Home > Security > Security News

Mitel and Oracle Systems Flaws Under Active Exploitation, CISA Warns

Published
Written by:
Lore Apostol
Lore Apostol
Cybersecurity & Streaming Writer

Three new vulnerabilities affecting Mitel MiCollab and Oracle WebLogic Server were flagged as being under active exploitation: CVE-2024-41713 (CVSS score: 9.1), CVE-2024-55550 (CVSS score: 4.4), and CVE-2020-2883 (CVSS score: 9.8).

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added these to its Known Exploited Vulnerabilities (KEV) catalog on Tuesday.

CVE-2024-41713 is a critical path traversal vulnerability in Mitel MiCollab that could allow a remote, unauthenticated attacker to gain unauthorized access, while CVE-2024-55550 is a path traversal vulnerability in Mitel MiCollab affecting authenticated administrators, enabling them to read local files on the system due to lack of input sanitization.  

These two CVEs can be chained to enable unauthenticated, remote attackers to read arbitrary files on compromised servers, amplifying the risks associated with these vulnerabilities. 

CVE-2020-2883 is a vulnerability in Oracle WebLogic Server that can be exploited by an unauthenticated attacker with network access via IIOP or T3 protocols.

WatchTowr Labs first reported on these issues last month as part of their research associated with another critical Mitel MiCollab bug (CVE-2024-35286, CVSS score 9.8), which Mitel patched in May 2024.

Regarding the Oracle WebLogic Server security vulnerability, Oracle issued warnings as early as April 2020 about malicious attempts to exploit CVE-2020-2883—shortly after its patch release. IIOP and T3’s network access requirements offer cybercriminals a broad attack surface, with potentially severe consequences for unpatched systems.

Under Binding Operational Directive 22-01, Federal Civilian Executive Branch (FCEB) agencies must apply patches for these vulnerabilities by January 28, 2025, to mitigate risk and protect against potential attacks. 

No specific information is yet available on active exploitation details, such as attacker profiles or targeted systems.

Last year, hackers targeted Oracle Weblogic Server flaws for crypto mining in two cases: one by the 8220 Gang and the other involving a Linux-based malware known as Hadooken.


Add a Comment
Related
License Plate Camera Reader
US License Plate Readers Leak Live Streams and Vehicle Data due to Misconfiguration
Redis
Critical Redis Server Flaws Allow Remote Code Execution and DoS Attacks
AWS
AWS Tools and Stolen Credentials Exploited by EC2 Grouper Hackers Targeting Cloud Environments
Hacker in Red and with glasses and artistic look
Novel ‘DoubleClickjacking’ Attack Aims at Website Compromise and Account Takeover 
7Zip
Hacker Leaks Alleged Proof-of-Concept for Zero-Day Vulnerability in 7-Zip
U.S. Treasury Department
US Treasury Breached via BeyondTrust’s Remote Support by Chinese State-Sponsored Actors
Most Popular
Reacher
All we know About Reacher Season 3
MTV The Challenge
Who won MTV The Challenge Season 40?
Shows shut down due to the L.A. fires 2025
From Fallout to Grey’s Anatomy: What TV and Movie Productions Shutdown due to the L.A. Fires?
Abbott Elementary and It's Always Sunny in Philadelphia
What Happened in the Abbott Elementary and It’s Always Sunny in Philadelphia Crossover?
Stephen Baldwin in Special Forces World's Toughest Test Season 3
Special Forces: World’s Toughest Test Season 3- Why did Stephen Baldwin Depart After just 1 day?
PayPal Phishing
Scammers Create Spoofed PayPal Credentials with Extreme Likeness
All we know About Reacher Season 3
Who won MTV The Challenge Season 40?
From Fallout to Grey’s Anatomy: What TV and Movie Productions Shutdown due to the L.A. Fires?
What Happened in the Abbott Elementary and It’s Always Sunny in Philadelphia Crossover?
Special Forces: World’s Toughest Test Season 3- Why did Stephen Baldwin Depart After just 1 day?
Scammers Create Spoofed PayPal Credentials with Extreme Likeness

Most Popular
Reacher
All we know About Reacher Season 3
MTV The Challenge
Who won MTV The Challenge Season 40?
Shows shut down due to the L.A. fires 2025
From Fallout to Grey’s Anatomy: What TV and Movie Productions Shutdown due to the L.A. Fires?
Abbott Elementary and It's Always Sunny in Philadelphia
What Happened in the Abbott Elementary and It’s Always Sunny in Philadelphia Crossover?
Stephen Baldwin in Special Forces World's Toughest Test Season 3
Special Forces: World’s Toughest Test Season 3- Why did Stephen Baldwin Depart After just 1 day?
PayPal Phishing
Scammers Create Spoofed PayPal Credentials with Extreme Likeness
All we know About Reacher Season 3
Who won MTV The Challenge Season 40?
From Fallout to Grey’s Anatomy: What TV and Movie Productions Shutdown due to the L.A. Fires?
What Happened in the Abbott Elementary and It’s Always Sunny in Philadelphia Crossover?
Special Forces: World’s Toughest Test Season 3- Why did Stephen Baldwin Depart After just 1 day?
Scammers Create Spoofed PayPal Credentials with Extreme Likeness

© 2025 TechNadu, a part of Leaprove Media LLP. All Rights Reserved.

Close lightbox
Facebook
Twitter
Linkedin
Reddit
Email
Copy Link
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: