{"id":1554560,"date":"2025-02-25T07:47:23","date_gmt":"2025-02-25T09:47:23","guid":{"rendered":"https:\/\/teknomers.com\/fr\/deux-defauts-de-securite-activement-exploites-dans-adobe-et-oracle-products-signales-par-cisa\/"},"modified":"2025-02-25T07:47:27","modified_gmt":"2025-02-25T09:47:27","slug":"deux-defauts-de-securite-activement-exploites-dans-adobe-et-oracle-products-signales-par-cisa","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/deux-defauts-de-securite-activement-exploites-dans-adobe-et-oracle-products-signales-par-cisa\/","title":{"rendered":"Deux d\u00e9fauts de s\u00e9curit\u00e9 activement exploit\u00e9s dans Adobe et Oracle Products signal\u00e9s par CISA"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">25 f\u00e9vrier 2025<\/span><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">Ravie Lakshmanan<\/span><\/span><span class=\"p-tags\">S\u00e9curit\u00e9 \/ vuln\u00e9rabilit\u00e9 du r\u00e9seau<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><a rel=\"nofollow\" href=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2025\/02\/Deux-defauts-de-securite-activement-exploites-dans-Adobe-et-Oracle.jpg\" style=\"display: block;  text-align: center; clear: left; float: left;\"><\/a><\/div>\n<p>L&#8217;Agence am\u00e9ricaine de s\u00e9curit\u00e9 de cybers\u00e9curit\u00e9 et d&#8217;infrastructure (CISA) a <a rel=\"noopener nofollow\" href=\"https:\/\/www.cisa.gov\/news-events\/alerts\/2025\/02\/24\/cisa-adds-two-known-exploited-vulnerabilities-catalog\" target=\"_blank\">ajout\u00e9<\/a> Deux d\u00e9fauts de s\u00e9curit\u00e9 ayant un impact sur Adobe Coldfusion et Oracle Agile Product Lifecycle Management (PLM) \u00e0 ses vuln\u00e9rabilit\u00e9s exploit\u00e9es connues (<a rel=\"noopener nofollow\" href=\"https:\/\/www.cisa.gov\/known-exploited-vulnerabilities-catalog\" target=\"_blank\">Kev<\/a>) Catalogue, bas\u00e9 sur des preuves d&#8217;exploitation active.<\/p>\n<p>Les vuln\u00e9rabilit\u00e9s en question sont \u00e9num\u00e9r\u00e9es ci-dessous &#8211;<\/p>\n<ul>\n<li><strong><a rel=\"noopener nofollow\" href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2017-3066\" target=\"_blank\">CVE-2017-3066<\/a><\/strong>  (Score CVSS: 9.8) &#8211; Une vuln\u00e9rabilit\u00e9 de d\u00e9s\u00e9rialisation impactant Adobe Coldfusion dans la biblioth\u00e8que Apache Blazeds qui permet une ex\u00e9cution de code arbitraire. (Fix\u00e9 dans <a rel=\"noopener nofollow\" href=\"https:\/\/helpx.adobe.com\/security\/products\/coldfusion\/apsb17-14.html\" target=\"_blank\">Avril 2017<\/a>)<\/li>\n<li><strong><a rel=\"noopener nofollow\" href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2024-20953\" target=\"_blank\">CVE-2024-20953<\/a><\/strong>  (CVSS Score: 8.8) &#8211; Une vuln\u00e9rabilit\u00e9 de d\u00e9s\u00e9rialisation impactant Oracle Agile PLM qui permet \u00e0 un attaquant \u00e0 faible privil\u00e9gi\u00e9 avec un acc\u00e8s au r\u00e9seau via HTTP pour compromettre le syst\u00e8me. (Fix\u00e9 dans <a rel=\"noopener nofollow\" href=\"https:\/\/www.oracle.com\/security-alerts\/cpujan2024.html\" target=\"_blank\">Janvier 2024<\/a>)<\/li>\n<\/ul>\n<p>Il n&#8217;y a actuellement aucun rapport public faisant r\u00e9f\u00e9rence \u00e0 l&#8217;exploitation des vuln\u00e9rabilit\u00e9s, bien qu&#8217;un autre d\u00e9faut impactant Oracle Agile PLM (CVE-2024-21287, score CVSS: 7,5) a subi des abus actifs \u00e0 la fin de l&#8217;ann\u00e9e derni\u00e8re.<\/p>\n<div class=\"dog_two clear\"><center class=\"cf\"><a rel=\"nofollow noopener sponsored\" href=\"https:\/\/thehackernews.uk\/encrypted-attacks-report-d\" target=\"_blank\" title=\"Cybersecurity\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"Cybers\u00e9curit\u00e9\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2025\/02\/Meta-confirme-lattaque-de-logiciels-spyware-zero-clique.jpg\" width=\"727\" height=\"90\"\/><\/a><\/center><\/div>\n<p>Pour att\u00e9nuer les risques pos\u00e9s par des attaques potentielles arminant ces d\u00e9fauts, il est recommand\u00e9 que les utilisateurs prennent des mesures pour appliquer les mises \u00e0 jour n\u00e9cessaires. Les agences f\u00e9d\u00e9rales ont le temps jusqu&#8217;au 17 mars 2025 pour garantir leurs r\u00e9seaux contre les menaces.