Kwetsbaarheden - Week 31

Het CSIRT-DSP maakt op wekelijkse basis een selectie van kwetsbaarheden, waarbij het CSIRT-DSP de inschatting heeft gemaakt dat deze relevant zijn voor digitale dienstverleners.

Het betreft een selectie van 'Medium' en 'High' kwetsbaarheden. Voor de inschatting hiervan wordt er gebruik gemaakt van de CVSS 3.1 base scores indien deze beschikbaar zijn. Indien deze niet beschikbaar zijn, zal dit worden aangegeven met 'n/a'.

Critical & High

Veritas NetBackup OpsCenter
https://nvd.nist.gov/vuln/detail/CVE-2022-36954 (9.9)
https://nvd.nist.gov/vuln/detail/CVE-2022-36951 (9.8)
https://nvd.nist.gov/vuln/detail/CVE-2022-36950 (9.8)
https://nvd.nist.gov/vuln/detail/CVE-2022-36949 (9.3)
https://nvd.nist.gov/vuln/detail/CVE-2022-36952 (8.4)

Veritas NetBackup Primary/Media Server
https://nvd.nist.gov/vuln/detail/CVE-2022-36992 (9.9)
https://nvd.nist.gov/vuln/detail/CVE-2022-36990 (9.0)
https://nvd.nist.gov/vuln/detail/CVE-2022-36993 (8.8)
https://nvd.nist.gov/vuln/detail/CVE-2022-36989 (8.8)
https://nvd.nist.gov/vuln/detail/CVE-2022-36986 (8.6)
https://nvd.nist.gov/vuln/detail/CVE-2022-36987 (8.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-36991 (8.1)
https://nvd.nist.gov/vuln/detail/CVE-2022-36988 (8.0)
https://nvd.nist.gov/vuln/detail/CVE-2022-36985 (7.8)
https://nvd.nist.gov/vuln/detail/CVE-2022-36984 (7.7)
https://nvd.nist.gov/vuln/detail/CVE-2022-36997 (7.1)

LibreOffice
https://nvd.nist.gov/vuln/detail/CVE-2022-26305 (9.8)
https://nvd.nist.gov/vuln/detail/CVE-2022-26307 (8.8)
https://nvd.nist.gov/vuln/detail/CVE-2022-26306 (7.5)

VMware Workspace ONE Access / Identity Manager / vRealize Automation
https://www.vmware.com/security/advisories/VMSA-2022-0021.html (9.8-4.7)

IBM PowerVM VIOS
https://nvd.nist.gov/vuln/detail/CVE-2022-35643 (9.1)

Veritas NetBackup Client
https://nvd.nist.gov/vuln/detail/CVE-2022-36956 (9.0)
https://nvd.nist.gov/vuln/detail/CVE-2022-36955 (7.8)

Jenkins (Diverse plugins)
https://www.jenkins.io/security/advisory/2022-07-27/ (8.8-3.1)

Red Hat OpenShift Container Platform
https://access.redhat.com/security/cve/cve-2022-2403 (7.7)

HP Teradici PCoIP Tera2 Zero Client (Amazon Workspaces)
https://nvd.nist.gov/vuln/detail/CVE-2022-1805 (7.5)

Fortinet FortiOS / FortiProxy / FortiADC / FortiMail
https://fortiguard.fortinet.com/psirt/FG-IR-21-235 (7.4)

Medium

Veritas NetBackup
https://nvd.nist.gov/vuln/detail/CVE-2022-37000 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-36999 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-36998 (6.3)
https://nvd.nist.gov/vuln/detail/CVE-2022-36994 (6.3)
https://nvd.nist.gov/vuln/detail/CVE-2022-36995 (4.3)
https://nvd.nist.gov/vuln/detail/CVE-2022-36996 (4.3)

Arista EOS
https://www.arista.com/en/support/advisories-notices/security-advisory/15862-security-advisory-0078 (5.8)

Veritas NetBackup OpsCenter
https://nvd.nist.gov/vuln/detail/CVE-2022-36948 (5.4)
https://nvd.nist.gov/vuln/detail/CVE-2022-36953 (4.3)

Fortinet FortiADC
https://fortiguard.fortinet.com/psirt/FG-IR-22-055 (5.1)

Fortinet FortiOS
https://fortiguard.fortinet.com/psirt/FG-IR-22-036 (4.3)

Arista CloudVision Portal
https://www.arista.com/en/support/advisories-notices/security-advisory/15865-security-advisory-0079 (4.0)

NLnet Labs Unbound
https://nvd.nist.gov/vuln/detail/CVE-2022-30698 (n/a)
https://nvd.nist.gov/vuln/detail/CVE-2022-30699 (n/a)

Zimbra Collaboration Suite
https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P26#Security_Fixes (n/a)
https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P33#Security_Fixes (n/a)