{"id":8357,"date":"2022-07-01T10:48:06","date_gmt":"2022-07-01T10:48:06","guid":{"rendered":"https:\/\/webdev.securin.xyz\/?post_type=patch_watch&p=8357"},"modified":"2023-02-17T13:24:31","modified_gmt":"2023-02-17T20:24:31","slug":"dhs-cisa-kevs-weekly-edition-9-patch-before-you-hit-the-deadline","status":"publish","type":"patch_watch","link":"https:\/\/10.42.32.162\/patch_watch\/dhs-cisa-kevs-weekly-edition-9-patch-before-you-hit-the-deadline\/","title":{"rendered":"DHS CISA KEVs Weekly Edition 9: Patch Before you Hit the Deadline"},"content":{"rendered":"

Following a cyber attack on MITEL VOIP, the CISA added 8 new CVEs too their KEVs list on June 27th 2022. There are now 787 CVEs on the list. They come recommended with a patch-by date and in this blog we will be taking a look at the CVEs with patch due date falling between (June 27 to July 3, 2022).<\/p>\n

We analyzed the CISA Known Exploited Vulnerabilities (KEVs) and found that –<\/p>\n

\"\"<\/p>\n

How Far Back Do They Go?<\/h2>\n

Of the 3 KEVs, 2 vulnerabilities have been around since 2016 and one since 2021.<\/p>\n

\"\"<\/p>\n

Which Vendors Are Affected?<\/h2>\n

CVEs with a patch deadline of June 30, 2022 are associated with SAP and in particular, the Netweaver.<\/p>\n

\"\"<\/p>\n

Severity Scores<\/h2>\n

The CVSS severity scores vary from medium to critical.<\/p>\n

\"\"<\/p>\n

Software Weaknesses<\/h2>\n

The following CWEs are associated with a number of vulnerabilities that need to be patched this week.<\/p>\n

\"\"
\n