The US Cybersecurity and Infrastructure Safety Company (CISA) on Tuesday added three flaws affecting Mitel MiCollab and Oracle WebLogic Server to its Identified Exploited Vulnerabilities (KEV) catalog, citing proof of lively exploitation.
Following is the checklist of weaknesses-
- CVE-2024-41713 (CVSS Rating: 9.1) – Passage vulnerability in Mitel MiCollab that might enable an attacker to achieve unauthorized and unauthenticated entry.
- CVE-2024-55550 (CVSS Rating: 4.4) – A traversal vulnerability in Mitel MiCollab that might enable an authenticated attacker with administrative privileges to learn native information throughout the system as a result of inadequate enter sanitization.
- CVE-2020-2883 (CVSS Rating: 9.8) – A safety vulnerability in Oracle WebLogic Server that might be exploited by an unauthenticated attacker with community entry by way of IIOP or T3.
It is price noting that CVE-2024-41713 might be mixed with CVE-2024-55550 to permit an unauthenticated, distant attacker to learn arbitrary information on a server.
Particulars in regards to the two flaws adopted a report from Watchtower Labs final month, which was a part of an effort to duplicate one other crucial situation in Mitel My Calabash (CVE-2024-35286, CVSS Rating: 9.8). However found the problems that have been made in Might 2024. .
As for CVE-2020-2883, Oracle warned in late April 2020 that it had “acquired stories of makes an attempt to use a number of not too long ago found vulnerabilities, together with CVE-2020-2883.” have occurred.”
There are presently no particulars accessible on how the aforementioned flaws are exploited in real-world assaults, who’s exploiting them, or the targets of those actions.
In accordance with Binding Operational Directive (BOD) 22-01, Federal Civilian Govt Department (FCEB) businesses should apply the mandatory updates to safe their networks by January 28, 2025.
