US Critical Infrastructure Security Agency (CISA) adds seven new flaws to its Known Exploited Vulnerabilities Catalog, including Microsoft, Linux, and Jenkins bugs.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added seven vulnerabilities to its Known Exploited Vulnerabilities Catalog, including flaws affecting Microsoft, Linux, WSO2, and Jenkins systems

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

Experts recommend also private organizations review the Catalog and address the vulnerabilities in their infrastructure.

The list of vulnerabilities added by CISA to the catalog includes a remote code execution issue (WSO2), privilege escalation flaws (Microsoft/Linux), and a Sandbox Bypass Vulnerability (Jenkins).

Below is the complete list of flaws added by CISA to its catalog in the latest turn:

Known Exploited Vulnerabilities Catalog

The catalog now contains 654 vulnerabilities, including the date that federal agencies must apply the associated patches and security updates.

The above issues have to be addressed by federal agencies by May 16, 2022.


[출처 : SecurityAffairs / 4.26.]