CISA Adds Critical Vulnerabilities in Yii and Commvault Command Center to Exploitable Vulnerabilities Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added critical vulnerabilities in the Yii framework and Commvault Command Center to its catalog of known exploitable vulnerabilities. CISA issued a warning that these vulnerabilities are being actively exploited. Federal agencies have been ordered to patch these vulnerabilities by October 24, 2023. The affected vulnerabilities include CVE-2023-4736 in Yii and CVE-2023-4368 in Commvault Command Center. These flaws can enable attacks such as remote code execution and privilege escalation.