CISA publish the known vulnerability catalog for the FCEB agencies but CISA recommend all organization timely remediation of catalog vulnerability to reduce cyber-attack exposure. Yesterday CISA added two more vulnerability in its catalog CVE-2021-35587 and CVE-2022-4135.
CVE-2021-35587 is a vulnerability in Oracle access manager product of Oracle Fusion Middleware and affected versions are 11.1.2.3.0, 12.2.1.3.0 and 12.2.1.4.0. This vulnerability allow attack unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in takeover of Oracle Access Manager.
CVE-2022-4135 is a vulnerability in Google Chrome GPU prior to 107.0.5304.121 which allow attacker who had compromised the rendered process to potentially perform a sandbox escape via a crafted HTML page.
No comments:
Post a Comment