Het CSIRT-DSP maakt op wekelijkse basis een selectie van kwetsbaarheden, waarbij het CSIRT-DSP de inschatting heeft gemaakt dat deze relevant zijn voor digitale dienstverleners.
Het betreft een selectie van 'Medium' en 'High' kwetsbaarheden. Voor de inschatting hiervan wordt er gebruik gemaakt van de CVSS 3.1 base scores indien deze beschikbaar zijn. Indien deze niet beschikbaar zijn, zal dit worden aangegeven met 'n/a'.
High
Oracle (alle) producten
https://www.oracle.com/security-alerts/cpujan2022.html (10.0-2.7)
Zabbix
https://nvd.nist.gov/vuln/detail/CVE-2022-23131 (9.1)
Arista EOS
https://nvd.nist.gov/vuln/detail/CVE-2021-28506 (9.1)
https://nvd.nist.gov/vuln/detail/CVE-2021-28501 (9.1)
https://nvd.nist.gov/vuln/detail/CVE-2021-28500 (9.1)
Citrix Hypervisor
https://nvd.nist.gov/vuln/detail/CVE-2021-28704 (8.8)
https://nvd.nist.gov/vuln/detail/CVE-2021-28705 (7.8)
Gitlab CE / EE
https://nvd.nist.gov/vuln/detail/CVE-2021-39946 (8.7)
https://nvd.nist.gov/vuln/detail/CVE-2022-0244 (8.6)
https://nvd.nist.gov/vuln/detail/CVE-2022-0154 (7.5)
Palo Alto Networks Cortex XDR Agent
https://nvd.nist.gov/vuln/detail/CVE-2022-0015 (7.8)
Teamviewer
https://nvd.nist.gov/vuln/detail/CVE-2021-34858 (7.8)
Juniper Networks
Contrail Service Orchestration
https://nvd.nist.gov/vuln/detail/CVE-2022-22152 (7.7)
Junos OS
https://nvd.nist.gov/vuln/detail/CVE-2022-22159 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-22173 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-22170 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-22171 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-22163 (7.4)
https://nvd.nist.gov/vuln/detail/CVE-2022-22176 (7.4)
https://nvd.nist.gov/vuln/detail/CVE-2022-22162 (7.3)
Junos OS Evolved
https://nvd.nist.gov/vuln/detail/CVE-2022-22170 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-22171 (7.5)
MX Series
https://nvd.nist.gov/vuln/detail/CVE-2022-22153 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-22161 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-22175 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-22178 (7.5)
SRX Series
https://nvd.nist.gov/vuln/detail/CVE-2022-22153 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-22175 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-22178 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-22157 (7.2)
https://nvd.nist.gov/vuln/detail/CVE-2022-22167 (7.2)
QFX5000 Series / EX4600
https://nvd.nist.gov/vuln/detail/CVE-2022-22174 (7.5)
Zoho
ManageEngine Desktop Central / Desktop Central MSP
https://nvd.nist.gov/vuln/detail/CVE-2021-44757 (n/a)
ManageEngine CloudSecurityPlus
https://nvd.nist.gov/vuln/detail/CVE-2021-44651 (n/a)
Imperva Web Application Firewall
https://nvd.nist.gov/vuln/detail/CVE-2021-45468 (n/a)
Medium
Palo Alto Networks Cortex XDR Agent
https://nvd.nist.gov/vuln/detail/CVE-2022-0014 (6.7)
https://nvd.nist.gov/vuln/detail/CVE-2022-0012 (6.1)
https://nvd.nist.gov/vuln/detail/CVE-2022-0013 (5.0)
Cisco
Adaptive Security Device Manager
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asdm-logging-jnLOY422 (5.5)
Prime Infrastructure / Evolved Programmable Network Manager
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-path-trav-zws324yn (6.5-6.1)
Prime Access Registrar
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-prime-reg-xss-zLOz8PfB (4.8)
Secure Network Analytics
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sna-xss-NXOxDhRQ (6.1)
Security Manager
https://nvd.nist.gov/vuln/detail/CVE-2022-20635 (6.1)
https://nvd.nist.gov/vuln/detail/CVE-2022-20636 (6.1)
https://nvd.nist.gov/vuln/detail/CVE-2022-20637 (6.1)
https://nvd.nist.gov/vuln/detail/CVE-2022-20638 (6.1)
https://nvd.nist.gov/vuln/detail/CVE-2022-20639 (6.1)
https://nvd.nist.gov/vuln/detail/CVE-2022-20640 (6.1)
https://nvd.nist.gov/vuln/detail/CVE-2022-20641 (6.1)
https://nvd.nist.gov/vuln/detail/CVE-2022-20642 (6.1)
