Kwetsbaarheden - Week 14

Het CSIRT-DSP maakt op wekelijkse basis een selectie van kwetsbaarheden, waarbij het CSIRT-DSP de inschatting heeft gemaakt dat deze relevant zijn voor digitale dienstverleners.

Het betreft een selectie van 'Medium' en 'High' kwetsbaarheden. Voor de inschatting hiervan wordt er gebruik gemaakt van de CVSS 3.1 base scores indien deze beschikbaar zijn. Indien deze niet beschikbaar zijn, zal dit worden aangegeven met 'n/a'.

Critical & High

Sophos Web Appliance (SWA)
https://www.sophos.com/en-us/security-advisories/sophos-sa-20230404-swa… (9.8-6.5)

Generex UPS CS141
https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032… (10.0-4.3))

Nextcloud Server / Enterprise Server
https://nvd.nist.gov/vuln/detail/CVE-2023-26482 (9.0)
https://nvd.nist.gov/vuln/detail/CVE-2023-28644 (5.7)
https://nvd.nist.gov/vuln/detail/CVE-2023-28643 (5.3)

Dell NetWorker
https://www.dell.com/support/kbdoc/nl-nl/000211267/dsa-2023-060-dell-ne… (8.4)
https://www.dell.com/support/kbdoc/nl-nl/000210963/dsa-2023-059-dell-ne… (7.4)

Envoy Proxy
https://nvd.nist.gov/vuln/detail/CVE-2023-27487 (8.2)
https://nvd.nist.gov/vuln/detail/CVE-2023-27493 (8.1)
https://nvd.nist.gov/vuln/detail/CVE-2023-27496 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-27488 (5.4)
https://nvd.nist.gov/vuln/detail/CVE-2023-27491 (5.4)
https://nvd.nist.gov/vuln/detail/CVE-2023-27492 (4.8)

Trellix Agent
https://kcm.trellix.com/corporate/index?page=content&id=SB10396 (8.2-6.7)

Dell PowerScale OneFS
https://www.dell.com/support/kbdoc/nl-nl/000211539/dell-emc-powerscale-… (7.8-6.5)

Moby
https://nvd.nist.gov/vuln/detail/CVE-2023-28840 (7.5)
https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw (high)
https://nvd.nist.gov/vuln/detail/CVE-2023-28841 (6.8)
https://nvd.nist.gov/vuln/detail/CVE-2023-28842 (6.8)

ForgeRock LDAP Connector
https://nvd.nist.gov/vuln/detail/CVE-2023-1656 (7.5)

Medium

Nextcloud Desktop client / Android app / iOS app
https://nvd.nist.gov/vuln/detail/CVE-2023-28999 (6.9)

Nextcloud Desktop client
https://nvd.nist.gov/vuln/detail/CVE-2023-28997 (6.7)
https://nvd.nist.gov/vuln/detail/CVE-2023-28998 (6.7)
https://nvd.nist.gov/vuln/detail/CVE-2023-29000 (5.4)

GitLab CE / EE
https://about.gitlab.com/releases/2023/03/30/security-release-gitlab-15… (6.5-4.3)

HashiCorp Vault / Vault Enterprise
https://nvd.nist.gov/vuln/detail/CVE-2023-0620 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-0665 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-25000 (5.0)

Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway and
Email Security Cloud / Web Security Portal on Hybrid

https://support.forcepoint.com/s/article/000041617 (6.1)

Dell CloudLink
https://www.dell.com/support/kbdoc/nl-nl/000211682/dsa-2023-121-dell-cl… (5.9)

Nextcloud Office app (richdocuments)
https://nvd.nist.gov/vuln/detail/CVE-2023-28645 (5.7)

Dell Command | Monitor
https://www.dell.com/support/kbdoc/nl-nl/000211748/dsa-2023-125-dell-co… (4.7)

HCL Launch
https://nvd.nist.gov/vuln/detail/CVE-2022-42452 (4.6)

Nextcloud Android app
https://nvd.nist.gov/vuln/detail/CVE-2023-28646 (4.4)

Nextcloud iOS app
https://nvd.nist.gov/vuln/detail/CVE-2023-28647 (4.4)