Summary: CISA has alerted U.S. federal agencies to secure their systems against critical vulnerabilities in Oracle WebLogic Server and Mitel MiCollab systems that are currently being exploited in attacks. The agency has added these vulnerabilities to its Known Exploited Vulnerabilities Catalog, emphasizing the urgent need for remediation.
Threat Actor: Unknown | unknown
Victim: U.S. federal agencies | U.S. federal agencies
Key Point :
- CISA has identified three critical vulnerabilities in Oracle WebLogic Server and Mitel MiCollab systems that are actively exploited.
- The vulnerabilities include a critical path traversal flaw in Mitel’s MiCollab, allowing unauthorized administrative actions without authentication.
- Federal agencies must secure their networks by January 28, as mandated by the Binding Operational Directive (BOD) 22-01.
- All organizations are advised to prioritize mitigating these vulnerabilities to prevent ongoing attacks.