Microsoft Outlook Privilege Elevation Vulnerability (CVE-2023-23397)
CISA added a zero-day vulnerability affecting Microsoft Outlook that is actively exploited in the wild. Microsoft has released a patch for the vulnerability as part of their March 2023 Patch Tuesday.
VMware Cloud Foundation remote code execution vulnerability via XStream (CVE-2021-39144)
CISA identified VMware products to the CVE-2021-39144 vulnerability in its Known Exploited Vulnerabilities (KEV) catalog following confirmation from VMware that this bug is being exploited since December 2022.
Veeam Backup & Replication Vulnerability (CVE-2023-27532)
A vulnerability been found in Veeam Backup & Replication that enables an unauthenticated user to request encrypted credentials, which can give them access to server hosts used for backup infrastructure.