silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,143
This week, the Cybersecurity and Infrastructure Security Agency (CISA) added seventeen actively exploited vulnerabilities to the 'Known Exploited Vulnerabilities Catalog.
The 'Known Exploited Vulnerabilities Catalog' is a list of vulnerabilities that have been seen abused by threat actors in attacks and that are required to be patched by Federal Civilian Executive Branch (FCEB) agencies.
"Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise," explains CISA.
"BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information."
CVE Number CVE Title Required Action Due Date CVE-2021-32648 October CMS Improper Authentication 2/1/2022 CVE-2021-21315 System Information Library for node.js Command Injection Vulnerability 2/1/2022 CVE-2021-21975 Server Side Request Forgery in vRealize Operations Manager API Vulnerability 2/1/2022 CVE-2021-22991 BIG-IP Traffic Microkernel Buffer Overflow Vulnerability 2/1/2022 CVE-2021-25296 Nagios XI OS Command Injection Vulnerability 2/1/2022 CVE-2021-25297 Nagios XI OS Command Injection Vulnerability 2/1/2022 CVE-2021-25298 Nagios XI OS Command Injection Vulnerability 2/1/2022 CVE-2021-33766 Microsoft Exchange Server Information Disclosure Vulnerability 2/1/2022 CVE-2021-40870 Aviatrix Controller Unrestricted Upload of File Vulnerability 2/1/2022 CVE-2021-35247 SolarWinds Serv-U Improper Input Validation Vulnerability 02/04/2022 CVE-2020-11978 Apache Airflow Command Injection Vulnerability 7/18/2022 CVE-2020-13671 Drupal Core Unrestricted Upload of File Vulnerability 7/18/2022 CVE-2020-13927 Apache Airflow Experimental API Authentication Bypass Vulnerability 7/18/2022 CVE-2020-14864 Oracle Corporate Business Intelligence Enterprise Edition Path Traversal Vulnerability 7/18/2022 CVE-2006-1547 Apache Struts 1 ActionForm Denial of Service Vulnerability 07/21/2022 CVE-2012-0391 Apache Struts 2 Improper Input Validation Vulnerability 07/21/2022 CVE-2018-8453 Microsoft Windows Win32k Privilege Escalation Vulnerability 07/21/2022