Security News > 2025 > January > CISA Flags Critical Flaws in Mitel and Oracle Systems Amid Active Exploitation
2025-01-08 04:21
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three flaws impacting Mitel MiCollab and Oracle WebLogic Server to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The list of vulnerabilities is as follows - CVE-2024-41713 (CVSS score: 9.1) - A path traversal vulnerability in Mitel MiCollab that could allow an attacker
News URL
https://thehackernews.com/2025/01/cisa-flags-critical-flaws-in-mitel-and.html
Related news
- Two Actively Exploited Security Flaws in Adobe and Oracle Products Flagged by CISA (source)
- CISA Adds Microsoft and Zimbra Flaws to KEV Catalog Amid Active Exploitation (source)
- CISA tags critical Ivanti EPM flaws as actively exploited in attacks (source)
- CISA: Medusa ransomware hit over 300 critical infrastructure orgs (source)
- CISA Warns of Active Exploitation in GitHub Action Supply Chain Compromise (source)
- Critical mySCADA myPRO Flaws Could Let Attackers Take Over Industrial Control Systems (source)
- CISA Adds NAKIVO Vulnerability to KEV Catalog Amid Active Exploitation (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-21 | CVE-2024-41713 | Path Traversal vulnerability in Mitel Micollab A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a path traversal attack, due to insufficient input validation. | 9.1 |