US Cybersecurity Agency Adds Two Actively Exploited Vulnerabilities to Known Exploited Vulnerabilities Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two security vulnerabilities affecting Adobe ColdFusion and Oracle Agile Product Lifecycle Management (PLM) to its catalog of known exploited vulnerabilities (KEV), due to evidence of active exploitation. The vulnerabilities in question are CVE-2017-3066, a deserialization flaw with a CVSS score of 9.8. These vulnerabilities have been identified as being actively exploited, highlighting the importance of promptly addressing them.