Security News > 2022 > August > CISA adds 7 vulnerabilities to list of bugs exploited by hackers
The U.S. Cybersecurity and Infrastructure Security Agency has added seven vulnerabilities to its list of bugs actively exploited by hackers, with the new flaws disclosed by Apple.
The 'Known Exploited Vulnerabilities Catalog' is a list of vulnerabilities shared by CISA that are known to be actively exploited in cyberattacks and must be patched by Federal Civilian Executive Branch agencies.
"Binding Operational Directive 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise," explains CISA. "BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats."
"Yesterday, the US Cybersecurity and Infrastructure Security Agency added a critical SAP vulnerability-CVE-2022-22536-to its Known Exploited Vulnerabilities Catalog less than one week after details were disclosed at the Black Hat by Onapsis Research Labs," explains a new warning on Onapsis' advisory.
While no information has been shared on how hackers exploited it in attacks, vulnerability researcher Hossein Lotfi discovered more details about the bug.
It is strongly recommended that all security professionals and admins review the Known Exploited Vulnerabilities Catalog and patch listed bugs within their environment.
News URL
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-02-09 | CVE-2022-22536 | HTTP Request Smuggling vulnerability in SAP products SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. | 10.0 |