The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three flaws impacting Mitel MiCollab and Oracle WebLogic Server to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.

The list of vulnerabilities is as follows -

CVE-2024-41713 (CVSS score: 9.1) - A path traversal vulnerability in Mitel MiCollab that could allow an attacker to gain unauthorized and unauthenticated access CVE-2024-55550 (CVSS score: 4.4) - A path traversal vulnerability in Mitel MiCollab that could allow an authenticated attacker with administrative privileges to read local files within the system due to insufficient input sanitization

CVE-2020-2883 (CVSS score: 9.8) - A security vulnerability in Oracle WebLogic Server that could be exploited by an unauthenticated attacker with network access via IIOP or T3. Pursuant to Binding Operational Directive (BOD) 22-01, Federal Civilian Executive Branch (FCEB) agencies are required to apply the necessary updates by January 28, 2025, to secure their networks.

‍