CISA Adds Known Exploited Vulnerabilities to Catalog - 20250115003¶
Overview¶
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
What is the vulnerability?¶
| CVE | Affected Product |
|---|---|
| CVE-2024-12686 | BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) OS Command Injection Vulnerability |
| CVE-2023-48365 | Qlik Sense HTTP Tunneling Vulnerability |
What has been observed?¶
CISA has listed this vulnerabilty in their Known Exploited Vulnerabilties catalog.
Recommendation¶
Due to the report of active exploitation, it is strongly recommended to patch this vulnerability within 2 weeks across all affected platforms as per vendor instructions.