Kwetsbaarheden - Week 43

Het CSIRT-DSP maakt op wekelijkse basis een selectie van kwetsbaarheden, waarbij het CSIRT-DSP de inschatting heeft gemaakt dat deze relevant zijn voor digitale dienstverleners.

Het betreft een selectie van 'Medium' en 'High' kwetsbaarheden. Voor de inschatting hiervan wordt er gebruik gemaakt van de CVSS 3.1 base scores indien deze beschikbaar zijn. Indien deze niet beschikbaar zijn, zal dit worden aangegeven met 'n/a'.

Critical & High

Jenkins diverse plugins

https://www.jenkins.io/security/advisory/2022-10-19/ (9.9-4.3)

Aruba ArubaOS / SD-WAN

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt (9.8-4.4)

Exim

https://nvd.nist.gov/vuln/detail/CVE-2022-3620 (9.8)

VMware Cloud Foundation (NSX-V)

https://www.vmware.com/security/advisories/VMSA-2022-0027.html (9.8-5.3)

Adobe Commerce / Magento

https://nvd.nist.gov/vuln/detail/CVE-2022-42344 (8.8)

F5OS

https://nvd.nist.gov/vuln/detail/CVE-2022-41835 (8.8)

https://nvd.nist.gov/vuln/detail/CVE-2022-41780 (5.5)

GitHub Enterprise Server

https://nvd.nist.gov/vuln/detail/CVE-2022-23734 (8.8)

SolarWinds Platform

https://nvd.nist.gov/vuln/detail/CVE-2022-36958 (8.8)

https://nvd.nist.gov/vuln/detail/CVE-2022-38108 (7.2)

https://nvd.nist.gov/vuln/detail/CVE-2022-36957 (7.2)

https://nvd.nist.gov/vuln/detail/CVE-2022-36966 (5.4)

Cisco Meraki MX and Z3 Teleworker Gateway VPN

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/c… (8.6)

Azure CLI

https://nvd.nist.gov/vuln/detail/CVE-2022-39327 (8.1)

NetApp ONTAP

https://nvd.nist.gov/vuln/detail/CVE-2022-23241 (8.1)

baramundi Management Agent (bMA)

https://nvd.nist.gov/vuln/detail/CVE-2022-43747 (8.0)

Broadcom Brocade Fabric OS

https://nvd.nist.gov/vuln/detail/CVE-2022-33182 (7.8)

https://nvd.nist.gov/vuln/detail/CVE-2022-33185 (7.5)

https://nvd.nist.gov/vuln/detail/CVE-2022-28169 (7.3)

https://nvd.nist.gov/vuln/detail/CVE-2022-33178 (7.2)

https://nvd.nist.gov/vuln/detail/CVE-2022-33183 (7.1)

https://nvd.nist.gov/vuln/detail/CVE-2022-28170 (6.5)

https://nvd.nist.gov/vuln/detail/CVE-2022-33184 (6.1)

https://nvd.nist.gov/vuln/detail/CVE-2022-33179 (5.5)

https://nvd.nist.gov/vuln/detail/CVE-2022-33180 (5.5)

https://nvd.nist.gov/vuln/detail/CVE-2022-33181 (5.5)

Automox Agent

https://nvd.nist.gov/vuln/detail/CVE-2022-36122 (7.8)

F5 NGNIX Plus / Open Source

https://nvd.nist.gov/vuln/detail/CVE-2022-41741 (7.8)

https://nvd.nist.gov/vuln/detail/CVE-2022-41742 (7.1)

https://nvd.nist.gov/vuln/detail/CVE-2022-41743 (7.0)

Dell EMC PowerScale OneFS

https://www.dell.com/support/kbdoc/nl-nl/000204053/dsa-2022-245-dell-em… (7.5-6.7)

https://www.dell.com/support/kbdoc/nl-nl/000201094/dsa-2022-149-dell-em… (4.4)

F5 BIG-IP

https://nvd.nist.gov/vuln/detail/CVE-2022-41624 (7.5)

https://nvd.nist.gov/vuln/detail/CVE-2022-41832 (7.5)

https://nvd.nist.gov/vuln/detail/CVE-2022-41833 (7.5)

https://nvd.nist.gov/vuln/detail/CVE-2022-36795 (5.3)

https://nvd.nist.gov/vuln/detail/CVE-2022-41743 (4.9)

F5 BIG-IP Advanced WAF / ASM

https://nvd.nist.gov/vuln/detail/CVE-2022-41836 (7.5)

https://nvd.nist.gov/vuln/detail/CVE-2022-41691 (7.5)

https://nvd.nist.gov/vuln/detail/CVE-2022-41617 (7.2)

F5 BIG-IP AFM / PEM

https://nvd.nist.gov/vuln/detail/CVE-2022-41813 (7.5)

https://nvd.nist.gov/vuln/detail/CVE-2022-41813 (6.5)

F5 BIG-IP DNS

https://nvd.nist.gov/vuln/detail/CVE-2022-41787 (7.5)

GitLab CE/EE

https://nvd.nist.gov/vuln/detail/CVE-2022-3639 (7.5)

Redis

https://nvd.nist.gov/vuln/detail/CVE-2022-3647 (7.5)

Cisco Identity Services Engine (ISE)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/c… (7.1)

Medium

F5 BIG-IP / BIG-IQ

https://nvd.nist.gov/vuln/detail/CVE-2022-41770 (6.5)

oVirt

https://nvd.nist.gov/vuln/detail/CVE-2022-2805 (6.5)

Flux

https://nvd.nist.gov/vuln/detail/CVE-2022-39272 (4.3)

VMWare Reactor Netty

https://nvd.nist.gov/vuln/detail/CVE-2022-31684 (4.3)

OX App Suite

https://nvd.nist.gov/vuln/detail/CVE-2022-31468 (n/a)