CISA Issues Advisory on 2023's Top Exploited Vulnerabilities, Including Atlassian CVE-2023-22515 and Oracle CVE-2024-21287

The Cybersecurity and Infrastructure Security Agency (CISA), along with international partners including the FBI and NSA, has issued a joint advisory highlighting the top routinely exploited vulnerabilities of 2023. This advisory includes three newly identified Common Vulnerabilities and Exposures (CVEs): Atlassian CVE-2023-22515, PaperCut MF/NG CVE-2023-27350, and OwnCloud CVE-2023-49103. Additionally, CISA has added several critical vulnerabilities to its Known Exploited Vulnerabilities catalog, including issues in VMware vCenter Server and Palo Alto Networks' PAN-OS. Active exploitation of these vulnerabilities has been confirmed, prompting urgent calls for organizations to apply patches. Palo Alto Networks has released critical patches for vulnerabilities in its firewall software, specifically addressing zero-day flaws that are currently being exploited. Furthermore, Oracle has warned about an actively exploited vulnerability in its Agile PLM Framework, identified as CVE-2024-21287, which can leak sensitive data without authentication.