Het CSIRT-DSP maakt op wekelijkse basis een selectie van kwetsbaarheden, waarbij het CSIRT-DSP de inschatting heeft gemaakt dat deze relevant zijn voor digitale dienstverleners.
Het betreft een selectie van 'Medium' en 'High' kwetsbaarheden. Voor de inschatting hiervan wordt er gebruik gemaakt van de CVSS 3.1 base scores indien deze beschikbaar zijn. Indien deze niet beschikbaar zijn, zal dit worden aangegeven met 'n/a'.
Critical & High
Broadcom Brocade Fabric OS
https://nvd.nist.gov/vuln/detail/CVE-2022-33186 (9.8)
Citrix ADC / Gateway
https://nvd.nist.gov/vuln/detail/CVE-2022-27518 (9.8)
Fortinet FortiOS SSH login / FortiProxy SSH login
https://nvd.nist.gov/vuln/detail/CVE-2022-35843 (9.8)
Jenkins diverse plugins
https://www.jenkins.io/security/advisory/2022-12-07/ (9.8-n/a)
VMware vRealize Network Insight (vRNI)
https://www.vmware.com/security/advisories/VMSA-2022-0031.html (9.8-7.5)
xrdp
https://nvd.nist.gov/vuln/detail/CVE-2022-23468 (9.8)
https://nvd.nist.gov/vuln/detail/CVE-2022-23477 (9.8)
https://nvd.nist.gov/vuln/detail/CVE-2022-23478 (9.8)
https://nvd.nist.gov/vuln/detail/CVE-2022-23479 (9.8)
https://nvd.nist.gov/vuln/detail/CVE-2022-23480 (9.8)
https://nvd.nist.gov/vuln/detail/CVE-2022-23484 (9.8)
https://nvd.nist.gov/vuln/detail/CVE-2022-23481 (9.1)
https://nvd.nist.gov/vuln/detail/CVE-2022-23482 (9.1)
https://nvd.nist.gov/vuln/detail/CVE-2022-23483 (9.1)
https://nvd.nist.gov/vuln/detail/CVE-2022-23493 (9.1)
Proofpoint Enterprise Protection
https://nvd.nist.gov/vuln/detail/CVE-2022-46332 (9.6)
https://nvd.nist.gov/vuln/detail/CVE-2022-46333 (7.2)
Fortinet FortiOS SSL-VPN
https://www.fortiguard.com/psirt/FG-IR-22-398 (9.3)
VMware ESXi / Workstation Pro / Player (Workstation) / Fusion Pro / Fusion / Cloud Foundation
https://www.vmware.com/security/advisories/VMSA-2022-0033.html (9.3-5.9)
MobaXTerm
https://nvd.nist.gov/vuln/detail/CVE-2022-38337 (9.1)
Aruba EdgeConnect Enterprise Orchestrator
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-021.txt (8.8-4.6)
F5 BIG-IP / BIG-IQ iControl SOAP
https://nvd.nist.gov/vuln/detail/CVE-2022-41622 (8.8)
HPE OfficeConnect 1820 / 1850 / 1920S Network switches
https://nvd.nist.gov/vuln/detail/CVE-2022-37932 (8.8)
Microsoft SharePoint Server
https://nvd.nist.gov/vuln/detail/CVE-2022-44690 (8.8)
https://nvd.nist.gov/vuln/detail/CVE-2022-44693 (8.8)
F5 BIG-IP iControl REST
https://nvd.nist.gov/vuln/detail/CVE-2022-41800 (8.7)
Red Hat OpenStack Platform
https://access.redhat.com/security/cve/CVE-2022-3596 (8.6)
Microsoft Windows
https://www.ncsc.nl/actueel/advisory?id=NCSC-2022-0768 (8.5-5.4)
HP Support Assistant
https://nvd.nist.gov/vuln/detail/CVE-2022-38395 (8.2)
Dell PowerScale OneFS
https://www.dell.com/support/kbdoc/nl-nl/000206357/dell-emc-powerscale-… (8.1-5.4)
Cisco IP Phone 7800 / 8800 Series
https://nvd.nist.gov/vuln/detail/CVE-2022-20968 (8.1)
HPE Nimble Storage Hybrid Flash Arrays / Nimble Storage Secondary Flash Arrays
https://nvd.nist.gov/vuln/detail/CVE-2022-37928 (8.0)
https://nvd.nist.gov/vuln/detail/CVE-2022-37930 (6.7)
https://nvd.nist.gov/vuln/detail/CVE-2022-37929 (5.5)
IBM Spectrum Scale
https://nvd.nist.gov/vuln/detail/CVE-2022-43867 (7.8)
Microsoft Azure
https://www.ncsc.nl/actueel/advisory?id=NCSC-2022-0773 (7.8-4.4)
Microsoft Windows Terminal
https://www.ncsc.nl/actueel/advisory?id=NCSC-2022-0772 (7.8)
Trend Micro Apex One / Trend Micro Apex One as a Service
https://success.trendmicro.com/dcx/s/solution/000291830 (7.8-5.5)
https://success.trendmicro.com/dcx/s/solution/000291770 (7.8-4.4)
Fortinet FortiSandbox / FortiDeceptor
https://nvd.nist.gov/vuln/detail/CVE-2022-30305 (7.5)
VMware ESXi / vCenter Server / Cloud Foundation
https://www.vmware.com/security/advisories/VMSA-2022-0030.html (7.5-4.2)
VMware Workspace ONE Access (Access) / Identity Manager (vIDM) / Cloud Foundation
https://www.vmware.com/security/advisories/VMSA-2022-0032.html (7.2-5.3)
Medium
Amazon CloudWatch Agent for Windows
https://nvd.nist.gov/vuln/detail/CVE-2022-23511 (6.8)
containerd
https://nvd.nist.gov/vuln/detail/CVE-2022-23471 (6.5)
Traefik
https://nvd.nist.gov/vuln/detail/CVE-2022-46153 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-23469 (6.5)
HPE Integrated Lights-Out 5
https://nvd.nist.gov/vuln/detail/CVE-2021-46846 (6.4)
HPE OneView Global Dashboard (OVGD)
https://nvd.nist.gov/vuln/detail/CVE-2022-37927 (6.1)
Fortinet FortiOS
https://nvd.nist.gov/vuln/detail/CVE-2022-40680 (5.4)
Fortinet FortiSOAR
https://nvd.nist.gov/vuln/detail/CVE-2022-38379 (5.4)
Buildah
https://nvd.nist.gov/vuln/detail/CVE-2022-4122 (5.3)
Broadcom Brocade SANnav
https://nvd.nist.gov/vuln/detail/CVE-2022-33187 (4.9)
HCL Launch
https://nvd.nist.gov/vuln/detail/CVE-2022-42445 (4.9)
IBM OpenBMC OP910 / OP940
https://nvd.nist.gov/vuln/detail/CVE-2022-22488 (4.9)
F-Secure / WithSecure
https://nvd.nist.gov/vuln/detail/CVE-2022-45871 (4.3)
Devolutions Remote Desktop Manager
https://nvd.nist.gov/vuln/detail/CVE-2022-3641 (n/a)