all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Alert: Active Exploitation of TP-Link, Apache, and Oracle Vulnerabilities Detected

Add to bookmarks
May 3, 2023, 8:48 p.m. | /u/aptconsulting

cybersecurity www.reddit.com

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) catalog, adding three security flaws due to evidence of active exploitation.

These vulnerabilities are tracked as:

* CVE-2023-1389 (TP-Link Archer AX-21 Command Injection Vulnerability) — CVSS 8.8
* CVE-2021-45046 (Apache Log4j2 Deserialization of Untrusted Data Vulnerability) — CVSS 9.0
* CVE-2023-21839 (Oracle WebLogic Server Unspecified Vulnerability) — CVSS 7.5

CVE-2023-1389 affects TP-Link Archer AX-21 routers and has been exploited by threat actors linked to the …

agency alert apache apache log4j2 catalog cisa command command injection cve cve-2021-45046 cve-2023-1389 cvss cybersecurity data deserialization exploitation exploited flaws infrastructure infrastructure security injection kev known exploited vulnerabilities link log4j2 oracle security security flaws tp-link tp-link archer untrusted vulnerabilities vulnerability

Visit resource

More from www.reddit.com / cybersecurity

Should I be learning Cybersecurity on my primary machine? 7 hours ago | www.reddit.com
accounting auditor cybersecurity free +7
QSA Says we Can't Provide Public WiFi 9 hours ago | www.reddit.com
campus can cybersecurity event +13
Chinese Government Poses 'Bold and Unrelenting' Threat to U.S. Critical Infrastructure, FBI Director Says | … 10 hours ago | www.reddit.com
bureau chinese chinese government critical +10
What is best practice to prevent man in the middle compromising emails? 12 hours ago | www.reddit.com
attack best practice caught cybersecurity +13
High School English Teacher to Cybersecurity Engineer - A How-to Guide 12 hours ago | www.reddit.com
cybersecurity engineer guide high +16
Just me, or is every vendor's website awful. WHAT DO YOU ACTUALLY DO? 13 hours ago | www.reddit.com
article customers cybersecurity edr +17
We have Crowdstrike for our EDR. Can we use it as our primary SIEM? 14 hours ago | www.reddit.com
can cons cost crowdstrike +13
Web API Security Champion: Broken Object Level Authorization (OWASP TOP 10) 14 hours ago | www.reddit.com
api api security authorization broken object level authorization +9
Cisco Warns of Large-Scale Brute-Force Attacks on VPNs 15 hours ago | www.reddit.com
article attacks brute brute-force +8

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Dir-Information Security - Cyber Analytics

@ Marriott International | Bethesda, MD, United States
View on infosec-jobs.com

Security Engineer - Security Operations

@ TravelPerk | Barcelona, Barcelona, Spain
View on infosec-jobs.com

Information Security Mgmt- Risk Assessor

@ JPMorgan Chase & Co. | Bengaluru, Karnataka, India
View on infosec-jobs.com

SAP CO Consultant

@ Atos | Istanbul, TR
View on infosec-jobs.com
View more jobs