Alert: Active Exploitation of TP-Link, Apache, and Oracle Vulnerabilities Detected

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) catalog, adding three security flaws due to evidence of active exploitation.

These vulnerabilities are tracked as:

* CVE-2023-1389 (TP-Link Archer AX-21 Command Injection Vulnerability) — CVSS 8.8
* CVE-2021-45046 (Apache Log4j2 Deserialization of Untrusted Data Vulnerability) — CVSS 9.0
* CVE-2023-21839 (Oracle WebLogic Server Unspecified Vulnerability) — CVSS 7.5

CVE-2023-1389 affects TP-Link Archer AX-21 routers and has been exploited by threat actors linked to the …

agency alert apache apache log4j2 catalog cisa command command injection cve cve-2021-45046 cve-2023-1389 cvss cybersecurity data deserialization exploitation exploited flaws infrastructure infrastructure security injection kev known exploited vulnerabilities link log4j2 oracle security security flaws tp-link tp-link archer untrusted vulnerabilities vulnerability