CISA known exploited database update

config/known_exploited_vulnerabilities.csv

@@ -972,3 +972,7 @@
 "CVE-2022-31199","Netwrix","Auditor","Netwrix Auditor Insecure Object Deserialization Vulnerability","2023-07-11","Netwrix Auditor User Activity Video Recording component contains an insecure objection deserialization vulnerability that allows an unauthenticated, remote attacker to execute code as the NT AUTHORITY\SYSTEM user. Successful exploitation requires that the attacker is able to reach port 9004/TCP, which is commonly blocked by standard enterprise firewalling.","Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.","2023-08-01","Patch application requires login to customer portal: https://security.netwrix.com/Account/SignIn?ReturnUrl=%2FAdvisories%2FADV-2022-003"
 "CVE-2022-29303","SolarView","Compact","SolarView Compact Command Injection Vulnerability","2023-07-13","SolarView Compact contains a command injection vulnerability due to improper validation of input values on the send test mail console of the product's web server.","Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.","2023-08-03","https://jvn.jp/en/vu/JVNVU92327282/"
 "CVE-2023-37450","Apple","Multiple Products","Apple Multiple Products WebKit Code Execution Vulnerability","2023-07-13","Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that can allow an attacker to execute code when processing web content.","Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.","2023-08-03","https://support.apple.com/en-us/HT213823"
+"CVE-2023-36884","Microsoft","Office and Windows","Microsoft Office and Windows HTML Remote Code Execution Vulnerability","2023-07-17","Microsoft Office and Windows contain an unspecified vulnerability that allows an attacker to perform remote code execution via a specially crafted Microsoft Office document.","Follow ""CVE-2023-36884 Specific Recommendations"" per vendor instructions. [https://www.microsoft.com/en-us/security/blog/2023/07/11/storm-0978-attacks-reveal-financial-and-espionage-motives/]","2023-08-07","Required actions will be modified if and when the vendor releases as an update addressing the vulnerability. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36884"
+"CVE-2023-3519","Citrix","NetScaler ADC and NetScaler Gateway","Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability","2023-07-19","Citrix NetScaler ADC and NetScaler Gateway contains a code injection vulnerability that allows for unauthenticated remote code execution.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.","2023-08-09","https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467"
+"CVE-2023-29298","Adobe","ColdFusion","Adobe ColdFusion Improper Access Control Vulnerability","2023-07-20","Adobe ColdFusion contains an improper access control vulnerability that allows for a security feature bypass.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.","2023-08-10","https://helpx.adobe.com/security/products/coldfusion/apsb23-40.html"
+"CVE-2023-38205","Adobe","ColdFusion","Adobe ColdFusion Improper Access Control Vulnerability","2023-07-20","Adobe ColdFusion contains an improper access control vulnerability that allows for a security feature bypass.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.","2023-08-10","https://helpx.adobe.com/security/products/coldfusion/apsb23-47.html"