CISA (Cybersecurity and Infrastructure Security Agency) has identified and added seven new vulnerabilities to its Known Exploited Vulnerabilities Catalog, signaling ongoing exploitation of these security weaknesses.
The vulnerabilities encompass various systems, such as Ruckus Wireless Products, Red Hat Polkit, Linux Kernel, Jenkins User Interface, Oracle Java SE and JRockit, and Apache Tomcat. These vulnerabilities are frequently targeted by malicious cyber actors and pose significant risks to federal enterprises and other organizations.
CISA’s Binding Operational Directive (BOD) 22-01 established the Known Exploited Vulnerabilities Catalog, a dynamic list of Common Vulnerabilities and Exposures (CVEs) that pose substantial risks to the federal enterprise. BOD 22-01 mandates Federal Civilian Executive Branch (FCEB) agencies to promptly address identified vulnerabilities to safeguard FCEB networks against active threats.
While BOD 22-01 applies specifically to FCEB agencies, CISA strongly encourages all organizations to prioritize the timely remediation of vulnerabilities listed in the catalog as part of their vulnerability management practices.
By proactively addressing vulnerabilities, organizations can minimize their exposure to cyberattacks and enhance their overall security posture.
CISA will continue to update the Known Exploited Vulnerabilities Catalog with new vulnerabilities that meet the specified criteria, further assisting organizations in identifying and addressing potential risks.
