The Cybersecurity and Infrastructure Security Agency (CISA) has added a new vulnerability to its Known Exploited Vulnerabilities Catalog (CVE-2023-26360).
This type of vulnerability is frequently used by malicious cyber actors and poses a significant risk to federal enterprise systems.
The Known Exploited Vulnerabilities Catalog is a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise.
It was established under Binding Operational Directive (BOD) 22-01, which requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats.
While BOD 22-01 is specific to FCEB agencies, CISA urges all organizations to prioritize timely remediation of Catalog vulnerabilities as part of their vulnerability management practice to reduce their exposure to cyberattacks.
Additionally, catalog serves as a valuable resource to identify vulnerabilities and take the necessary steps to prevent exploitation. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
In conclusion, the addition of the CVE-2023-26360 Adobe ColdFusion Improper Access Control Vulnerability to the Known Exploited Vulnerabilities Catalog serves as a reminder of the importance of vulnerability management practices.
