Kwetsbaarheden - Week 42

Het CSIRT-DSP maakt op wekelijkse basis een selectie van kwetsbaarheden, waarbij het CSIRT-DSP de inschatting heeft gemaakt dat deze relevant zijn voor digitale dienstverleners. Deze selectie wordt gezamenlijk met relevant nieuws verspreid in de Mid of Week.

De inschatting van low/medium/high wordt gemaakt op basis van de CVSS 3.1 base score van de kwetsbaarheid. 0.0-3.9 is low, 4.0-6.9 is medium, 7.0-10.0 is high.

Kwetsbaarheden die als low worden geclassificeerd komen niet in dit overzicht terug.

High

Juniper Networks Technology Session Smart Router

https://nvd.nist.gov/vuln/detail/CVE-2021-31349 (9.8)

Zoho ManageEngine OpManager

https://nvd.nist.gov/vuln/detail/CVE-2021-40493 (9.8)

Kubernetes MinIO

https://nvd.nist.gov/vuln/detail/CVE-2021-41137 (8.8)

Zoho ManageEngine ADManager Plus

https://nvd.nist.gov/vuln/detail/CVE-2021-20131 (8.8)

https://nvd.nist.gov/vuln/detail/CVE-2021-20130 (8.8)

Juniper Networks Junos OS

https://nvd.nist.gov/vuln/detail/CVE-2021-31372 (8.8)

https://nvd.nist.gov/vuln/detail/CVE-2021-31385 (8.8)

https://nvd.nist.gov/vuln/detail/CVE-2021-31355 (8.0)

https://nvd.nist.gov/vuln/detail/CVE-2021-31373 (8.0)

https://nvd.nist.gov/vuln/detail/CVE-2021-31359 (7.8)

https://nvd.nist.gov/vuln/detail/CVE-2021-31379 (7.5)

https://nvd.nist.gov/vuln/detail/CVE-2021-31383 (7.5)

https://nvd.nist.gov/vuln/detail/CVE-2021-31374 (7.5)

https://nvd.nist.gov/vuln/detail/CVE-2021-31368 (7.5)

https://nvd.nist.gov/vuln/detail/CVE-2021-31353 (7.5)

https://nvd.nist.gov/vuln/detail/CVE-2021-31376 (7.5)

https://nvd.nist.gov/vuln/detail/CVE-2021-0299 (7.5)

https://nvd.nist.gov/vuln/detail/CVE-2021-31351 (7.5)

https://nvd.nist.gov/vuln/detail/CVE-2021-31350 (7.5)

https://nvd.nist.gov/vuln/detail/CVE-2021-31375 (7.2)

https://nvd.nist.gov/vuln/detail/CVE-2021-31384 (7.2)

https://nvd.nist.gov/vuln/detail/CVE-2021-31354 (7.1)

https://nvd.nist.gov/vuln/detail/CVE-2021-31360 (7.1)

Palo Alto Networks GlobalProtect

https://nvd.nist.gov/vuln/detail/CVE-2021-3057 (8.1)

Juniper Networks Junos OS Evolved

https://nvd.nist.gov/vuln/detail/CVE-2021-31359 (7.8)

https://nvd.nist.gov/vuln/detail/CVE-2021-31358 (7.8)

https://nvd.nist.gov/vuln/detail/CVE-2021-31357 (7.8)

https://nvd.nist.gov/vuln/detail/CVE-2021-31356 (7.8)

https://nvd.nist.gov/vuln/detail/CVE-2021-31383 (7.5)

https://nvd.nist.gov/vuln/detail/CVE-2021-31353 (7.5)

https://nvd.nist.gov/vuln/detail/CVE-2021-31350 (7.5)

https://nvd.nist.gov/vuln/detail/CVE-2021-31374 (7.5)

https://nvd.nist.gov/vuln/detail/CVE-2021-31354 (7.1)

https://nvd.nist.gov/vuln/detail/CVE-2021-31360 (7.1)

Oracle VirtualBox

https://www.oracle.com/security-alerts/cpuoct2021.html (7.8-4.4)

Juniper Networks CTPView server

https://nvd.nist.gov/vuln/detail/CVE-2021-0296 (7.4)

Medium

Juniper Networks Junos OS

https://nvd.nist.gov/vuln/detail/CVE-2021-31378 (6.8)

https://nvd.nist.gov/vuln/detail/CVE-2021-31367 (6.5)

https://nvd.nist.gov/vuln/detail/CVE-2021-31370 (6.5)

https://nvd.nist.gov/vuln/detail/CVE-2021-31366 (6.5)

https://nvd.nist.gov/vuln/detail/CVE-2021-31365 (6.5)

https://nvd.nist.gov/vuln/detail/CVE-2021-31363 (6.5)

https://nvd.nist.gov/vuln/detail/CVE-2021-31362 (6.5)

https://nvd.nist.gov/vuln/detail/CVE-2021-31382 (6.5)

https://nvd.nist.gov/vuln/detail/CVE-2021-31377 (5.5)

https://nvd.nist.gov/vuln/detail/CVE-2021-31361 (5.3)

https://nvd.nist.gov/vuln/detail/CVE-2021-31371 (5.3)

https://nvd.nist.gov/vuln/detail/CVE-2021-31369 (5.3)

https://nvd.nist.gov/vuln/detail/CVE-2021-31386 (5.3)

Juniper Networks Junos OS Evolved

https://nvd.nist.gov/vuln/detail/CVE-2021-0297 (6.5)

https://nvd.nist.gov/vuln/detail/CVE-2021-31363 (6.5)

https://nvd.nist.gov/vuln/detail/CVE-2021-31362 (6.5)

https://nvd.nist.gov/vuln/detail/CVE-2021-0298 (4.7)

Juniper Networks SRC series

https://nvd.nist.gov/vuln/detail/CVE-2021-31381 (6.5)

https://nvd.nist.gov/vuln/detail/CVE-2021-31380 (5.3)

https://nvd.nist.gov/vuln/detail/CVE-2021-31352 (5.3)

Huawei IPS / NGFW

https://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20211020-01-outofwrite-en (5.9)

VMware vRealize Operations Tenant App (VMware Cloud Director)

https://www.vmware.com/security/advisories/VMSA-2021-0024.html (5.3)