CISA Active Exploit List – January 2022
by Artie Kaye
The US Cybersecurity and Infrastructure Security Agency have added several items to their list of must address exploits. As these are actively being used by attackers in the wild it is recommended to resolve the issues. Below are the companies, CVE numbers, and links to the solutions for said problems. (Links open in a new tab/window.)
Company | CVE | Platform | Details |
---|---|---|---|
Apple | CVE-2022-42856 | Multiple | https://support.apple.com/en-us/HT213516 |
Citrix | CVE-2022-27518 | ADC, Gateway | https://www.citrix.com/blogs/2022/12/13/critical-security-update-now-available-for-citrix-adc-citrix-gateway/ |
Fortinet | CVE-2022-42475 | FortiOS | https://www.fortiguard.com/psirt/FG-IR-22-398 |
CVE-2022-4262 | Desktop | https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop.html | |
Microsoft | CVE-2022-44698 | Windows SmartScreen | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44698 |
TIBCO | CVE-2018-18809 | JasperReports Library | https://www.tibco.com/support/advisories/2019/03/tibco-security-advisory-march-6-2019-tibco-jasperreports-library-2018-18809 |
CVE-2018-5430 | JasperReports Server | https://www.tibco.com/support/advisories/2018/04/tibco-security-advisory-april-17-2018-tibco-jasperreports-2018-5430 | |
Veeam | CVE-2022-26501 CVE-2022-26500 | Backup and Replication | https://www.veeam.com/kb4288 |
For a more comprehensive list of all vulnerabilities, visit cisa.gov (Opens in a new tab/window.)