3Corns - CISA Adds One Known Exploited Vulnerability to Catalog
CISA Adds One Known Exploited Vulnerability to Catalog
The Cybersecurity and Infrastructure Security Agency (CISA) has added a newly identified vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog after confirming evidence of active exploitation.
CVE-2024-21182 Oracle WebLogic Server Vulnerability
Vulnerabilities of this nature are commonly targeted by threat actors and can present serious security risks to federal systems and networks.
Under Binding Operational Directive (BOD) 22-01, which was established to reduce the risks posed by actively exploited vulnerabilities, the KEV Catalog serves as an evolving list of Common Vulnerabilities and Exposures (CVEs) that pose significant threats to the federal enterprise. The directive requires Federal Civilian Executive Branch (FCEB) agencies to remediate listed vulnerabilities by specified deadlines to help safeguard federal networks from ongoing cyber threats. Additional details are available in the BOD 22-01 Fact Sheet.
While compliance with BOD 22-01 is mandatory only for FCEB agencies, CISA strongly recommends that all organizations prioritize the prompt remediation of vulnerabilities included in the KEV Catalog as part of their vulnerability management programs. CISA will continue updating the catalog with vulnerabilities that meet its inclusion criteria.
