The Cybersecurity and Infrastructure Security Agency has added two known exploited cyber vulnerabilities posing serious risks to federal agencies to its catalog.
Federal civilian executive branch agencies are ordered to address the newly identified vulnerabilities by January 19 to protect their networks against active cyberthreats in compliance with the Binding Operational Directive 22-01, CISA said Thursday.
Vulnerabilities discovered include an information disclosure vulnerability in the TIBCO JasperReports Server as well as a directory traversal vulnerability in the TIBCO JasperReports Library.
While BOD 22-01 is only applicable to federal agencies, CISA suggests that all organizations correct these vulnerabilities in a timely manner.