The U.S. Cybersecurity and Infrastructure Security Agency (CISA)\u00a0added<\/a> an OSGeo GeoServer GeoTools eval injection vulnerability, tracked as CVE-2024-36401<\/a> (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog<\/a>.<\/p>\n\n\n\n
According to
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities<\/a>, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.
Experts recommend also private organizations review the Catalog<\/a> and address the vulnerabilities in their infrastructure.
CISA orders federal agencies to fix this vulnerability by\u00a0August 5, 2024.<\/p>\n\n\n\n
Pierluigi Paganini<\/strong><\/a>
Follow me on Twitter: @securityaffairs<\/strong><\/a> and Facebook<\/strong><\/a> and Mastodon<\/strong><\/a><\/p>\n\n\n\n
(<\/strong>SecurityAffairs<\/strong><\/a>\u00a0\u2013<\/strong>\u00a0hacking, US CISA Known Exploited Vulnerabilities catalog<\/a>)<\/strong>