Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

Oracle | BI Publisher (Formerly XML Publisher)

CVE-2019-2616

Oracle BI Publisher Unauthorized Access Vulnerability: Oracle BI Publisher, formerly XML Publisher, contains an unspecified vulnerability that allows for various unauthorized actions. Open-source reporting attributes this vulnerability to allowing for authentication bypass.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Oracle | Java SE

CVE-2015-2590

Oracle Java SE and Java SE Embedded Remote Code Execution Vulnerability: An unspecified vulnerability exists within Oracle Java Runtime Environment that allows an attacker to perform remote code execution.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Oracle | Java SE

CVE-2015-4902

Oracle Java SE Integrity Check Vulnerability: Unspecified vulnerability in Oracle Java SE allows remote attackers to affect integrity via Unknown vectors related to deployment.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Oracle | Java SE

CVE-2012-4681

Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability: The Java Runtime Environment (JRE) component in Oracle Java SE allow for remote code execution.

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Oracle | Java SE

CVE-2012-1723

Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability via Unknown vectors related to Hotspot.

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Oracle | Java SE

CVE-2012-0507

Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability: An incorrect type vulnerability exists in the Concurrency component of Oracle's Java Runtime Environment allows an attacker to remotely execute arbitrary code.

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Apache | Tomcat

CVE-2020-1938

Apache Tomcat Improper Privilege Management Vulnerability: Apache Tomcat treats Apache JServ Protocol (AJP) connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-03
Due Date: 2022-03-17

Additional Notes

Oracle | Java SE JDK and JRE

CVE-2011-3544

Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability: An access control vulnerability exists in the Applet Rhino Script Engine component of Oracle's Java Runtime Environment allows an attacker to remotely execute arbitrary code.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Oracle | VirtualBox

CVE-2008-3431

Oracle VirtualBox Insufficient Input Validation Vulnerability: An input validation vulnerability exists in the VBoxDrv.sys driver of Sun xVM VirtualBox which allows attackers to locally execute arbitrary code.

Related CWE: CWE-264

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Apache | Struts 1

CVE-2017-9791

Apache Struts 1 Improper Input Validation Vulnerability: The Struts 1 plugin in Apache Struts might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-02-10
Due Date: 2022-08-10

Additional Notes

Oracle | WebLogic Server

CVE-2017-10271

Oracle Corporation WebLogic Server Remote Code Execution Vulnerability: Oracle Corporation WebLogic Server contains a vulnerability that allows for remote code execution.

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-02-10
Due Date: 2022-08-10

Additional Notes

Apache | ActiveMQ

CVE-2016-3088

Apache ActiveMQ Improper Input Validation Vulnerability: The Fileserver web application in Apache ActiveMQ allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-02-10
Due Date: 2022-08-10

Additional Notes

Apache | Struts 2

CVE-2012-0391

Apache Struts 2 Improper Input Validation Vulnerability: The ExceptionDelegator component in Apache Struts 2 before 2.2.3.1 contains an improper input validation vulnerability that allows for remote code execution.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-01-21
Due Date: 2022-07-21

Additional Notes

Apache | Struts 1

CVE-2006-1547

Apache Struts 1 ActionForm Denial-of-Service Vulnerability: ActionForm in Apache Struts versions before 1.2.9 with BeanUtils 1.7 contains a vulnerability that allows for denial-of-service (DoS).

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-01-21
Due Date: 2022-07-21

Additional Notes

Apache | Airflow's Experimental API

CVE-2020-13927

Apache Airflow's Experimental API Authentication Bypass: The previous default setting for Airflow's Experimental API was to allow all API requests without authentication.

Related CWEs: CWE-1188| CWE-306

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-01-18
Due Date: 2022-07-18

Additional Notes

Oracle | Intelligence Enterprise Edition

CVE-2020-14864

Oracle Business Intelligence Enterprise Edition Path Transversal: Path traversal vulnerability, where an attacker can target the preview FilePath parameter of the getPreviewImage function to get access to arbitrary system file.

Related CWE: CWE-22

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-01-18
Due Date: 2022-07-18

Additional Notes

Apache | Airflow

CVE-2020-11978

Apache Airflow Command Injection: A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-01-18
Due Date: 2022-07-18

Additional Notes

Oracle | WebLogic Server

CVE-2019-2725

Oracle WebLogic Server, Injection: Injection vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services).

Related CWE: CWE-74

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-01-10
Due Date: 2022-07-10

Additional Notes

Apache | Solr

CVE-2019-0193

Apache Solr DataImportHandler Code Injection Vulnerability: The optional Apache Solr module DataImportHandler contains a code injection vulnerability.

Related CWE: CWE-94

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-12-10
Due Date: 2022-06-10

Additional Notes

Apache | Log4j2

CVE-2021-44228

Apache Log4j2 Remote Code Execution Vulnerability: Apache Log4j2 contains a vulnerability where JNDI features do not protect against attacker-controlled JNDI-related endpoints, allowing for remote code execution.

Related CWEs: CWE-20| CWE-400| CWE-502

Known To Be Used in Ransomware Campaigns? Known

Action: For all affected software assets for which updates exist, the only acceptable remediation actions are: 1) Apply updates; OR 2) remove affected assets from agency networks. Temporary mitigations using one of the measures provided at https://www.cisa.gov/uscert/ed-22-02-apache-log4j-recommended-mitigation-measures are only acceptable until updates are available.

Date Added: 2021-12-10
Due Date: 2021-12-24

Additional Notes

Known Exploited Vulnerabilities Catalog

Subscribe to the KEV Catalog Updates