CISA says Oracle and Mitel have critical security flaws being exploited

Posted by:
John Harrison
Fri, 10 Jan
0 Comment
Feature image

The US Cybersecurity and Infrastructure Security Agency (CISA) has identified and added three new vulnerabilities to its Exploited Vulnerabilities Catalog (KEV). These vulnerabilities impact Mitel’s MiCollab unified communications platform and Oracle WebLogic Server. The bugs in MiCollab, tracked as CVE-2024-41713 and CVE-2024-55550, allow threat actors to gain unauthorized access and administrative privileges, potentially compromising user and network information. The third bug, CVE-2020-2883 in Oracle WebLogic Server, enables remote access to vulnerable endpoints. Federal agencies have until late January 2025 to patch these vulnerabilities to mitigate risks. CISA emphasized the importance of addressing such vulnerabilities promptly due to the significant risks they pose to the federal enterprise. Mitel’s MiCollab, a widely used platform, remains a prime target for cybercriminals, as evidenced by recent patches to fix zero-day vulnerabilities.

Tags:

0 0 votes
Article Rating
Subscribe
Notify of
guest

0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments