CISA Adds One Known Exploited Vulnerability to Catalog

Summary:

The Cybersecurity and Infrastructure Security Agency (CISA) has added a new vulnerability, CVE-2023-22527, to its Known Exploited Vulnerabilities Catalog. This vulnerability, Atlassian Confluence Data Center and Server Template Injection Vulnerability, is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. While BOD 22-01 requires Federal Civilian Executive Branch agencies to remediate identified vulnerabilities by the due date, CISA strongly urges all organizations to prioritize timely remediation of these vulnerabilities as part of their vulnerability management practice to reduce their exposure to cyberattacks.