The U.S. Cybersecurity and Infrastructure Security Agency (CISA)\u00a0added<\/a> an Oracle WebLogic Server vulnerability to its Known Exploited Vulnerabilities (KEV) catalog<\/a>.<\/p>\n\n\n\n
The issue, tracked as CVE-2017-3506<\/a> (CVSS score 7.4), is an OS command injection.<\/p>\n\n\n\n
According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities<\/a>, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.
Experts recommend also private organizations review the Catalog<\/a> and address the vulnerabilities in their infrastructure.
CISA orders federal agencies to fix these vulnerabilities by June 24, 2024.<\/p>\n\n\n\n
Pierluigi Paganini<\/strong><\/a>
Follow me on Twitter: @securityaffairs<\/strong><\/a> and Facebook<\/strong><\/a> and Mastodon<\/a><\/p>\n\n\n\n
(<\/strong>SecurityAffairs<\/strong><\/a>\u00a0\u2013<\/strong>\u00a0hacking, Known Exploited Vulnerabilities catalog<\/a>)<\/strong>