{"id":1555805,"date":"2025-02-26T04:13:09","date_gmt":"2025-02-26T06:13:09","guid":{"rendered":"https:\/\/teknomers.com\/fr\/cisa-ajoute-des-defauts-de-microsoft-et-zimbra-au-catalogue-kev-au-milieu-de-lexploitation-active\/"},"modified":"2025-02-26T04:13:14","modified_gmt":"2025-02-26T06:13:14","slug":"cisa-ajoute-des-defauts-de-microsoft-et-zimbra-au-catalogue-kev-au-milieu-de-lexploitation-active","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/cisa-ajoute-des-defauts-de-microsoft-et-zimbra-au-catalogue-kev-au-milieu-de-lexploitation-active\/","title":{"rendered":"CISA ajoute des d\u00e9fauts de Microsoft et Zimbra au catalogue KEV au milieu de l&#8217;exploitation active"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">26 f\u00e9vrier 2025<\/span><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">Ravie Lakshmanan<\/span><\/span><span class=\"p-tags\">S\u00e9curit\u00e9 \/ vuln\u00e9rabilit\u00e9 de l&#8217;entreprise<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><a rel=\"nofollow\" href=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2025\/02\/CISA-ajoute-des-defauts-de-Microsoft-et-Zimbra-au-catalogue.png\" style=\"clear: left; display: block; float: left;  text-align: center;\"><\/a><\/div>\n<p>L&#8217;Agence am\u00e9ricaine de s\u00e9curit\u00e9 de la cybers\u00e9curit\u00e9 et des infrastructures (CISA) <a rel=\"noopener nofollow\" href=\"https:\/\/www.cisa.gov\/news-events\/alerts\/2025\/02\/25\/cisa-adds-two-known-exploited-vulnerabilities-catalog\" target=\"_blank\">mis<\/a> Deux d\u00e9fauts de s\u00e9curit\u00e9 ayant un impact sur Microsoft Partner Center et Synacor Zimbra Collaboration Suite (ZCS) \u00e0 ses vuln\u00e9rabilit\u00e9s exploit\u00e9es connues (<a rel=\"noopener nofollow\" href=\"https:\/\/www.cisa.gov\/known-exploited-vulnerabilities-catalog\" target=\"_blank\">Kev<\/a>) Catalogue, bas\u00e9 sur des preuves d&#8217;exploitation active.<\/p>\n<p>Les vuln\u00e9rabilit\u00e9s en question sont les suivantes &#8211;<\/p>\n<ul>\n<li><strong><a rel=\"noopener nofollow\" href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2024-49035\" target=\"_blank\">CVE-2024-49035<\/a><\/strong>  (CVSS Score: 8.7) &#8211; Une vuln\u00e9rabilit\u00e9 de contr\u00f4le d&#8217;acc\u00e8s incorrect dans Microsoft Partner Center qui permet \u00e0 un attaquant de d\u00e9g\u00e9n\u00e9rer les privil\u00e8ges. (Fix\u00e9 en novembre 2024)<\/li>\n<\/ul>\n<ul>\n<li><strong><a rel=\"noopener nofollow\" href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2023-34192\" target=\"_blank\">CVE-2023-34192<\/a><\/strong>  (Score CVSS: 9.0) &#8211; Une vuln\u00e9rabilit\u00e9 de script de sites crois\u00e9es (XSS) dans Synacor ZCS qui permet \u00e0 un attaquant authentifi\u00e9 distant d&#8217;ex\u00e9cuter du code arbitraire via un script fabriqu\u00e9 \u00e0 la fonction \/ h \/ autosaverafre. (Fix\u00e9 dans <a rel=\"noopener nofollow\" href=\"https:\/\/wiki.zimbra.com\/wiki\/Zimbra_Security_Advisories\" target=\"_blank\">Juillet 2023<\/a> avec la version 8.8.15 Patch 40)<\/li>\n<\/ul>\n<div class=\"dog_two clear\"><center class=\"cf\"><a rel=\"nofollow noopener sponsored\" href=\"https:\/\/thehackernews.uk\/saas-security-v2-d\" target=\"_blank\" title=\"Cybersecurity\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"Cybers\u00e9curit\u00e9\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2025\/02\/1738603713_19_PYPI-introduit-le-statut-darchives-pour-alerter-les-utilisateurs-sur.png\" width=\"727\" height=\"90\"\/><\/a><\/center><\/div>\n<p>L&#8217;ann\u00e9e derni\u00e8re, Microsoft a reconnu que le CVE-2024-49035 avait \u00e9t\u00e9 exploit\u00e9 dans la nature, mais n&#8217;a r\u00e9v\u00e9l\u00e9 aucun d\u00e9tail suppl\u00e9mentaire sur la fa\u00e7on dont il a \u00e9t\u00e9 arm\u00e9 dans des attaques r\u00e9elles. Il n&#8217;y a actuellement aucun rapport public sur les abus int\u00e9gr\u00e9s du CVE-2023-34192.