The Cybersecurity and Infrastructure Security Agency (CISA) has identified a new vulnerability, CVE-2022-27926, in Zimbra Collaboration (ZCS) that allows cross-site scripting (XSS) attacks.
Such vulnerabilities are frequently used by cybercriminals to exploit systems, and pose significant risks to organizations.
The Known Exploited Vulnerabilities Catalog, established by the Binding Operational Directive (BOD) 22-01, is a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise.
BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats.
While BOD 22-01 only applies to FCEB agencies, CISA strongly recommends all organizations prioritize the timely remediation of Catalog vulnerabilities as part of their vulnerability management practice to reduce their exposure to cyberattacks.
Organizations can view newly added vulnerabilities in the catalog by clicking on the arrow in the “Date Added to Catalog” column. CISA will continue to add vulnerabilities that meet the specified criteria to the catalog, which can help organizations identify potential security risks and prioritize remediation efforts.
As cyberattacks continue to increase in frequency and sophistication, it is critical that organizations take proactive measures to secure their systems and data against threats.
