CISA addS three new bugs to KEV - two in Mitel’s MiCollab, and one in Oracle WebLogic Server The bugs allowed crooks to read sensitive files and take over vulnerable endpoints Federal agencies have until late January 2025 to deploy the patch The US Cybersecurity and Infrastructure Security Agency (CISA) HAS added three new flaws to its Exploited Vulnerabilities Catalog (KEV),

CISA says two recently disclosed path traversal vulnerabilities in the Mitel MiCollab collaboration platform have been exploited in attacks.

CVEs added to CISA's catalog Cybercriminals are actively exploiting two vulnerabilities in Mitel MiCollab, including a zero-day flaw, alongside a critical remote code execution vulnerability in Oracle WebLogic Server that has been exploited for at least five years.

CISA has warned U.S. federal agencies to secure their systems against critical vulnerabilities in Oracle WebLogic Server and Mitel MiCollab systems that are actively exploited in attacks.

CISA added the flaws to its known vulnerability catalog, recommending swift patching pursuant to Binding Operational Directive (BOD) 22-01.

CISA lists critical flaws in Mitel MiCollab (CVE-2024-41713, CVE-2024-55550) and Oracle WebLogic (CVE-2020-2883).