Ransomware Q2 & Q3 Report is live now!

DHS CISA KEVs Weekly Edition 9: Patch Before you Hit the Deadline

Posted on Jul 1, 2022 | By Supriya Aluri

Following a cyber attack on MITEL VOIP, the CISA added 8 new CVEs too their KEVs list on June 27th 2022. There are now 787 CVEs on the list. They come recommended with a patch-by date and in this blog we will be taking a look at the CVEs with patch due date falling between (June 27 to July 3, 2022).

We analyzed the CISA Known Exploited Vulnerabilities (KEVs) and found that -

How Far Back Do They Go?

Of the 3 KEVs, 2 vulnerabilities have been around since 2016 and one since 2021. 

Which Vendors Are Affected?

CVEs with a patch deadline of June 30, 2022 are associated with SAP and in particular, the Netweaver. 

Severity Scores

The CVSS severity scores vary from medium to critical.

Software Weaknesses

The following CWEs are associated with a number of vulnerabilities that need to be patched this week.


 

              Table: DHS CISA KEVs

 

If your organization uses SAP Netweaver, we recommend that you immediately patch the above listed CVEs as they are highly susceptible to attacks. 

Every week, we will be providing you with the list of CVEs that need to be patched based on the CISA KEV list. 

Keep watching this space for updates.

Never miss a patch or an update with CSW's Patch Watch Newsletter. Subscribe now!

Test your defense to know how secure you are…