CISA Known Exploited Vulnerabilities (KEV)

CVE-2012-0391 - Apache Struts 2 Improper Input Validation Vulnerability -

Action Due Jul 21, 2022 Target Vendor : Apache

Description : The ExceptionDelegator component in Apache Struts 2 before 2.2.3.1 contains an improper input validation vulnerability that allows for remote code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2012-0391

CVE-2021-21315 - System Information Library for Node.JS Command Injection -

Action Due Feb 01, 2022 Target Vendor : Npm package

Description : In this vulnerability, an attacker can send a malicious payload that will exploit the name parameter. After successful exploitation, attackers can execute remote.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-21315

CVE-2021-22991 - F5 BIG-IP Traffic Management Microkernel Buffer Overflow -

Action Due Feb 01, 2022 Target Vendor : F5

Description : The Traffic Management Microkernel of BIG-IP ASM Risk Engine has a buffer overflow vulnerability, leading to a bypassing of URL-based access controls.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-22991

CVE-2020-14864 - Oracle Business Intelligence Enterprise Edition Path Transversal -

Action Due Jul 18, 2022 Target Vendor : Oracle

Description : Path traversal vulnerability, where an attacker can target the preview FilePath parameter of the getPreviewImage function to get access to arbitrary system file.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-14864

CVE-2020-13671 - Drupal core Un-restricted Upload of File -

Action Due Jul 18, 2022 Target Vendor : Drupal

Description : Improper sanitization in the extension file names is present in Drupal core.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-13671

CVE-2020-11978 - Apache Airflow Command Injection -

Action Due Jul 18, 2022 Target Vendor : Apache

Description : A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-11978

CVE-2020-13927 - Apache Airflow's Experimental API Authentication Bypass -

Action Due Jul 18, 2022 Target Vendor : Apache

Description : The previous default setting for Airflow's Experimental API was to allow all API requests without authentication.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-13927

CVE-2021-25296 - Nagios XI OS Command Injection -

Action Due Feb 01, 2022 Target Vendor : Nagios

Description : Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-25296

CVE-2021-25297 - Nagios XI OS Command Injection -

Action Due Feb 01, 2022 Target Vendor : Nagios

Description : Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-25297

CVE-2021-25298 - Nagios XI OS Command Injection -

Action Due Feb 01, 2022 Target Vendor : Nagios

Description : Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-25298

CVE-2021-40870 - Aviatrix Controller Unrestricted Upload of File -

Action Due Feb 01, 2022 Target Vendor : Aviatrix

Description : Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-40870

CVE-2021-32648 - October CMS Improper Authentication -

Action Due Feb 01, 2022 Target Vendor : October CMS

Description : In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-32648

CVE-2021-33766 - Microsoft Exchange Server Information Disclosure -

Action Due Feb 01, 2022 Target Vendor : Microsoft

Description : Microsoft Exchange Server contains an information disclosure vulnerability which can allow an unauthenticated attacker to steal email traffic from target.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-33766

CVE-2021-21975 - VMware Server Side Request Forgery in vRealize Operations Manager API -

Action Due Feb 01, 2022 Target Vendor : VMware

Description : Server Side Request Forgery (SSRF) in vRealize Operations Manager API prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API to perform a SSRF attack to steal administrative credentials.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known Detected Jan 18, 2022

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-21975

CVE-2019-2725 - Oracle WebLogic Server, Injection -

Action Due Jul 10, 2022 Target Vendor : Oracle

Description : Injection vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services).

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known Detected Jan 10, 2022

Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-2725

CVE-2017-1000486 - Primetek Primefaces Remote Code Execution Vulnerability -

Action Due Jul 10, 2022 Target Vendor : Primetek

Description : Primetek Primefaces is vulnerable to a weak encryption flaw resulting in remote code execution

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-1000486

CVE-2019-7609 - Kibana Arbitrary Code Execution -

Action Due Jul 10, 2022 Target Vendor : Elastic

Description : Kibana contain an arbitrary code execution flaw in the Timelion visualizer.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-7609

CVE-2019-9670 - Synacor Zimbra Collaboration Suite (ZCS) Improper Restriction of XML External Entity Reference -

Action Due Jul 10, 2022 Target Vendor : Synacor

Description : Synacor Zimbra Collaboration Suite (ZCS) contains an improper restriction of XML external entity (XXE) vulnerability in the mailboxd component.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-9670

CVE-2021-27860 - FatPipe WARP, IPVPN, and MPVPN Configuration Upload exploit -

Action Due Jan 24, 2022 Target Vendor : FatPipe

Description : A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software allows a remote, unauthenticated attacker to upload a file to any location on the filesystem.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-27860

CVE-2021-22017 - VMware vCenter Server Improper Access Control -

Action Due Jan 24, 2022 Target Vendor : VMware

Description : Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-22017