CISA Flags SolarWinds, Ivanti, and Workspace One Vulnerabilities as Actively Exploited

CISA Flags SolarWinds, Ivanti, and Workspace One Vulnerabilities as Actively Exploited
嗯，用户让我总结一下这篇文章的内容，控制在100字以内。首先，我需要仔细阅读文章，理解主要信息。文章讲的是美国网络安全和基础设施安全局（CISA）新增了三个安全漏洞到他们的已知被利用漏洞目录中。这三个漏洞分别是CVE-2021-22054、CVE-2025-26399和CVE-2026-1603。每个漏洞都有详细的描述和CVSS评分。接下来，我需要确定每个漏洞的主要信息。比如，CVE-2021-22054是一个服务器端请求伪造漏洞，影响Omnissa Workspace One UEM，评分7.5。CVE-2025-26399是SolarWinds Web Help Desk中的反序列化漏洞，评分9.8，并且已经被用于初始访问攻击，可能由Warlock勒索团伙实施。第三个漏洞CVE-2026-1603是Ivanti Endpoint Manager的认证绕过问题，评分8.6，目前还没有被利用的详细报告。然后，CISA要求联邦机构在特定日期前修复这些漏洞，并强调这些漏洞是网络攻击的常见目标，对联邦企业构成重大风险。现在，我需要将这些信息浓缩到100字以内。要抓住关键点：CISA新增三个高危漏洞到目录中，涉及SolarWinds、Omnissa和Ivanti产品；其中两个已被利用；要求联邦机构在指定日期前修复；强调这些漏洞的风险。可能的结构是：开头提到CISA新增三个高危漏洞；接着分别简要描述每个漏洞及其影响；最后提到修复要求和风险。确保语言简洁明了，不使用复杂的术语。避免重复信息，比如每个漏洞的CVSS评分可以省略或合并描述。最后检查字数是否在限制内，并确保所有关键点都被涵盖。 </think> 美国网络安全机构CISA新增三个高危安全漏洞至已知被利用列表中。其中两个已被用于实际攻击：SolarWinds Web Help Desk反序列化漏洞（CVSS 9.8）被用于初始访问攻击；Omnissa Workspace One UEM SSRF漏洞（CVSS 7.5）被用于数据泄露。第三个Ivanti Endpoint Manager认证绕过漏洞暂无活跃利用报告。CISA要求联邦机构于指定日期前完成修复以应对威胁风险。 2026-3-10 06:17:0 Author: thehackernews.com(查看原文) 阅读量:8 收藏

Vulnerability / Enterprise Security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.

The vulnerability list is as follows -

CVE-2021-22054 (CVSS score: 7.5) - A server-side request forgery (SSRF) vulnerability in Omnissa Workspace One UEM (formerly VMware Workspace One UEM) that could allow a malicious actor with network access to UEM to send requests without authentication and to gain access to sensitive information.
CVE-2025-26399 (CVSS score: 9.8) - A deserialization of untrusted data vulnerability in the AjaxProxy component of SolarWinds Web Help Desk that could allow an attacker to run commands on the host machine.
CVE-2026-1603 (CVSS score: 8.6) - An authentication bypass using an alternate path or channel vulnerability in Ivanti Endpoint Manager that could allow a remote unauthenticated attacker to leak specific stored credential data.

The addition of CVE-2025-26399 comes in the wake of reports from Microsoft and Huntress that threat actors are exploiting security flaws in SolarWinds Web Help Desk to obtain initial access. The activity is believed to be the work of the Warlock ransomware crew.

CVE-2021-22054, on the other hand, was flagged by GreyNoise in March 2025 as being exploited in conjunction with several other SSRF vulnerabilities in other products as part of a coordinated campaign.

There are currently no details on how CVE-2026-1603 is being weaponized in the wild. As of writing, Ivanti's security bulletin has not been updated to reflect the exploitation status.

To counter the risk posed by active threats, Federal Civilian Executive Branch (FCEB) agencies have been ordered to apply the fix for SolarWinds Web Help Desk by March 12, 2026, and the remaining two by March 23, 2026.

"These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise," CISA said.

Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.

文章来源: https://thehackernews.com/2026/03/cisa-flags-solarwinds-ivanti-and.html
如有侵权请联系:admin#unsafe.sh