CISA Known Exploited Vulnerabilities

This dashboard displays the latest vulnerabilities published by the Cybersecurity & Infrastructure Security Agency (CISA).

CVE-2019-8394

Zoho ManageEngine ServiceDesk Plus (SDP) File Upload Vulnerability

Vendor: Zoho

Product: ManageEngine

Added: 2021-11-03

Due Date: 2022-05-03

Description:

Zoho ManageEngine ServiceDesk Plus (SDP) contains an unspecified vulnerability that allows remote users to upload files via login page customization.

Required Action:

Apply updates per vendor instructions.

CWEs:

CWE-434

CVE-2020-29583

Zyxel Multiple Products Use of Hard-Coded Credentials Vulnerability

Vendor: Zyxel

Product: Multiple Products

Added: 2021-11-03

Due Date: 2022-05-03

Description:

Zyxel firewalls (ATP, USG, VM) and AP Controllers (NXC2500 and NXC5500) contain a use of hard-coded credentials vulnerability in an undocumented account ("zyfwp") with an unchangeable password.

Required Action:

Apply updates per vendor instructions.

CWEs:

CWE-522