The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added six new vulnerabilities to its Known Exploited Vulnerabilities Catalog.
Below is the list of vulnerabilities added to the catalog:
According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.
Experts recommend also private organizations review the Catalog and address the vulnerabilities in their infrastructure.
It is interesting to note that only the CVE-2022-40139 is a vulnerability publicly disclosed this year, it is an Improper Validation Vulnerability affecting Trend Micro’s Apex One platform.
CISA is giving federal agencies until October 6th to address the above vulnerabilities.
(SecurityAffairs – hacking, CISA)