Security News > 2022 > January > CISA adds 17 vulnerabilities to list of bugs exploited in attacks
This week, the Cybersecurity and Infrastructure Security Agency added seventeen actively exploited vulnerabilities to the 'Known Exploited Vulnerabilities Catalog.
The 'Known Exploited Vulnerabilities Catalog' is a list of vulnerabilities that have been seen abused by threat actors in attacks and that are required to be patched by Federal Civilian Executive Branch agencies.
With the addition of these 17 vulnerabilities, the catalog now contains a total of 341 vulnerabilities and includes the date by which agencies must apply security updates to resolve the bug.
Of particular interest are the CVE-2021-32648 and CVE-2021-35247 vulnerabilities, which were disclosed this week to be actively exploited in attacks.
The new 'SolarWinds Serv-U Improper Input Validation' vulnerability tracked as CVE-2021-35247 was discovered by Microsoft to be exploited to propagate Log4j attacks to Windows domain controllers configured as LDAP servers.
While attacks using the Serv-U vulnerability ultimately failed, as Windows domain controllers are not vulnerable to Log4j exploits, CISA requires agencies to fix the vulnerability by February 4th, 2022.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-10 | CVE-2021-35247 | Improper Input Validation vulnerability in Solarwinds Serv-U Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized. | 5.0 |
| 2021-08-26 | CVE-2021-32648 | Unspecified vulnerability in Octobercms October octobercms in a CMS platform based on the Laravel PHP Framework. | 9.1 |