Summary

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog due to evidence of active exploitation. These vulnerabilities affect products from SolarWinds, Ivanti, and Workspace One.

Key Points

• CISA added three security flaws to its KEV catalog on Monday.
• The vulnerabilities are actively exploited, indicating a high threat level.
• CVE-2021-22054 is a server-side request forgery (SSRF) vulnerability in Omnissa Workspace One UEM.
• The CVSS score for CVE-2021-22054 is 7.5, indicating a high severity.
• The vulnerabilities involve products from SolarWinds, Ivanti, and Workspace One.

Analysis

The addition of these vulnerabilities to CISA's KEV catalog underscores the critical nature of these security flaws, particularly given their active exploitation. This highlights the importance for organizations using these products to prioritize patching and mitigation strategies to protect their systems from potential breaches.

Conclusion

IT professionals should immediately assess their systems for these vulnerabilities and apply necessary patches or mitigations. Staying informed and proactive about such vulnerabilities is crucial to maintaining robust cybersecurity defenses.