3 CVEs added to CISA's catalog
January 8, 2025 By Jessica Lyons
Cybercriminals are actively exploiting two vulnerabilities in Mitel MiCollab, including a zero-day flaw, alongside a critical remote code execution vulnerability in Oracle WebLogic Server that has been exploited for at least five years.
Here are the three, all of which the US Cybersecurity and Infrastructure Security Agency (CISA) added to its Known Exploited Vulnerabilities Catalog based on evidence of active exploitation:
- CVE-2024-41713 Mitel MiCollab Path Traversal Vulnerability
- CVE-2024-55550 Mitel MiCollab Path Traversal Vulnerability
- CVE-2020-2883 Oracle WebLogic Server Unspecified Vulnerability
Two of the three have been fixed by the respective vendors, but security researchers have sounded warnings for months about the Mitel bugs and for years about Oracle's.