<\/p>\n<p>\u00c0 la lumi\u00e8re du d\u00e9veloppement, les agences f\u00e9d\u00e9rales de direction civile (FCEB) sont mandat\u00e9es pour appliquer les mises \u00e0 jour n\u00e9cessaires d&#8217;ici le 18 mars 2025 pour s\u00e9curiser leurs r\u00e9seaux.<\/p>\n<p>Le d\u00e9veloppement survient un jour apr\u00e8s que la CISA a ajout\u00e9 deux d\u00e9fauts de s\u00e9curit\u00e9 ayant un impact sur la gestion du cycle de vie des produits Adobe Coldfusion et Oracle Agile (PLM) \u00e0 son catalogue connu vuln\u00e9rabilit\u00e9s exploit\u00e9es (KEV), sur la base de preuves d&#8217;exploitation active.<\/p>\n<p><\/p>\n<div class=\"cf note-b\">Vous avez trouv\u00e9 cet article int\u00e9ressant? Suivez-nous <a rel=\"noopener nofollow\" href=\"https:\/\/twitter.com\/thehackersnews\" target=\"_blank\">Gazouillement <i class=\"icon-font icon-twitter\">\uf099<\/i><\/a>  et <a rel=\"noopener nofollow\" href=\"https:\/\/www.linkedin.com\/company\/thehackernews\/\" target=\"_blank\">Liendin<\/a> Pour lire plus de contenu exclusif que nous publions.<\/div>\n<\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2025\/02\/cisa-adds-microsoft-and-zimbra-flaws-to.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\ue80226 f\u00e9vrier 2025\ue804Ravie LakshmananS\u00e9curit\u00e9 \/ vuln\u00e9rabilit\u00e9 de l&#8217;entreprise L&#8217;Agence am\u00e9ricaine de s\u00e9curit\u00e9 de la cybers\u00e9curit\u00e9 et des infrastructures (CISA) mis Deux d\u00e9fauts de s\u00e9curit\u00e9 ayant un impact sur Microsoft Partner Center et Synacor Zimbra Collaboration Suite (ZCS) \u00e0 ses vuln\u00e9rabilit\u00e9s exploit\u00e9es connues (Kev) Catalogue, bas\u00e9 sur des preuves d&#8217;exploitation active. Les vuln\u00e9rabilit\u00e9s en question sont [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1555806,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[9261,274266,274265,12361,12364,4805,4168,79002,274264,4161,274263,6124,37939,133,67979,14592,274267,8362,1975,4160,238617,246491,4172,79016,4166,4164,12362],"class_list":["post-1555805","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-active","tag-actualites-de-piratage","tag-actualites-des-pirates","tag-ajoute","tag-catalogue","tag-cisa","tag-comment-pirater","tag-cyber-security-news","tag-cyber-security-news-aujourdhui","tag-cyber-mises-a-jour","tag-cyber-nouvelles","tag-cyberattaques","tag-defauts","tag-des","tag-kev","tag-lexploitation","tag-malware-ransomware","tag-microsoft","tag-milieu","tag-mises-a-jour-de-la-cybersecurite","tag-securite-de-linformation","tag-securite-du-reseau","tag-securite-informatique","tag-the-hacker-news","tag-violation-de-donnees","tag-vulnerabilite-logicielle","tag-zimbra"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/1555805","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=1555805"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/1555805\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/1555806"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=1555805"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=1555805"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=1555805"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}