• 發布單位:TWCERT/CC
• 更新日期:2024-10-04
• 點閱次數:665

• 內容說明：

CISA於9/16至9/22在Known Exploited Vulnerabilities Catalog(KEV)中發布11個已遭駭客利用之漏洞。

• 影響平台：

受影響廠商與產品名稱如下：
Adobe｜Flash Player
Apache｜HugeGraph-Server
Ivanti｜Cloud Services Appliance (CSA)
Microsoft｜SQL Server
Microsoft｜Windows
Oracle｜ADF Faces
Oracle｜WebLogic Server
Progress｜WhatsUp Gold

• 處置建議：

修補說明請參考以下官方連結：
Adobe｜Flash Player
https://www.adobe.com/products/flashplayer/end-of-life-alternative.html#eol-alternative-faq
Apache｜HugeGraph-Server
https://lists.apache.org/thread/nx6g6htyhpgtzsocybm242781o8w5kq9
Ivanti｜Cloud Services Appliance (CSA)
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-4-6-Cloud-Services-Appliance-CVE-2024-8963
Microsoft｜SQL Server
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2020-0618
Microsoft｜Windows
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43461
Oracle｜ADF Faces
https://www.oracle.com/security-alerts/cpuapr2022.html
Oracle｜WebLogic Server
https://www.oracle.com/security-alerts/cpujul2020.html
Progress｜WhatsUp Gold
https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-August-2024

• CVE編號：

CVE-2013-0643
CVE-2013-0648
CVE-2014-0497
CVE-2014-0502
CVE-2020-0618
CVE-2020-14644
CVE-2022-21445
CVE-2024-27348
CVE-2024-6670
CVE-2024-8963
CVE-2024-43461