Update KEV: Wed Feb 26 00:11:27 UTC 2025

aboutcode-automation · aboutcode-automation · commit 80d458732453 · 2025-02-26T00:11:27.000Z
Signed-off-by: AboutCode Automation &lt;automation@aboutcode.org&gt;
diff --git a/known_exploited_vulnerabilities.json b/known_exploited_vulnerabilities.json
@@ -1,9 +1,39 @@
 {
     "title": "CISA Catalog of Known Exploited Vulnerabilities",
-    "catalogVersion": "2025.02.24",
-    "dateReleased": "2025-02-24T17:55:31.6365Z",
-    "count": 1278,
+    "catalogVersion": "2025.02.25",
+    "dateReleased": "2025-02-25T20:33:53.3676Z",
+    "count": 1280,
     "vulnerabilities": [
+        {
+            "cveID": "CVE-2023-34192",
+            "vendorProject": "Synacor",
+            "product": "Zimbra Collaboration Suite (ZCS)",
+            "vulnerabilityName": "Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability",
+            "dateAdded": "2025-02-25",
+            "shortDescription": "Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting (XSS) vulnerability that allows a remote authenticated attacker to execute arbitrary code via a crafted script to the \/h\/autoSaveDraft function.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-03-18",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/wiki.zimbra.com\/wiki\/Zimbra_Security_Advisories ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-34192",
+            "cwes": [
+                "CWE-79"
+            ]
+        },
+        {
+            "cveID": "CVE-2024-49035",
+            "vendorProject": "Microsoft",
+            "product": "Partner Center",
+            "vulnerabilityName": "Microsoft Partner Center Improper Access Control Vulnerability",
+            "dateAdded": "2025-02-25",
+            "shortDescription": "Microsoft Partner Center contains an improper access control vulnerability that allows an attacker to escalate privileges.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-03-18",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2024-49035 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-49035",
+            "cwes": [
+                "CWE-269"
+            ]
+        },
         {
             "cveID": "CVE-2024-20953",
             "vendorProject": "Oracle",
@@ -2429,7 +2459,7 @@
             "shortDescription": "Check Point Quantum Security Gateways contain an unspecified information disclosure vulnerability. The vulnerability potentially allows an attacker to access information on Gateways connected to the internet, with IPSec VPN, Remote Access VPN or Mobile Access enabled. This issue affects several product lines from Check Point, including CloudGuard Network, Quantum Scalable Chassis, Quantum Security Gateways, and Quantum Spark Appliances.",
             "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
             "dueDate": "2024-06-20",
-            "knownRansomwareCampaignUse": "Unknown",
+            "knownRansomwareCampaignUse": "Known",
             "notes": "https:\/\/support.checkpoint.com\/results\/sk\/sk182336;   https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-24919",
             "cwes": [
                 "CWE-200"
@@ -13286,10 +13316,10 @@
         {
             "cveID": "CVE-2022-24682",
             "vendorProject": "Synacor",
-            "product": "Zimbra Webmail",
-            "vulnerabilityName": "Synacor Zimbra Webmail Cross-Site Scripting Vulnerability",
+            "product": "Zimbra Collaborate Suite (ZCS)",
+            "vulnerabilityName": "Synacor Zimbra Collaborate Suite (ZCS) Cross-Site Scripting Vulnerability",
             "dateAdded": "2022-02-25",
-            "shortDescription": "Synacor Zimbra webmail clients running versions 8.8.15 P29 & P30 contain a XSS vulnerability that would allow attackers to steal session cookie files.",
+            "shortDescription": "Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting (XSS) vulnerability in the Calendar feature that allows an attacker to execute arbitrary code.",
             "requiredAction": "Apply updates per vendor instructions.",
             "dueDate": "2022-03-11",
             "knownRansomwareCampaignUse": "Known",
