Fact-check: The article accurately references CISA's official activities in the Critical Infrastructure situation, with claims supported by the provided CISA Alerts source and URL, which aligns with verified reporting on vulnerability catalogs. There are no evident contradictions or unsourced elements, as CISA routinely updates and mandates remediation for such vulnerabilities. This consistency with known practices from a reliable government agency confirms its trustworthiness.
CISA Adds Four Known Exploited Vulnerabilities to Catalog
CISA has added four newly confirmed exploited vulnerabilities to its Known Exploited Vulnerabilities catalog, including flaws in Sangoma FreePBX, GitLab Community and Enterprise Editions, and SolarWinds Web Help Desk. The vulnerabilities span improper authentication, SSRF, deserialization of untrusted data, and OS command injection. Federal Civilian Executive Branch agencies are required to remediate these by specified due dates, and CISA urges all organizations to prioritize patching.