The U.S. CISA has added seven vulnerabilities to its Known Exploited Vulnerabilities Catalog, including flaws affecting Microsoft, Linux, WSO2, and Jenkins systems
According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.
The list of vulnerabilities added by CISA to the catalog includes a remote code execution issue (WSO2), privilege escalation flaws in Microsoft/Linux, and a Sandbox Bypass Vulnerability (Jenkins).
Below is the complete list of flaws added by CISA to its catalog in the latest turn:
The catalog now contains 654 vulnerabilities, including the date that federal agencies must apply the associated patches and security updates.The above issues have to be addressed by federal agencies by May 16, 2022.