Het CSIRT-DSP maakt op wekelijkse basis een selectie van kwetsbaarheden, waarbij het CSIRT-DSP de inschatting heeft gemaakt dat deze relevant zijn voor digitale dienstverleners.
Het betreft een selectie van 'Medium' en 'High' kwetsbaarheden. Voor de inschatting hiervan wordt er gebruik gemaakt van de CVSS 3.1 base scores indien deze beschikbaar zijn. Indien deze niet beschikbaar zijn, zal dit worden aangegeven met 'n/a'.
Critical & High
Cisco Nexus Dashboard
https://nvd.nist.gov/vuln/detail/CVE-2022-20857 (9.8)
https://nvd.nist.gov/vuln/detail/CVE-2022-20861 (8.8)
https://nvd.nist.gov/vuln/detail/CVE-2022-20858 (8.2)
https://nvd.nist.gov/vuln/detail/CVE-2022-20860 (7.4)
SonicWall GMS / Analytics (On-Prem)
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0007 (9.4)
Cisco Small Business Router RV110W / RV130 / RV130W / RV215W (End of Life)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-rce-overflow-ygHByAK (7.2)
Geen updates worden beschikbaar gesteld.
Atlassian Confluence and Data Center (Atlassian Questions)
https://nvd.nist.gov/vuln/detail/CVE-2022-26136 (n/a)
https://nvd.nist.gov/vuln/detail/CVE-2022-26137 (n/a)
https://nvd.nist.gov/vuln/detail/CVE-2022-26138 (n/a)
Atlassian Bamboo Server and Data Center / Bitbucket Server and Data Center / Crowd
Server and Data Center / Fisheye and Crucible / Jira Server and Data Center / Jira
Service Management Server and Data Center
https://nvd.nist.gov/vuln/detail/CVE-2022-26136 (n/a)
https://nvd.nist.gov/vuln/detail/CVE-2022-26137 (n/a)
Ceph File System (OpenStack manilla)
https://nvd.nist.gov/vuln/detail/CVE-2022-0670 (n/a)
Citrix ADC / Gateway
https://support.citrix.com/article/CTX457836/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202227509 (n/a)
FileWave Mobile Device Management
https://nvd.nist.gov/vuln/detail/CVE-2022-34906 (n/a)
https://nvd.nist.gov/vuln/detail/CVE-2022-34907 (n/a)
Zoho ManageEngine SupportCenter Plus
https://nvd.nist.gov/vuln/detail/CVE-2022-36412 (n/a)
Medium
Aruba Virtual Intranet Access
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-011.txt (6.5)
Cisco IoT Control Center
https://nvd.nist.gov/vuln/detail/CVE-2022-20916 (6.1)
Dell EMC Data Protection Central
https://nvd.nist.gov/vuln/detail/CVE-2022-34367 (5.4)
Cisco Nexus Dashboard
https://nvd.nist.gov/vuln/detail/CVE-2022-20913 (4.9)
F-Secure WithSecure (Windows endpoint protection)
https://nvd.nist.gov/vuln/detail/CVE-2022-28877 (4.3)
https://nvd.nist.gov/vuln/detail/CVE-2022-28878 (4.3)
F-Secure WithSecure (Endpoint protection Mac) / Linux Security / Atlant / Internet
Gatekeeper / Cloud Protection for Salesforce / Collaboration Protection
https://nvd.nist.gov/vuln/detail/CVE-2022-28878 (4.3)
https://nvd.nist.gov/vuln/detail/CVE-2022-28879 (4.3)
Red Hat OpenStack (Horizon)
https://nvd.nist.gov/vuln/detail/CVE-2022-1655 (4.2)
Xen Hypervisor
https://nvd.nist.gov/vuln/detail/CVE-2022-33745 (n/a)