Catalog. CISA orders federal agencies to fix this flaw by October 24, 2023.
(SecurityAffairs – hacking, Known Exploited Vulnerabilities catalog)