Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cisaCISACISA:28B486B568E680DD9C27FB088FAEC3C7
HistoryDec 15, 2021 - 12:00 a.m.

CISA Adds Two Known Exploited Vulnerabilities to Catalog

2021-12-1500:00:00
us-cert.cisa.gov
63

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

JSON

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise.

CVE Number **CVE Title ** Remediation Due Date
CVE-2021-43890 Microsoft Windows AppX Installer Spoofing Vulnerability 12/29/2021
CVE-2021-4102 Google Chromium V8 Engine Use-After-Free Vulnerability 12/29/2021

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise. BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the meet the specified criteria.

This product is provided subject to this Notification and this Privacy & Use policy.

Please share your thoughts.

We recently updated our anonymous product survey; we’d welcome your feedback.

Related

attackerkb 2
thn 4
nessus 9
hivepro 1
prion 2
cve 2
mscve 2
cisa_kev 2
mmpc 1
veracode 1
checkpoint_advisories 1
cnvd 1
ubuntucve 1
debiancve 1
kaspersky 2
avleonov 1
krebs 1
qualysblog 2
suse 4
freebsd 1
openvas 11
mageia 2
chrome 1
malwarebytes 1
threatpost 3
fedora 4
rapid7blog 1
debian 1
osv 1
gentoo 1
attackerkb
attackerkb
CVE-2021-43890
2021-12-15 00:00:00
CVE-2021-4102
2022-02-11 00:00:00
thn
thn
Microsoft Temporarily Disables MSIX App Installers to Prevent Malware Abuse
2022-02-08 03:37:00
Microsoft Disables MSIX App Installer Protocol Widely Used in Malware Attacks
2023-12-29 05:16:00
Microsoft Issues Windows Update to Patch 0-Day Used to Spread Emotet Malware
2021-12-15 07:14:00
nessus
nessus
Microsoft App Installer Security Updates (December 2021)
2022-03-18 00:00:00
Google Chrome < 96.0.4664.110 Multiple Vulnerabilities
2021-12-13 00:00:00
FreeBSD : chromium -- multiple vulnerabilities (fb9ba490-5cc4-11ec-aac7-3065ec8fd3ec)
2021-12-14 00:00:00
hivepro
hivepro
Microsoft released patch for actively exploited spoofing vulnerability
2021-12-16 11:12:29
prion
prion
Spoofing
2021-12-15 15:15:00
Design/Logic Flaw
2022-02-11 23:15:00
cve
cve
CVE-2021-43890
2021-12-15 15:15:00
CVE-2021-4102
2022-02-11 23:15:00
mscve
mscve
Windows AppX Installer Spoofing Vulnerability
2021-12-14 08:00:00
Chromium: CVE-2021-4102 Use after free in V8
2021-12-14 08:00:00
cisa_kev
cisa_kev
Microsoft Windows AppX Installer Spoofing Vulnerability
2021-12-15 00:00:00
Google Chromium V8 Use-After-Free Vulnerability
2021-12-15 00:00:00
mmpc
mmpc
Financially motivated threat actors misusing App Installer
2023-12-28 18:00:00
veracode
veracode
Use After Free
2022-01-20 06:22:11
checkpoint_advisories
checkpoint_advisories
Google Chromium V8 Engine Use-After-Free (CVE-2021-4102)
2022-01-17 00:00:00
cnvd
cnvd
Google Chrome Resource Management Error Vulnerability (CNVD-2022-16304)
2021-12-14 00:00:00
ubuntucve
ubuntucve
CVE-2021-4102
2022-02-11 00:00:00
debiancve
debiancve
CVE-2021-4102
2022-02-11 23:15:00
kaspersky
kaspersky
KLA12386 Multiple vulnerabilities in Microsoft Apps
2021-12-14 00:00:00
KLA12382 Multiple vulnerabilities in Microsoft Browser
2021-12-14 00:00:00
avleonov
avleonov
Microsoft Patch Tuesday December 2021
2021-12-16 20:53:37
krebs
krebs
Microsoft Patch Tuesday, December 2021 Edition
2021-12-14 22:23:44
qualysblog
qualysblog
Microsoft & Adobe Patch Tuesday (December 2021) – Microsoft 83 Vulnerabilities with 7 Critical, 1 Actively Exploited. Adobe 60 Vulnerabilities, 28 critical.
2021-12-14 22:08:33
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR
2022-02-23 05:39:00
suse
suse
Security update for chromium (important)
2021-12-20 00:00:00
Security update for chromium (important)
2021-12-28 00:00:00
Security update for opera (important)
2022-02-21 00:00:00
freebsd
freebsd
chromium -- multiple vulnerabilities
2021-12-13 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2021-0565)
2022-01-28 00:00:00
Microsoft Edge (Chromium-Based) Multiple Vulnerabilities (Dec 2021)
2021-12-15 00:00:00
Microsoft Edge (Chromium-Based) Multiple Vulnerabilities (Feb 2022)
2022-02-04 00:00:00
mageia
mageia
Updated chromium-browser-stable packages fix security vulnerabilities
2021-12-19 15:26:08
Updated qtwebengine5 packages fix security vulnerability
2022-02-05 23:23:13
chrome
chrome
Stable Channel Update for Desktop
2021-12-13 00:00:00
malwarebytes
malwarebytes
After Log4j, December’s Patch Tuesday has snuck up on us
2021-12-16 10:47:28
threatpost
threatpost
Google Chrome Bug Actively Exploited as Zero-Day
2022-03-30 16:14:30
Actively Exploited Microsoft Zero-Day Allows App Spoofing, Malware Delivery
2021-12-14 22:21:35
Chrome Zero-Day Under Active Attack: Patch ASAP
2022-02-15 18:33:28
fedora
fedora
[SECURITY] Fedora 35 Update: qt5-qtwebengine-5.15.8-2.fc35
2022-01-30 01:44:13
[SECURITY] Fedora 34 Update: chromium-96.0.4664.110-3.fc34
2022-01-07 01:12:20
[SECURITY] Fedora 35 Update: chromium-96.0.4664.110-3.fc35
2022-01-29 06:39:34
rapid7blog
rapid7blog
Patch Tuesday - December 2021
2021-12-14 22:12:53
debian
debian
[SECURITY] [DSA 5046-1] chromium security update
2022-01-14 19:31:45
osv
osv
chromium - security update
2022-01-14 00:00:00
gentoo
gentoo
Chromium, Google Chrome: Multiple vulnerabilities
2022-01-31 00:00:00

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

JSON
Related for CISA:28B486B568E680DD9C27FB088FAEC3C7
attackerkb2thn4nessus9hivepro1prion2cve2mscve2cisa_kev2mmpc1veracode1checkpoint_advisories1cnvd1ubuntucve1debiancve1kaspersky2avleonov1krebs1qualysblog2suse4freebsd1openvas11mageia2chrome1malwarebytes1threatpost3fedora4rapid7blog1debian1osv1gentoo1