CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

CVE-2024-36401 OSGeo GeoServer GeoTools Eval Injection Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See theÂBOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Leave a Reply

Your email address will not be published. Required fields are marked *

Explore More

Police Swoop on €645m Cannabis Investment Fraud Gang

April 15, 2024 0 Comments 0 tags

Nine arrests and millions of euros seized in bid to bust JuicyFields investment scammers

Read More

Infostealers Prevalent in Retail Sector Cybercrime Trends

April 3, 2024 0 Comments 0 tags

The findings from Netskope also show a shift in the retail sector’s use of cloud applications

Read More

Bad Bots Drive 10% Annual Surge in Account Takeover Attacks

April 16, 2024 0 Comments 0 tags

Malicious bots now represent a third of all internet traffic, says Imperva

Read More