CISA Adds 13 New Vulnerabilities to Known Exploited list
CISA released its latest update to the Known Exploited Vulnerabilities catalog, adding 13 new vulnerabilities. Nine of the vulnerabilities have a remediation date of February 1 and four of them have a remediation date of July 18.
The list includes an October CMS Improper Authentication, a System Information Library for node.js Command Injection vulnerability, an Oracle Corporate Business Intelligence Enterprise Edition Path Traversal vulnerability, an Apache Airflow Experimental API Authentication Bypass vulnerability, a Drupal Core Unrestricted Upload of File vulnerability, and three Nagios XI OS Command Injection vulnerabilities.
The October CMS Improper Authentication CVE-2021-32648 was allegedly used during a cyberattack on Ukrainian government systems last week. A patch was released in September 2021.
Previously, earlier last month on a wake of Christmas holidays CISA has updated the Known exploitable list.