Het CSIRT-DSP maakt op wekelijkse basis een selectie van kwetsbaarheden, waarbij het CSIRT-DSP de inschatting heeft gemaakt dat deze relevant zijn voor digitale dienstverleners.
Het betreft een selectie van 'Medium' en 'High' kwetsbaarheden. Voor de inschatting hiervan wordt er gebruik gemaakt van de CVSS 3.1 base scores indien deze beschikbaar zijn. Indien deze niet beschikbaar zijn, zal dit worden aangegeven met 'n/a'.
Critical & High
IBM Tivoli Workload Scheduler
https://nvd.nist.gov/vuln/detail/CVE-2022-22486 (10.0)
https://nvd.nist.gov/vuln/detail/CVE-2022-38389 (7.1)
Jira Service Management Server / Data Center
https://nvd.nist.gov/vuln/detail/CVE-2023-22501 (9.4)
F5 BIG-IP APM / APM Clients
https://nvd.nist.gov/vuln/detail/CVE-2023-22358 (7.8)
https://nvd.nist.gov/vuln/detail/CVE-2023-22283 (6.3)
VMware Workstation
https://nvd.nist.gov/vuln/detail/CVE-2023-20854 (7.8)
F5 BIG-IP
https://nvd.nist.gov/vuln/detail/CVE-2023-22323 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-22340 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-22374 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-22422 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-22664 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-22842 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-23555 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-22302 (5.9)
https://nvd.nist.gov/vuln/detail/CVE-2023-22326 (4.9)
F5 BIG-IP AFM
https://nvd.nist.gov/vuln/detail/CVE-2023-22281 (7.5)
F5 BIG-IP APM
https://nvd.nist.gov/vuln/detail/CVE-2023-22341 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-22418 (6.1)
BIG-IP Advanced WAF / ASM
https://nvd.nist.gov/vuln/detail/CVE-2023-23552 (7.5)
F5 BIG-IP DNS / LTM
https://nvd.nist.gov/vuln/detail/CVE-2023-22839 (7.5)
Dell EMC NetWorker
https://nvd.nist.gov/vuln/detail/CVE-2023-24576 (7.5)
Dell Enterprise SONiC OS
https://nvd.nist.gov/vuln/detail/CVE-2023-24574 (7.5)
Cisco IOx Application Hosting Environment
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (7.2)
Zyxel ZyWALL/USG / VPN / USG FLEX / ATP
https://nvd.nist.gov/vuln/detail/CVE-2022-38547 (7.2)
Grafana
https://nvd.nist.gov/vuln/detail/CVE-2022-23498 (7.1)
Dell Command Intel vPro
https://nvd.nist.gov/vuln/detail/CVE-2023-23696 (7.0)
F5 F5OS-A / F5OS-C
https://nvd.nist.gov/vuln/detail/CVE-2023-22657 (7.0)
Array Networks AG/vxAG Series
https://nvd.nist.gov/vuln/detail/CVE-2023-24613 (high)
Cloud Foundry Diego
https://nvd.nist.gov/vuln/detail/CVE-2022-31733 (high)
OpenSSL
https://www.openssl.org/news/secadv/20230207.txt (high-medium)
Fortra GoAnywhere MFT
https://nvd.nist.gov/vuln/detail/CVE-2023-0669 (n/a)
Medium
Cisco Prime Infrastructure
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (6.1)
Cisco Identity Services Engine (ISE)
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (6.0)
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (6.0)
Nextcloud Desktop Client
https://nvd.nist.gov/vuln/detail/CVE-2023-23942 (5.4)
Cisco RV340 / RV340W / RV345 / RV345P
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (5.3)
Nextcloud Mail
https://nvd.nist.gov/vuln/detail/CVE-2023-23943 (5.0)
Devolutions Server
https://devolutions.net/security/advisories/DEVO-2023-0002 (medium)
OpenSSH
https://nvd.nist.gov/vuln/detail/CVE-2023-25136 (n/a)
Zoho ManageEngine Asset Explorer
https://nvd.nist.gov/vuln/detail/CVE-2023-23075 (n/a)
Zoho ManageEngine ServiceDesk Plus
https://nvd.nist.gov/vuln/detail/CVE-2023-23073 (n/a)
https://nvd.nist.gov/vuln/detail/CVE-2023-23074 (n/a)
https://nvd.nist.gov/vuln/detail/CVE-2023-23077 (n/a)
https://nvd.nist.gov/vuln/detail/CVE-2023-23078 (n/a)
Zoho ManageEngine Support Center Plus
https://nvd.nist.gov/vuln/detail/CVE-2023-23076 (n/a)