Het CSIRT-DSP maakt op wekelijkse basis een selectie van kwetsbaarheden, waarbij het CSIRT-DSP de inschatting heeft gemaakt dat deze relevant zijn voor digitale dienstverleners. Deze selectie wordt gezamenlijk met relevant nieuws verspreid in de Mid of Week.
De inschatting van low/medium/high wordt gemaakt op basis van de CVSS 3.1 base score van de kwetsbaarheid. 0.0-3.9 is low, 4.0-6.9 is medium, 7.0-10.0 is high.
Kwetsbaarheden die als low worden geclassificeerd komen niet in dit overzicht terug.
High
Microsoft Windows
https://advisories.ncsc.nl/advisory?id=NCSC-2021-0609 (9.9-5.3)
Kaseya VSA
https://nvd.nist.gov/vuln/detail/CVE-2021-30116 (9.8)
https://nvd.nist.gov/vuln/detail/CVE-2021-30118 (9.8)
https://nvd.nist.gov/vuln/detail/CVE-2021-30201 (8.8)
https://nvd.nist.gov/vuln/detail/CVE-2021-30117 (8.8)
https://nvd.nist.gov/vuln/detail/CVE-2021-30121 (8.8)
https://nvd.nist.gov/vuln/detail/CVE-2021-30120 (7.5)
Fortinet Fortimail
https://nvd.nist.gov/vuln/detail/CVE-2021-24020 (9.8)
https://nvd.nist.gov/vuln/detail/CVE-2021-24007 (9.8)
https://nvd.nist.gov/vuln/detail/CVE-2021-22129 (8.8)
https://nvd.nist.gov/vuln/detail/CVE-2021-26100 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2021-26090 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2021-24015 (7.2)
ForgeRock Access Management
https://backstage.forgerock.com/knowledge/kb/article/a47894244 (9.3)
Solarwinds Serv-U
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35211 (9.0)
Cisco Web Security Appliance (AsyncOS)
https://nvd.nist.gov/vuln/detail/CVE-2021-1359 (8.8)
Nextcloud Server
https://nvd.nist.gov/vuln/detail/CVE-2021-32688 (8.8)
https://nvd.nist.gov/vuln/detail/CVE-2021-32726 (7.1)
Cisco Adaptive Security Device Manager
https://nvd.nist.gov/vuln/detail/CVE-2021-1585 (8.1)
Nextcloud Talk
https://nvd.nist.gov/vuln/detail/CVE-2021-32689 (8.1)
Microsoft Windows Exchange
https://advisories.ncsc.nl/advisory?id=NCSC-2021-0608 (8.0-7.2)
Fortinet FortiClient MAC
https://nvd.nist.gov/vuln/detail/CVE-2021-26089 (7.8)
Microsoft Malware Protection Engine
https://advisories.ncsc.nl/advisory?id=NCSC-2021-0604 (7.8)
Gitlab
https://nvd.nist.gov/vuln/detail/CVE-2021-22230 (7.2)
VMWare ESXi / Cloud Foundation
https://nvd.nist.gov/vuln/detail/CVE-2021-21994 (7.0)
Citrix Virtual Apps and Desktop
https://support.citrix.com/article/CTX319750 (n/a)
Medium
VMWare ThinApp
https://nvd.nist.gov/vuln/detail/CVE-2021-22000 (6.8)
Fortinet Fortimail
https://nvd.nist.gov/vuln/detail/CVE-2021-24013 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2021-26099 (4.9)
Gitlab
https://nvd.nist.gov/vuln/detail/CVE-2021-22224 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2021-22227 (6.1)
https://nvd.nist.gov/vuln/detail/CVE-2021-22225 (5.4)
https://nvd.nist.gov/vuln/detail/CVE-2021-22231 (4.3)
https://nvd.nist.gov/vuln/detail/CVE-2021-22233 (4.3)
Fortinet FortiManager
https://www.fortiguard.com/psirt/FG-IR-20-194 (6.1)
Nextcloud Android Client
https://nvd.nist.gov/vuln/detail/CVE-2021-32727 (5.7)
PRTG
https://www.paessler.com/prtg/history/stable (5.5)
Kaseya VSA
https://nvd.nist.gov/vuln/detail/CVE-2021-30119 (5.4)
VMWare ESXi / Cloud Foundation
https://nvd.nist.gov/vuln/detail/CVE-2021-21995 (5.3)
Nextcloud Server
https://nvd.nist.gov/vuln/detail/CVE-2021-32705 (5.3)
https://nvd.nist.gov/vuln/detail/CVE-2021-32703 (5.3)
https://nvd.nist.gov/vuln/detail/CVE-2021-32741 (5.3)
Cisco Identity Service Engine
https://nvd.nist.gov/vuln/detail/CVE-2021-1603 (4.8)
https://nvd.nist.gov/vuln/detail/CVE-2021-1604 (4.8)
https://nvd.nist.gov/vuln/detail/CVE-2021-1605 (4.8)
https://nvd.nist.gov/vuln/detail/CVE-2021-1606 (4.8)
https://nvd.nist.gov/vuln/detail/CVE-2021-1607 (4.8)
Nextcloud Text
https://nvd.nist.gov/vuln/detail/CVE-2021-32733 (4.8)
Nextcloud Mail
https://nvd.nist.gov/vuln/detail/CVE-2021-32707 (4.3)
OpenVPN
https://nvd.nist.gov/vuln/detail/CVE-2021-3547 (n/a)
PuTTY
https://nvd.nist.gov/vuln/detail/CVE-2021-36367 (n/a)
Bent u een digitale dienstverlener en wenst u onze complete Mid of Week te ontvangen? Dan kunt u per e-mail uw aanmelding doorgeven. Vermeld hierbij het e-mailadres waar u de Mid of Week op wenst te ontvangen.