https://nvd.nist.gov/vuln/detail/CVE-2022-20643 (6.1)
https://nvd.nist.gov/vuln/detail/CVE-2022-20644 (6.1)
https://nvd.nist.gov/vuln/detail/CVE-2022-20645 (6.1)
https://nvd.nist.gov/vuln/detail/CVE-2022-20646 (6.1)
https://nvd.nist.gov/vuln/detail/CVE-2022-20647 (6.1)
Tetration
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tetr-cmd-injc-skrwGO (6.5)
Gitlab CE / EE
https://nvd.nist.gov/vuln/detail/CVE-2022-0151 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-0090 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-0152 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2021-39942 (4.3)
https://nvd.nist.gov/vuln/detail/CVE-2021-39892 (4.3)
https://nvd.nist.gov/vuln/detail/CVE-2022-0124 (4.3)
https://nvd.nist.gov/vuln/detail/CVE-2022-0125 (4.3)
Huawei CloudEngine
https://www.huawei.com/en/psirt/security-advisories/2022/huawei-sa-20220112-01-invalid-en (6.5)
https://www.huawei.com/en/psirt/security-advisories/2022/huawei-sa-20220112-01-infodis-en (4.4)
Juniper Networks
ACX5448
https://nvd.nist.gov/vuln/detail/CVE-2022-22155 (6.5)
Junos Fusion
https://nvd.nist.gov/vuln/detail/CVE-2022-22154 (6.8)
Junos OS
https://nvd.nist.gov/vuln/detail/CVE-2022-22166 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-22156 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-22179 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-22172 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-22169 (5.9)
https://nvd.nist.gov/vuln/detail/CVE-2022-22177 (5.3)
Juniper Networks Junos OS Evolved
https://nvd.nist.gov/vuln/detail/CVE-2022-22164 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-22172 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-22169 (5.9)
https://nvd.nist.gov/vuln/detail/CVE-2022-22177 (5.3)
MX Series
https://nvd.nist.gov/vuln/detail/CVE-2022-22160 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-22168 (6.5)
Zabbix
https://nvd.nist.gov/vuln/detail/CVE-2022-23133 (6.3)
Arista EOS
https://nvd.nist.gov/vuln/detail/CVE-2021-28507 (5.5)
Docker Desktop
https://nvd.nist.gov/vuln/detail/CVE-2021-45449 (n/a)
Jenkins
https://nvd.nist.gov/vuln/detail/CVE-2022-20612 (4.3)
Active Directory Plugin
https://nvd.nist.gov/vuln/detail/CVE-2022-23105 (n/a)
Badge Plugin
https://nvd.nist.gov/vuln/detail/CVE-2022-23108 (n/a)
Batch Task plugin
https://nvd.nist.gov/vuln/detail/CVE-2022-23115 (n/a)
Bitbucker Branch Source Plugin
https://nvd.nist.gov/vuln/detail/CVE-2022-20618 (n/a)
https://nvd.nist.gov/vuln/detail/CVE-2022-20619 (n/a)
Configuration as Code Plugin
https://nvd.nist.gov/vuln/detail/CVE-2022-23106 (n/a)
Conjur Secrets Plugin
https://nvd.nist.gov/vuln/detail/CVE-2022-23116 (n/a)
https://nvd.nist.gov/vuln/detail/CVE-2022-23117 (n/a)
Credentials Binding Plugin
https://nvd.nist.gov/vuln/detail/CVE-2022-20616 (4.3)
Debian Package Builder Plugin
https://nvd.nist.gov/vuln/detail/CVE-2022-23118 (n/a)
Dockers Common Plugin
https://nvd.nist.gov/vuln/detail/CVE-2022-20617 (n/a)
HashiCorp Vault Plugin
https://nvd.nist.gov/vuln/detail/CVE-2022-23109 (n/a)
Mailer Plugin
https://nvd.nist.gov/vuln/detail/CVE-2022-20613 (n/a)
https://nvd.nist.gov/vuln/detail/CVE-2022-20614 (n/a)
Matrix Project Plugin
https://nvd.nist.gov/vuln/detail/CVE-2022-20615 (n/a)
Metrics Plugin
https://nvd.nist.gov/vuln/detail/CVE-2022-20621 (n/a)
Publish over SSH Plugin
https://nvd.nist.gov/vuln/detail/CVE-2022-23110 (n/a)
https://nvd.nist.gov/vuln/detail/CVE-2022-23111 (n/a)
https://nvd.nist.gov/vuln/detail/CVE-2022-23112 (n/a)
https://nvd.nist.gov/vuln/detail/CVE-2022-23113 (n/a)
https://nvd.nist.gov/vuln/detail/CVE-2022-23114 (n/a)
SSH Agent Plugin
https://nvd.nist.gov/vuln/detail/CVE-2022-20620 (n/a)
Warnings Next Generation Plugin
https://nvd.nist.gov/vuln/detail/CVE-2022-23107 (n/a)
VMWare Workstation / Horizon Client (Windows)
https://www.vmware.com/security/advisories/VMSA-2022-0002.html (4.0)