<\/p>\n<p>Le d\u00e9veloppement intervient alors que la soci\u00e9t\u00e9 de renseignement sur les menaces Greynoise a r\u00e9v\u00e9l\u00e9 des tentatives d&#8217;exploitation actives ciblant le CVE-2023-20198, une faille de s\u00e9curit\u00e9 maintenant r\u00e9gl\u00e9e affectant les appareils Cisco vuln\u00e9rables.<\/p>\n<p>Jusqu&#8217;\u00e0 110 IP malveillants, principalement provenant de la Bulgarie, du Br\u00e9sil et de Singapour, ont \u00e9t\u00e9 li\u00e9s \u00e0 l&#8217;activit\u00e9 malveillante.<\/p>\n<p>&#8220;Deux IP malveillants ont exploit\u00e9 CVE-2018-0171 en d\u00e9cembre 2024 et janvier 2025, provenant de Suisse et des \u00c9tats-Unis &#8211; la m\u00eame p\u00e9riode o\u00f9 le typhon de sel, un groupe de menaces parrain\u00e9 par l&#8217;\u00c9tat chinois, aurait viol\u00e9 des r\u00e9seaux de t\u00e9l\u00e9communications \u00e0 l&#8217;aide de CVE-2010-20198 CVE-20198 CVE-20198 CVE-2023-20198 et CVE-2023-20273, &#8220;L&#8217;\u00e9quipe de recherche Greynoise <a rel=\"noopener nofollow\" href=\"https:\/\/www.greynoise.io\/blog\/greynoise-observes-active-exploitation-of-cisco-vulnerabilities-tied-to-salt-typhoon-attacks\" target=\"_blank\">dit<\/a>.<\/p>\n<p><\/p>\n<div class=\"cf note-b\">Vous avez trouv\u00e9 cet article int\u00e9ressant? Suivez-nous <a rel=\"noopener nofollow\" href=\"https:\/\/twitter.com\/thehackersnews\" target=\"_blank\">Gazouillement <i class=\"icon-font icon-twitter\">\uf099<\/i><\/a>  et <a rel=\"noopener nofollow\" href=\"https:\/\/www.linkedin.com\/company\/thehackernews\/\" target=\"_blank\">Liendin<\/a> Pour lire plus de contenu exclusif que nous publions.<\/div>\n<\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2025\/02\/two-actively-exploited-security-flaws.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\ue80225 f\u00e9vrier 2025\ue804Ravie LakshmananS\u00e9curit\u00e9 \/ vuln\u00e9rabilit\u00e9 du r\u00e9seau L&#8217;Agence am\u00e9ricaine de s\u00e9curit\u00e9 de cybers\u00e9curit\u00e9 et d&#8217;infrastructure (CISA) a ajout\u00e9 Deux d\u00e9fauts de s\u00e9curit\u00e9 ayant un impact sur Adobe Coldfusion et Oracle Agile Product Lifecycle Management (PLM) \u00e0 ses vuln\u00e9rabilit\u00e9s exploit\u00e9es connues (Kev) Catalogue, bas\u00e9 sur des preuves d&#8217;exploitation active. Les vuln\u00e9rabilit\u00e9s en question sont \u00e9num\u00e9r\u00e9es [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1554561,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[4807,274266,274265,21965,4805,4168,79002,274264,4161,274263,6124,429,37939,245,29739,274267,4160,82197,164,17717,1835,238617,246491,4172,14863,79016,4166,4164],"class_list":["post-1554560","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-activement","tag-actualites-de-piratage","tag-actualites-des-pirates","tag-adobe","tag-cisa","tag-comment-pirater","tag-cyber-security-news","tag-cyber-security-news-aujourdhui","tag-cyber-mises-a-jour","tag-cyber-nouvelles","tag-cyberattaques","tag-dans","tag-defauts","tag-deux","tag-exploites","tag-malware-ransomware","tag-mises-a-jour-de-la-cybersecurite","tag-oracle","tag-par","tag-products","tag-securite","tag-securite-de-linformation","tag-securite-du-reseau","tag-securite-informatique","tag-signales","tag-the-hacker-news","tag-violation-de-donnees","tag-vulnerabilite-logicielle"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/1554560","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=1554560"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/1554560\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/1554561"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=1554560"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=1554560"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=1554560"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}