{"id":8325,"date":"2022-08-19T09:55:08","date_gmt":"2022-08-19T09:55:08","guid":{"rendered":"https:\/\/webdev.securin.xyz\/?post_type=patch_watch&p=8325"},"modified":"2023-02-17T13:29:40","modified_gmt":"2023-02-17T20:29:40","slug":"dhs-cisa-kevs-weekly-edition-15-patch-before-you-hit-the-deadline","status":"publish","type":"patch_watch","link":"https:\/\/10.42.32.162\/patch_watch\/dhs-cisa-kevs-weekly-edition-15-patch-before-you-hit-the-deadline\/","title":{"rendered":"DHS CISA KEVs Weekly Edition 15: Patch Before You Hit the Deadline"},"content":{"rendered":"

In this blog we will be taking a look at the CVEs that need to be patched by August 25, 2022. CISA added the Zimbra Collaborator vulnerability (CVE-2022-27924) to the KEV list on August 4, 2022, and has instructed organizations to patch it by August 25. This indicates that this CVE is highly exploited by threat actors and needs attention immediately. The Atlassian Confluence vulnerability (CVE-2022-26138) is also a critical CVE that needs to be patched as soon as possible. Let\u2019s look at the analysis of all the vulnerabilities below:<\/p>\n

\"\"<\/p>\n

How Far Back Do They Go?<\/h2>\n

Of the 5 KEVs, 2 vulnerabilities were discovered in 2017. The oldest vulnerability dates back to 2014.<\/p>\n

\"\"<\/p>\n

Which Vendors Are Affected?<\/h2>\n

Microsoft has the most number of vulnerabilities (3) that need to be patched by August 25, 2022. The other vulnerabilities are in Zimbra and Atlassian Confluence servers which have also been targeted recently.<\/p>\n

\"\"<\/p>\n

Severity Scores<\/h2>\n

Patching these vulnerabilities is of high priority, as most of them rank high and critical on the CVSS scoring scale.<\/p>\n

\"\"<\/p>\n

Software Weaknesses<\/h2>\n

The following CWEs have caused the 5 vulnerabilities that need to be patched this week.<\/p>\n

\"\"<\/p>\n

One CVE does not have any associated CWE.\n<\/p>\n