CISA Warns of Sitecore RCE Flaws; Active Exploits Hit Next.js and DrayTek Devices

CISA Warns of Sitecore RCE Flaws; Active Exploits Hit Next.js and DrayTek Devices

/in

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two six-year-old security flaws impacting Sitecore CMS and Experience Platform (XP) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The vulnerabilities are listed below –

CVE-2019-9874 (CVSS score: 9.8) – A deserialization vulnerability in the Sitecore.Security.AntiCSRF

The Hacker News – ​Read More

Internet Archive (Archive.org) Goes Down Following “Power Outage”NetApp SnapCenter Flaw Could Let Users Gain Remote Admin Access on Plug-In SystemsNetApp SnapCenter Flaw Could Let Users Gain Remote Admin Access on Plug-In ...