Het CSIRT-DSP maakt op wekelijkse basis een selectie van kwetsbaarheden, waarbij het CSIRT-DSP de inschatting heeft gemaakt dat deze relevant zijn voor digitale dienstverleners. Deze selectie wordt gezamenlijk met relevant nieuws verspreid in de Mid of Week.
De inschatting van low/medium/high wordt gemaakt op basis van de CVSS 3.1 base score van de kwetsbaarheid. 0.0-3.9 is low, 4.0-6.9 is medium, 7.0-10.0 is high.
Kwetsbaarheden die als low worden geclassificeerd komen niet in dit overzicht terug.
High
F5 BIG-IP
https://support.f5.com/csp/article/K41351250 (9.9)
https://support.f5.com/csp/article/K21435974 (7.5)
https://support.f5.com/csp/article/K05043394 (7.5)
https://support.f5.com/csp/article/K70415522 (7.5)
https://support.f5.com/csp/article/K30523121 (7.5)
https://support.f5.com/csp/article/K05314769 (7.5)
https://support.f5.com/csp/article/K45407662 (7.5)
https://support.f5.com/csp/article/K42051445 (7.5)
https://support.f5.com/csp/article/K52420610 (7.5)
https://support.f5.com/csp/article/K00602225 (7.5)
https://support.f5.com/csp/article/K24301698 (7.5)
https://support.f5.com/csp/article/K53854428 (7.5)
https://support.f5.com/csp/article/K55543151 (7.2)
Vembu BDR Suite
https://nvd.nist.gov/vuln/detail/CVE-2021-26471 (9.8)
https://nvd.nist.gov/vuln/detail/CVE-2021-26472 (9.8)
https://nvd.nist.gov/vuln/detail/CVE-2021-26473 (9.8)
MISP
https://nvd.nist.gov/vuln/detail/CVE-2021-39302 (9.8)
VMware vRealize Operations
https://www.vmware.com/security/advisories/VMSA-2021-0018.html (8.6-4.4)
QEMU
https://nvd.nist.gov/vuln/detail/CVE-2021-3682 (8.5)
Cisco AppDynamics
https://nvd.nist.gov/vuln/detail/CVE-2021-34745 (7.8)
Gitlab
https://nvd.nist.gov/vuln/detail/CVE-2021-22246 (7.7)
Fortinet FortiWeb
https://www.fortiguard.com/psirt/FG-IR-21-116 (7.6)
BIND (Supported Preview version)
https://nvd.nist.gov/vuln/detail/CVE-2021-25218 (7.5)
Nextcloud Desktop Client
https://nvd.nist.gov/vuln/detail/CVE-2021-37617 (7.3)
OpenStack Neutron
https://nvd.nist.gov/vuln/detail/CVE-2021-38598 (n/a)
OpenSSL
https://nvd.nist.gov/vuln/detail/CVE-2021-3711 (n/a)
Medium
F5 BIG-IP
https://support.f5.com/csp/article/K61643620 (6.8)
https://support.f5.com/csp/article/K66782293 (6.5)
https://support.f5.com/csp/article/K32734107 (6.1)
https://support.f5.com/csp/article/K35408374 (5.9)
https://support.f5.com/csp/article/K19012930 (5.9)
https://support.f5.com/csp/article/K44553214 (5.9)
https://support.f5.com/csp/article/K94255403 (5.4)
https://support.f5.com/csp/article/K93231374 (5.3)
https://support.f5.com/csp/article/K94941221 (5.3)
https://support.f5.com/csp/article/K79428827 (5.3)
https://support.f5.com/csp/article/K65397301 (5.3)
https://support.f5.com/csp/article/K70652532 (4.9)
https://support.f5.com/csp/article/K42526507 (4.7)
https://support.f5.com/csp/article/K63163637 (4.3)
Gitlab
https://nvd.nist.gov/vuln/detail/CVE-2021-22238 (6.8)
https://nvd.nist.gov/vuln/detail/CVE-2021-22252 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2021-22252 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2021-22248 (5.3)
https://nvd.nist.gov/vuln/detail/CVE-2021-22249 (4.3)
https://nvd.nist.gov/vuln/detail/CVE-2021-22251 (4.3)
Nextcloud Desktop Client
https://nvd.nist.gov/vuln/detail/CVE-2021-32728 (6.5)
F5 BIG-IP Amazon Web Services
https://support.f5.com/csp/article/K01153535 (5.9)
Vembu BDR Suite
https://nvd.nist.gov/vuln/detail/CVE-2021-26474 (5.8)
Cisco Web Security Appliance / Firepower Threat Defense
https://nvd.nist.gov/vuln/detail/CVE-2021-34749 (5.8)
Cisco Secure Email and Webmanager
https://nvd.nist.gov/vuln/detail/CVE-2021-1561 (5.4)
VMWare Workspace ONE UEM console
https://www.vmware.com/security/advisories/VMSA-2021-0017.html (5.3)
Huawei CloudEngine
https://nvd.nist.gov/vuln/detail/CVE-2021-22328 (5.3)
OpenSSL
https://nvd.nist.gov/vuln/detail/CVE-2021-3712 (n/a)
Bent u een digitale dienstverlener en wenst u onze complete Mid of Week te ontvangen? Dan kunt u per e-mail uw aanmelding doorgeven. Vermeld hierbij het e-mailadres waar u de Mid of Week op wenst te ontvangen.