Het CSIRT-DSP maakt op wekelijkse basis een selectie van kwetsbaarheden, waarbij het CSIRT-DSP de inschatting heeft gemaakt dat deze relevant zijn voor digitale dienstverleners.
Het betreft een selectie van 'Medium' en 'High' kwetsbaarheden. Voor de inschatting hiervan wordt er gebruik gemaakt van de CVSS 3.1 base scores indien deze beschikbaar zijn. Indien deze niet beschikbaar zijn, zal dit worden aangegeven met 'n/a'.
Critical & High
Apache MINA SSHD
https://nvd.nist.gov/vuln/detail/CVE-2022-45047 (9.8)
Atlassian Bitbucket Server and Data Center
https://nvd.nist.gov/vuln/detail/CVE-2022-43781 (9.8)
F-secure / WithSecure Policy Manager Server
https://nvd.nist.gov/vuln/detail/CVE-2022-38165 (9.8)
FreeRDP
https://nvd.nist.gov/vuln/detail/CVE-2022-39319 (9.1)
https://nvd.nist.gov/vuln/detail/CVE-2022-41877 (9.1)
https://nvd.nist.gov/vuln/detail/CVE-2022-39318 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-39347 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-39316 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-39320 (5.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-39317 (4.6)
F5 BIG-IP / BIG-IQ
https://support.f5.com/csp/article/K94221585 (8.8)
HPE OfficeConnect
https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=h… (8.8)
SolarWinds Platform
https://www.solarwinds.com/trust-center/security-advisories/cve-2022-36… (8.8)
https://www.solarwinds.com/trust-center/security-advisories/cve-2022-36… (8.8)
https://www.solarwinds.com/trust-center/security-advisories/cve-2022-36… (7.2)
Zoom Client for Meetings Installer voor macOS
https://nvd.nist.gov/vuln/detail/CVE-2022-28768 (8.8)
Zoom Rooms Installer voor Windows
https://nvd.nist.gov/vuln/detail/CVE-2022-36924 (8.8)
F5 BIG-IP
https://support.f5.com/csp/article/K13325942 (8.7)
Aruba EdgeConnect Enterprise
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-018.txt (7.5-4.9)
SolarWinds Serv-U
https://www.solarwinds.com/trust-center/security-advisories/cve-2022-38… (7.5)
Veritas NetBackup
https://nvd.nist.gov/vuln/detail/CVE-2022-45461 (7.5)
Proofpoint Enterprise Protection
https://nvd.nist.gov/vuln/detail/CVE-2021-31608 (7.4)
Zoom Client for Meetings / Rooms for Conference Room
https://nvd.nist.gov/vuln/detail/CVE-2022-28766 (7.3)
Technitium DNS Server
https://nvd.nist.gov/vuln/detail/CVE-2022-30258 (n/a)
https://nvd.nist.gov/vuln/detail/CVE-2022-30257 (n/a)
Zoho ManageEngine ServiceDesk Plus / ServiceDesk Plus MSP / SupportCenter Plus
https://nvd.nist.gov/vuln/detail/CVE-2022-40770 (n/a)
Medium
Elastic Kibana
https://nvd.nist.gov/vuln/detail/CVE-2021-37936 (6.6-4.3)
https://nvd.nist.gov/vuln/detail/CVE-2021-22141 (6.1)
KubeVela
https://nvd.nist.gov/vuln/detail/CVE-2022-39383 (6.5)
Cisco Identity Services Engine
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/c… (6.3)
JetBrains Hub
https://nvd.nist.gov/vuln/detail/CVE-2022-45471 (n/a)
MaraDNS
https://nvd.nist.gov/vuln/detail/CVE-2022-30256 (n/a)
Zoho ManageEngine ADManager Plus
https://nvd.nist.gov/vuln/detail/CVE-2022-42904 (n/a)
Zoho ManageEngine SupportCenter Plus
https://nvd.nist.gov/vuln/detail/CVE-2022-42903 (n/a)