Following a cyber attack on MITEL VOIP, the CISA added 8 new CVEs too their KEVs list on June 27th 2022. There are now 787 CVEs on the list. They come recommended with a patch-by date and in this blog we will be taking a look at the CVEs with patch due date falling between (June 27 to July 3, 2022).
We analyzed the CISA Known Exploited Vulnerabilities (KEVs) and found that –
How Far Back Do They Go?
Of the 3 KEVs, 2 vulnerabilities have been around since 2016 and one since 2021.
Which Vendors Are Affected?
CVEs with a patch deadline of June 30, 2022 are associated with SAP and in particular, the Netweaver.
The CVSS severity scores vary from medium to critical.
The following CWEs are associated with a number of vulnerabilities that need to be patched this week.
Table: DHS CISA KEVs
If your organization uses SAP Netweaver, we recommend that you immediately patch the above listed CVEs as they are highly susceptible to attacks.
Every week, we will be providing you with the list of CVEs that need to be patched based on the CISA KEV list.
Keep watching this space for updates.