Threat Advisories - NVD Disclosed January 18, 2023

CVE-2023-21608

Adobe Reader Code Execution Vulnerability.

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

A vulnerability in Adobe Acrobat and Reader could allow attackers to execute code if a user opens a malicious file. This impacts organizations by posing a risk to individual user systems if malicious documents are opened. The business risk is associated with potential unauthorized control of a user's system.

NVD published: January 18, 2023 • CISA KEV

CVE advisoryKnown Exploit

CVE-2022-47966

ManageEngine Products Remote Code Execution Vulnerability.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A vulnerability in multiple Zoho ManageEngine products allows remote code execution. This impacts affected systems, potentially leading to unauthorized access and control. Business risk includes compromise of data and operational disruption.

NVD published: January 18, 2023 • CISA KEV

CVE advisoryKnown Exploit

CVE-2023-21839

Oracle WebLogic Server: Unauthorized Data Access Risk.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A vulnerability in Oracle WebLogic Server allows unauthenticated attackers with network access to compromise the server and gain unauthorized access to critical data. This poses a risk to organizational data confidentiality.

NVD published: January 18, 2023 • CISA KEV