The Cybersecurity and Infrastructure Security Agency has expanded its Known Exploited Vulnerabilities Catalog with 10 new items that serve as a frequent malicious cyber actor’s attack vector and threaten the cybersecurity of the federal enterprise.
CISA said Thursday the catalog stemmed from a binding operational directive that seeks to lower the significant risk of known exploited vulnerabilities to federal information and information systems.
Some of the new additions to the catalog are dotCMS Unrestricted Upload of File Vulnerability, Apache APISIX Authentication Bypass Vulnerability, VMware Tanzu Spring Cloud Function Remote Code Execution Vulnerability, WebRTC Heap Buffer Overflow Vulnerability and Apple Sanbox Bypass Vulnerability. Recommended action is to apply updates per vendor instructions.
Federal civilian executive branch agencies are required to address the gaps by deadline to safeguard their networks. Although not required, all organizations are urged by CISA to prioritize timely remediation of vulnerabilities to reduce exposure to cyber attacks.