Het CSIRT-DSP maakt op wekelijkse basis een selectie van kwetsbaarheden, waarbij het CSIRT-DSP de inschatting heeft gemaakt dat deze relevant zijn voor digitale dienstverleners.
Het betreft een selectie van 'Medium' en 'High' kwetsbaarheden. Voor de inschatting hiervan wordt er gebruik gemaakt van de CVSS 3.1 base scores indien deze beschikbaar zijn. Indien deze niet beschikbaar zijn, zal dit worden aangegeven met 'n/a'.
Critical & High
Zabbix
https://support.zabbix.com/browse/ZBX-25016 (9.9)
https://support.zabbix.com/browse/ZBX-25018 (9.1)
https://support.zabbix.com/browse/ZBX-25019 (7.5)
https://support.zabbix.com/browse/ZBX-25017 (8.1)
https://support.zabbix.com/browse/ZBX-25015 (4.3)
Cisco IP Phone
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-spa-http-vulns-RJZmX2Xz (9.8)
Microsoft Windows
https://advisories.ncsc.nl/advisory?id=NCSC-2024-0334 (9.8-4.2)
SaltStack Salt
https://ubuntu.com/security/notices/USN-6948-1 (9.8-4.4)
SolarWinds Web Help Desk
https://nvd.nist.gov/vuln/detail/CVE-2024-28986 (9.8)
Microsoft Azure
https://advisories.ncsc.nl/advisory?id=NCSC-2024-0335 (9.3-7.0)
Jenkins
https://www.jenkins.io/security/advisory/2024-08-07/ (9.0-5.4)
Ubuntu
https://nvd.nist.gov/vuln/detail/CVE-2024-5290 (8.8)
Zoom Workplace Apps / Rooms Clients
https://www.zoom.com/en/trust/security-bulletin/zsb-24022/ (8.5)
Ivanti Avalanche
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Avalanche-6-4-4-CVE-2024-38652-CVE-2024-38653-CVE-2024-36136-CVE-2024-37399-CVE-2024-37373?language=en_US (8.2-7.2)
Microsoft Windows Hyper-V
https://nvd.nist.gov/vuln/detail/CVE-2024-38127 (7.8)
IBM OpenBMC FW1050
https://nvd.nist.gov/vuln/detail/CVE-2024-35124 (7.5)
JetBrains TeamCity
https://nvd.nist.gov/vuln/detail/CVE-2024-43114 (7.5)
Microsoft Windows Print Spooler
https://nvd.nist.gov/vuln/detail/CVE-2024-38198 (7.5)
Zimbra Collaboration
https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.8#Security_Fixes (7.5-5.4)
Jupyter JupyterHub
https://nvd.nist.gov/vuln/detail/CVE-2024-41942 (7.2)
Medium
Fortinet FortiSOAR
https://nvd.nist.gov/vuln/detail/CVE-2023-26211 (6.8)
GitLab CE/EE
https://about.gitlab.com/releases/2024/08/07/patch-release-gitlab-17-2-2-released/ (6.8-4.1)
https://nvd.nist.gov/vuln/detail/CVE-2024-7554 (4.9)
Microsoft Outlook
https://nvd.nist.gov/vuln/detail/CVE-2024-38173 (6.7)
Elastic Agent
https://nvd.nist.gov/vuln/detail/CVE-2024-37283 (6.5)
Zoom Workplace Apps / SDKs / Rooms Clients / Rooms Controller
https://www.zoom.com/en/trust/security-bulletin/zsb-24031/ (6.5)
https://www.zoom.com/en/trust/security-bulletin/zsb-24029/ (6.5)
https://www.zoom.com/en/trust/security-bulletin/zsb-24030/ (4.9)
Zoom Workplace Desktop App for macOS / Zoom Meeting SDK for macOS / Zoom Rooms Client for macOS
https://www.zoom.com/en/trust/security-bulletin/zsb-24034/ (6.2)
Zabbix Agent
https://support.zabbix.com/browse/ZBX-25011 (6.1)
Fortinet FortiDDoS / FortiDDoS-F
https://fortiguard.fortinet.com/psirt/FG-IR-22-047 (6.0)
Fortinet FortiManager or FortiAnalyzer
https://fortiguard.fortinet.com/psirt/FG-IR-23-467 (5.5)
Cisco Identity Services Engine (ISE)
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss-V2bm9JCY (5.4)
Fortinet FortiOS
https://fortiguard.fortinet.com/psirt/FG-IR-24-012 (4.7)
IBM Cloud Pak for Security
https://www.ibm.com/support/pages/node/7165286 (4.7)
Apache MINA SSHD
https://nvd.nist.gov/vuln/detail/CVE-2024-41909 (n/a)