Kwetsbaarheden - Week 38

Het CSIRT-DSP maakt op wekelijkse basis een selectie van kwetsbaarheden, waarbij het CSIRT-DSP de inschatting heeft gemaakt dat deze relevant zijn voor digitale dienstverleners.

Het betreft een selectie van 'Medium' en 'High' kwetsbaarheden. Voor de inschatting hiervan wordt er gebruik gemaakt van de CVSS 3.1 base scores indien deze beschikbaar zijn. Indien deze niet beschikbaar zijn, zal dit worden aangegeven met 'n/a'.

Critical & High

Gitlab CE/EE
https://about.gitlab.com/releases/2024/09/11/patch-release-gitlab-17-3-2-released/#execute-environment-stop-actions-as-the-owner-of-the-stop-action-job (9.9-4.0)

Red Hat OpenShift
https://access.redhat.com/security/cve/CVE-2024-45496 (9.9)
https://access.redhat.com/security/cve/CVE-2024-7387 (9.1) 

VMware vCenter Server
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968 (9.8-7.5) 

SolarWinds Access Rights Manager
https://nvd.nist.gov/vuln/detail/CVE-2024-28991 (9.0)
https://nvd.nist.gov/vuln/detail/CVE-2024-28990 (6.3)

Cisco IOS XR
https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75416 (8.8-5.3)

Cisco Crosswork NSO / Optical Site Manager / RV340 Dual WAN Gigabit VPN Routers
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-auth-bypass-QnTEesp (8.8)

Ivanti Workspace Control
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Workspace-Control-IWC?  (8.8-7.8)

Palo Alto PAN-OS
https://security.paloaltonetworks.com/CVE-2024-8686 (8.6)
https://security.paloaltonetworks.com/CVE-2024-8687 (6.9)
https://security.paloaltonetworks.com/CVE-2024-8688 (6.7)
https://security.paloaltonetworks.com/CVE-2024-8691 (5.3) 

Palo Alto Prisma Access Browser
https://security.paloaltonetworks.com/PAN-SA-2024-0009 (8.6) 

HPE Aruba Networking ArubaOS
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04709en_us&docLocale=en_US (7.2) 

Fortinet FortiSOAR
https://fortiguard.fortinet.com/psirt/FG-IR-24-048 (7.1) 

Citrix Workspace app for Windows
https://support.citrix.com/s/article/CTX691485-citrix-workspace-app-for-windows-security-bulletin-cve20247889-and-cve20247890?language=en_US (7.0-5.4)

Medium

Acronis Cyber Protect Cloud Agent
https://security-advisory.acronis.com/advisories/SEC-7218 (6.7)
https://security-advisory.acronis.com/advisories/SEC-7188 (6.5) 

Trend Micro Deep Discovery Inspector
https://success.trendmicro.com/en-US/solution/KA-0017793 (6.5-4.9) 

Palo Alto Cortex XSOAR / Cortex XSIAM
https://security.paloaltonetworks.com/CVE-2024-8689 (6.0) 

Palo Alto Cortex XDR Agent
https://security.paloaltonetworks.com/CVE-2024-8690 (5.6)