Here is a summary of the key points from the article regarding the recent CISA alert:
CISA (Cybersecurity and Infrastructure Security Agency) has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog because there is evidence they are being actively exploited.
The vulnerabilities are:
CVE-2019-9874: Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
CVE-2019-9875: Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
These types of vulnerabilities are common attack vectors for cybercriminals and present significant risks, especially to U.S. federal agencies.
Binding Operational Directive (BOD) 22-01 established this catalog, aiming to reduce significant risks from known exploited vulnerabilities. This directive mandates that Federal Civilian Executive Branch (FCEB) agencies must remediate these issues by a specified deadline to protect federal networks.
While the directive only formally applies to federal agencies, CISA strongly urges all organizations (public and private) to address these vulnerabilities as soon as possible to reduce their risk.
The catalog is actively maintained and updated as new exploited vulnerabilities are identified.
For more information, organizations can refer to the BOD 22-01 Fact Sheet and are encouraged to integrate the remediation of cataloged vulnerabilities into their regular vulnerability management practices.