Het CSIRT-DSP maakt op wekelijkse basis een selectie van kwetsbaarheden, waarbij het CSIRT-DSP de inschatting heeft gemaakt dat deze relevant zijn voor digitale dienstverleners.
Het betreft een selectie van 'Medium' en 'High' kwetsbaarheden. Voor de inschatting hiervan wordt er gebruik gemaakt van de CVSS 3.1 base scores indien deze beschikbaar zijn. Indien deze niet beschikbaar zijn, zal dit worden aangegeven met 'n/a'.
Critical & High
Microsoft Windows
https://www.ncsc.nl/actueel/advisory?id=NCSC-2023-0076 (9.8-5.3)
Arista EOS
https://www.arista.com/en/support/advisories-notices/security-advisory/… (9.3)
Microsoft Exchange
https://www.ncsc.nl/actueel/advisory?id=NCSC-2023-0079 (8.8-7.2)
Dell Unisphere for PowerMax / Unisphere for PowerMax vApp / Solutions Enabler vApp / Unisphere 360 / VASA Provider vApp / PowerMax EMB Mgmt
https://www.dell.com/support/kbdoc/nl-nl/000207177/dsa-2022-340-dell-un… (8.8-6.5)
Tribe29 Checkmk
https://nvd.nist.gov/vuln/detail/CVE-2022-43440 (8.8)
Microsoft Azure
https://www.ncsc.nl/actueel/advisory?id=NCSC-2023-0077 (8.7-6.5)
Elastic Endpoint Security / Endgame (Windows)
https://nvd.nist.gov/vuln/detail/CVE-2022-38777 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-38778 (6.5)
IBM Cloud Pak voor Multicloud Management Monitoring
https://nvd.nist.gov/vuln/detail/CVE-2022-42438 (7.5)
Citrix Virtual Apps and Desktops
https://support.citrix.com/article/CTX477616/citrix-virtual-apps-and-de… (high)
Citrix Workspace app (Linux)
https://support.citrix.com/article/CTX477618/citrix-workspace-app-for-l… (high)
Citrix Workspace app (Windows)
https://support.citrix.com/article/CTX477617/citrix-workspace-app-for-w… (high)
Jitsi
https://nvd.nist.gov/vuln/detail/CVE-2022-43550 (n/a)
ConnectWise Control / ScreenConnect
https://nvd.nist.gov/vuln/detail/CVE-2023-25719 (n/a)
HAProxy
https://nvd.nist.gov/vuln/detail/CVE-2023-25725 (n/a)
RUCKUS AP Web / Wireless Admin
https://nvd.nist.gov/vuln/detail/CVE-2023-25717 (n/a)
Xen
https://xenbits.xenproject.org/xsa/advisory-426.html (n/a)
Medium
Acronis Cyber Protect Home Office / Agent / Cyber Protect 15 (Windows)
https://nvd.nist.gov/vuln/detail/CVE-2022-45455 (6.6)
GitLab CE/EE
https://nvd.nist.gov/vuln/detail/CVE-2022-3411 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-4138 (6.4)
https://nvd.nist.gov/vuln/detail/CVE-2023-0518 (4.3)
https://nvd.nist.gov/vuln/detail/CVE-2022-3759 (4.3)
IBM Spectrum Scale / Elastic Storage System
https://nvd.nist.gov/vuln/detail/CVE-2022-43869 (6.5)
Palo Alto Networks Cortex XSOAR server
https://nvd.nist.gov/vuln/detail/CVE-2023-0003 (6.5)
Argo CD
https://nvd.nist.gov/vuln/detail/CVE-2023-25163 (6.3)
ownCloud Android app
https://nvd.nist.gov/vuln/detail/CVE-2023-23948 (6.2)
https://nvd.nist.gov/vuln/detail/CVE-2023-24804 (5.0)
Palo Alto Networks Cortex XDR agent (Windows)
https://nvd.nist.gov/vuln/detail/CVE-2023-0001 (6.0)
https://nvd.nist.gov/vuln/detail/CVE-2023-0002 (5.5)
Nextcloud Office App (Collabora Integration)
https://nvd.nist.gov/vuln/detail/CVE-2023-25150 (5.8)
Dell Command | Update / Dell Update
https://nvd.nist.gov/vuln/detail/CVE-2023-23698 (5.5)
Nextcloud Server / Enterprise Server
https://nvd.nist.gov/vuln/detail/CVE-2023-25162 (5.3)
HashiCorp Boundary
https://nvd.nist.gov/vuln/detail/CVE-2023-0690 (5.0)
Dell Command | Integration Suite for System Center
https://nvd.nist.gov/vuln/detail/CVE-2023-24572 (4.7)
Dell Command | Intel vPro Out of Band
https://nvd.nist.gov/vuln/detail/CVE-2023-23697 (4.7)
Dell Command | Monitor
https://nvd.nist.gov/vuln/detail/CVE-2023-24573 (4.7)
IBM Sterling Secure Proxy
https://nvd.nist.gov/vuln/detail/CVE-2022-34362 (4.6)
Helm
https://nvd.nist.gov/vuln/detail/CVE-2023-25165 (4.3)
SonicWall Email Security
https://nvd.nist.gov/vuln/detail/CVE-2023-0655 (4.3)
Nextcloud Mail
https://nvd.nist.gov/vuln/detail/CVE-2023-25160 (4.1)