CISA has included a new vulnerability, CVE-2024-40711 related to Veeam Backup and Replication Deserialization, in its Known Exploited Vulnerabilities Catalog. This catalog, a result of Binding Operational Directive 22-01, lists Common Vulnerabilities and Exposures posing risks to federal enterprises and mandates agencies to remediate these vulnerabilities. While the directive applies to Federal Civilian Executive Branch agencies, CISA advises all organizations to promptly address catalog vulnerabilities to enhance cybersecurity
The agency will continue updating the catalog with vulnerabilities meeting defined criteria, reinforcing the importance of vulnerability management practices in mitigating cyber threats. https://www.cisa.gov/news-events/alerts/2024/10/17/cisa-adds-one-known-exploited-vulnerability-catalog