Five recent vulnerabilities being actively exploited have been added to Known Exploited Vulnerabilities Catalog

CISA Adds Five Known Exploited Vulnerabilities to Catalog | CISA

Known Exploited Vulnerabilities Catalog | CISA

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise.

CVE Number CVE Title Remediation Due Date
CVE-2020-11261 Qualcomm Multiple Chipsets Improper Input Validation Vulnerability 06/01/2022
CVE-2018-14847 MikroTik Router OS Directory Traversal Vulnerability 06/01/2022
CVE-2021-37415 Zoho ManageEngine ServiceDesk Authentication Bypass Vulnerability 12/15/2021
CVE-2021-40438 Apache HTTP Server-Side Request Forgery (SSRF) 12/15/2021
CVE-2021-44077 Zoho ManageEngine ServiceDesk Plus Remote Code Execution 12/15/2021