CISA Exploits for Google, IBM, Microsoft, Oracle and more

CISA adds 15 exploited vulnerabilities from Google, IBM, Microsoft, Oracle and more to catalog

CISA Exploits for Google, IBM, Microsoft, Oracle and more

CISA adds 15 exploited vulnerabilities from Google, IBM, Microsoft, Oracle and more to catalog

This week, the Cybersecurity and Infrastructure Security Agency (CISA) added 15 vulnerabilities to its Known Exploited Vulnerabilities Catalog. Three of the vulnerabilities need to be remediated by federal civilian agencies before January 24, while the rest have remediation dates of July 10. 

CISA said the list is "based on evidence that threat actors are actively exploiting the vulnerabilities" and noted that the vulnerabilities are "a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise."

The most urgent additions include a VMware vCenter Server Improper Access Control vulnerability, a Hikvision Improper Input Validation vulnerability and a FatPipe WARP, IPVPN, and MPVPN Privilege Escalation vulnerability.