On July 17, 2024, the Cybersecurity & Infrastructure Security Agency (CISA) issued an Alert adding three vulnerabilities to its Known Vulnerabilities Catalog. The three vulnerabilities related to Adobe, SolarWinds, and VMWare products are:

• CVE-2024-34102 Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability
• CVE-2024-28995 SolarWinds Serv-U Path Traversal Vulnerability
• CVE-2022-22948 VMware vCenter Server Incorrect Default File Permissions Vulnerability

These vulnerabilities are being actively exploited by threat actors and mitigation efforts are outlined in the Alert.