Update KEV: Wed Jan 8 00:11:30 UTC 2025

aboutcode-automation · aboutcode-automation · commit 2dc48c029a72 · 2025-01-08T00:11:30.000Z
Signed-off-by: AboutCode Automation &lt;automation@aboutcode.org&gt;
diff --git a/known_exploited_vulnerabilities.json b/known_exploited_vulnerabilities.json
@@ -1,9 +1,52 @@
 {
     "title": "CISA Catalog of Known Exploited Vulnerabilities",
-    "catalogVersion": "2025.01.03",
-    "dateReleased": "2025-01-03T20:16:50.6689Z",
-    "count": 1239,
+    "catalogVersion": "2025.01.07",
+    "dateReleased": "2025-01-07T15:00:38.3276Z",
+    "count": 1242,
     "vulnerabilities": [
+        {
+            "cveID": "CVE-2020-2883",
+            "vendorProject": "Oracle",
+            "product": "WebLogic Server",
+            "vulnerabilityName": "Oracle WebLogic Server Unspecified Vulnerability",
+            "dateAdded": "2025-01-07",
+            "shortDescription": "Oracle WebLogic Server, a product within the Fusion Middleware suite, contains an unspecified vulnerability exploitable by an unauthenticated attacker with network access via IIOP or T3.",
+            "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-01-28",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/www.oracle.com\/security-alerts\/cpuapr2020.html ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2020-2883",
+            "cwes": []
+        },
+        {
+            "cveID": "CVE-2024-55550",
+            "vendorProject": "Mitel",
+            "product": "MiCollab",
+            "vulnerabilityName": "Mitel MiCollab Path Traversal Vulnerability",
+            "dateAdded": "2025-01-07",
+            "shortDescription": "Mitel MiCollab contains a path traversal vulnerability that could allow an authenticated attacker with administrative privileges to read local files within the system due to insufficient input sanitization. This vulnerability can be chained with CVE-2024-41713, which allows an unauthenticated, remote attacker to read arbitrary files on the server.",
+            "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-01-28",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/www.mitel.com\/support\/security-advisories\/mitel-product-security-advisory-misa-2024-0029 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-55550",
+            "cwes": [
+                "CWE-22"
+            ]
+        },
+        {
+            "cveID": "CVE-2024-41713",
+            "vendorProject": "Mitel",
+            "product": "MiCollab",
+            "vulnerabilityName": "Mitel MiCollab Path Traversal Vulnerability",
+            "dateAdded": "2025-01-07",
+            "shortDescription": "Mitel MiCollab contains a path traversal vulnerability that could allow an attacker to gain unauthorized and unauthenticated access. This vulnerability can be chained with CVE-2024-55550, which allows an unauthenticated, remote attacker to read arbitrary files on the server.",
+            "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-01-28",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/www.mitel.com\/support\/security-advisories\/mitel-product-security-advisory-misa-2024-0029 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-41713 ",
+            "cwes": [
+                "CWE-22"
+            ]
+        },
         {
             "cveID": "CVE-2024-3393",
             "vendorProject": "Palo Alto Networks",
