Het CSIRT-DSP maakt op wekelijkse basis een selectie van kwetsbaarheden, waarbij het CSIRT-DSP de inschatting heeft gemaakt dat deze relevant zijn voor digitale dienstverleners.
Het betreft een selectie van 'Medium' en 'High' kwetsbaarheden. Voor de inschatting hiervan wordt er gebruik gemaakt van de CVSS 3.1 base scores indien deze beschikbaar zijn. Indien deze niet beschikbaar zijn, zal dit worden aangegeven met 'n/a'.
Critical & High
HPE OneView
https://nvd.nist.gov/vuln/detail/CVE-2023-30909 (9.8)
GitLab CE/EE
https://nvd.nist.gov/vuln/detail/CVE-2023-5009 (9.6)
Trend Micro Apex One / Apex One as a Service
https://nvd.nist.gov/vuln/detail/CVE-2023-41179 (9.1)
Fortinet FortiADC
https://nvd.nist.gov/vuln/detail/CVE-2022-35849 (8.8)
Fortinet FortiAP-U
https://nvd.nist.gov/vuln/detail/CVE-2023-36634 (8.8)
Fortinet FortiWeb
https://nvd.nist.gov/vuln/detail/CVE-2023-34984 (8.8)
Atlassian Bitbucket Data Center and Server
https://nvd.nist.gov/vuln/detail/CVE-2023-22513 (8.5)
Cisco IOS XR Software
https://nvd.nist.gov/vuln/detail/CVE-2023-20236 (7.8)
https://nvd.nist.gov/vuln/detail/CVE-2023-20191 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-20135 (7.0)
https://nvd.nist.gov/vuln/detail/CVE-2023-20233 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-20190 (5.3)
Fortinet FortiTester
https://nvd.nist.gov/vuln/detail/CVE-2023-36642 (7.8)
https://nvd.nist.gov/vuln/detail/CVE-2023-40717 (7.8)
https://nvd.nist.gov/vuln/detail/CVE-2023-40715 (5.5)
NLnet Labs Routinator
https://nvd.nist.gov/vuln/detail/CVE-2023-39915 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-39916 (6.5)
Palo Alto Networks PAN-OS / Prisma SD-WAN ION
https://security.paloaltonetworks.com/CVE-2023-38802 (7.5)
SolarWinds Platform
https://nvd.nist.gov/vuln/detail/CVE-2023-23840 (7.2)
https://nvd.nist.gov/vuln/detail/CVE-2023-23845 (7.2)
Trellix Windows DLP endpoint (Windows)
https://nvd.nist.gov/vuln/detail/CVE-2023-4814 (7.1)
Nagios XI
https://nvd.nist.gov/vuln/detail/CVE-2023-40931 (n/a)
https://nvd.nist.gov/vuln/detail/CVE-2023-40932 (n/a)
https://nvd.nist.gov/vuln/detail/CVE-2023-40933 (n/a)
https://nvd.nist.gov/vuln/detail/CVE-2023-40934 (n/a)
WithSecure Client Security / Server Security / Email and Server Security / Elements Endpoint Protection / Client Security for Mac / Elements Endpoint Protection for Mac / Linux Security 64 / Linux Protection / Atlant (voorheen F-Secure Atlant)
https://nvd.nist.gov/vuln/detail/CVE-2023-42521 (n/a)
https://nvd.nist.gov/vuln/detail/CVE-2023-42522 (n/a)
https://nvd.nist.gov/vuln/detail/CVE-2023-42523 (n/a)
https://nvd.nist.gov/vuln/detail/CVE-2023-42524 (n/a)
https://nvd.nist.gov/vuln/detail/CVE-2023-42525 (n/a)
https://nvd.nist.gov/vuln/detail/CVE-2023-42526 (n/a)
Xen
https://xenbits.xenproject.org/xsa/advisory-438.html (n/a)
Medium
HashiCorp Vault / Vault Enterprise
https://nvd.nist.gov/vuln/detail/CVE-2023-4680 (6.8)
Fortinet FortiAP-W2 / FortiAP-C / FortiAP / FortiAP-U
https://nvd.nist.gov/vuln/detail/CVE-2023-25608 (6.5)
Palo Alto Networks Cortex XDR Agent (Windows)
https://nvd.nist.gov/vuln/detail/CVE-2023-3280 (5.5)
Fortinet FortiProxy / FortiOS
https://nvd.nist.gov/vuln/detail/CVE-2023-29183 (5.4)
Fortinet FortiClientEMS
https://nvd.nist.gov/vuln/detail/CVE-2021-44172 (5.3)
Fortinet FortiPresence
https://nvd.nist.gov/vuln/detail/CVE-2023-27998 (5.3)
Fortinet FortiSIEM
https://nvd.nist.gov/vuln/detail/CVE-2023-36551 (5.3)
Proofpoint Insider Threat Management (ITM) Server
https://nvd.nist.gov/vuln/detail/CVE-2023-4802 (4.8)
https://nvd.nist.gov/vuln/detail/CVE-2023-4803 (4.8)
https://nvd.nist.gov/vuln/detail/CVE-2023-4828 (4.2)
Fortinet FortiManager / FortiAnalyzer
https://nvd.nist.gov/vuln/detail/CVE-2023-36638 (4.3)
LibreNMS
https://nvd.nist.gov/vuln/detail/CVE-2023-4977 (n/a)
https://nvd.nist.gov/vuln/detail/CVE-2023-4978 (n/a)
https://nvd.nist.gov/vuln/detail/CVE-2023-4979 (n/a)
https://nvd.nist.gov/vuln/detail/CVE-2023-4980 (n/a)
https://nvd.nist.gov/vuln/detail/CVE-2023-4981 (n/a)
https://nvd.nist.gov/vuln/detail/CVE-2023-4982 (n/a)