Het CSIRT-DSP maakt op wekelijkse basis een selectie van kwetsbaarheden, waarbij het CSIRT-DSP de inschatting heeft gemaakt dat deze relevant zijn voor digitale dienstverleners.
Het betreft een selectie van 'Medium' en 'High' kwetsbaarheden. Voor de inschatting hiervan wordt er gebruik gemaakt van de CVSS 3.1 base scores indien deze beschikbaar zijn. Indien deze niet beschikbaar zijn, zal dit worden aangegeven met 'n/a'.
Critical & High
GitHub Enterprise Server (GHES)
https://nvd.nist.gov/vuln/detail/CVE-2024-4985 (10.0)
Fluent Bit
https://nvd.nist.gov/vuln/detail/CVE-2024-4323 (9.8)
Veeam Backup Enterprise Manager
https://www.veeam.com/kb4581 (9.9-7.2)
Ivanti Endpoint Manager (EPM)
https://forums.ivanti.com/s/article/Security-Advisory-May-2024 (9.6-8.4)
ArgoCD
https://nvd.nist.gov/vuln/detail/CVE-2024-31989 (9.0)
Ivanti Neurons for ITSM
https://forums.ivanti.com/s/article/Security-Advisory-May-2024 (8.8-8.7)
Micro Focus ArcSight Enterprise Security Manager
https://nvd.nist.gov/vuln/detail/CVE-2024-2835 (8.7)
https://nvd.nist.gov/vuln/detail/CVE-2024-3482 (8.7)
Cisco Emergency Responder / Prime Collaboration Deployment / Unified Communications Manager (Unified CM) / Unified Communications Manager IM & Presence Service (Unified CM IM&P) / Unified Communications Manager Session Management Edition (Unified CM SME) / Unity Connection
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (8.6)
Atlassian Confluence Data Center and Server
https://jira.atlassian.com/browse/CONFSERVER-95832 (8.3)
Ivanti Secure Access
https://forums.ivanti.com/s/article/Security-Advisory-May-2024 (7.8-7.3))
Zoho ManageEngine ADAudit Plus
https://nvd.nist.gov/vuln/detail/CVE-2023-49330 (8.3)
https://nvd.nist.gov/vuln/detail/CVE-2023-49331 (8.3)
https://nvd.nist.gov/vuln/detail/CVE-2023-49332 (8.3)
https://nvd.nist.gov/vuln/detail/CVE-2023-49333 (8.3)
https://nvd.nist.gov/vuln/detail/CVE-2023-49334 (8.3)
https://nvd.nist.gov/vuln/detail/CVE-2023-49335 (8.3)
Ivanti Connect Secure
https://forums.ivanti.com/s/article/Security-Advisory-May-2024 (8.2)
VMware ESXi / Workstation / Fusion / vCenter Server
https://support.broadcom.com/web/ecx/support-content-notification/-/ext… (8.1-4.9)
Zoho ManageEngine PAM360
https://nvd.nist.gov/vuln/detail/CVE-2024-27312 (8.1)
Cisco ConfD CLI
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (7.8)
Cisco Crosswork Network Services Orchestrator (NSO)
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (7.8)
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (7.8)
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (4.7)
Ivanti Avalanche
https://forums.ivanti.com/s/article/Security-Advisory-May-2024 (7.2)
Veeam Agent (Windows)
https://www.veeam.com/kb4582 (7.2)
Medium
Cisco Secure Client (Windows)
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (6.8)
Ivanti Endpoint Manager Mobile (EPMM)
https://forums.ivanti.com/s/article/KB-Security-Advisory-Ivanti-Endpoin… (6.7)
Devolutions Server
https://devolutions.net/security/advisories/DEVO-2024-0007 (6.6)
Red Hat Submariner
https://nvd.nist.gov/vuln/detail/CVE-2024-5042 (6.6)
Cisco Secure Email Gateway
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (6.1)
Cisco Secure Email and Web Manager / Secure Email Gateway / Secure Web Appliance
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (6.1)
Arista EOS
https://www.arista.com/en/support/advisories-notices/security-advisory/… (5.9)
Cisco AppDynamics Network Visibility Service
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (5.5)
Fluxcd source-controller
https://nvd.nist.gov/vuln/detail/CVE-2024-31216 (5.1)