Het CSIRT-DSP maakt op wekelijkse basis een selectie van kwetsbaarheden, waarbij het CSIRT-DSP de inschatting heeft gemaakt dat deze relevant zijn voor digitale dienstverleners.
Het betreft een selectie van 'Medium' en 'High' kwetsbaarheden. Voor de inschatting hiervan wordt er gebruik gemaakt van de CVSS 3.1 base scores indien deze beschikbaar zijn. Indien deze niet beschikbaar zijn, zal dit worden aangegeven met 'n/a'.
Critical & High
Devolutions Server
https://devolutions.net/security/advisories/DEVO-2023-0003 (9.9-6.5)
Aruba ArubaOS / SD-WAN
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt (9.8-4.8)
ForgeRock Access Management Web Policy Agent
https://nvd.nist.gov/vuln/detail/CVE-2023-0339 (9.1)
https://nvd.nist.gov/vuln/detail/CVE-2023-0511 (9.1)
Cisco Application Policy Infrastructure Controller (APIC) / Cloud Network Controller (voorheen Cloud APIC)
https://nvd.nist.gov/vuln/detail/CVE-2023-20011 (8.8)
Hitachi Infrastructure Analytics Advisor (Linux) / Ops Center Analyzer (Linux)
https://nvd.nist.gov/vuln/detail/CVE-2022-4895 (8.6)
HPE Serviceguard
https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=h… (8.1-5.6)
HPE OneView for VMware vCenter
https://nvd.nist.gov/vuln/detail/CVE-2022-37935 (7.8)
Cisco Nexus 9000 Series Fabric Switches
https://nvd.nist.gov/vuln/detail/CVE-2023-20089 (7.4)
Hitachi Ops Center Analyzer (Windows)
https://nvd.nist.gov/vuln/detail/CVE-2022-3884 (7.3)
Zoho ManageEngine Desktop Central / Desktop Central MSP
https://nvd.nist.gov/vuln/detail/CVE-2022-48362 (n/a)
Medium
OpenNMS Meridian / Horizon
https://nvd.nist.gov/vuln/detail/CVE-2023-0815 (6.8)
https://nvd.nist.gov/vuln/detail/CVE-2023-0846 (6.7)
https://nvd.nist.gov/vuln/detail/CVE-2023-0867 (6.7)
https://nvd.nist.gov/vuln/detail/CVE-2023-0868 (6.7)
https://nvd.nist.gov/vuln/detail/CVE-2023-0869 (5.8)
Hitachi Automation Director (Linux) / Infrastructure Analytics Advisor (Linux) / Ops Center Automator (Linux) / Ops Center Analyzer (Linux) / Ops Center Viewpoint (Linux)
https://nvd.nist.gov/vuln/detail/CVE-2020-36652 (6.6)
IBM Spectrum Virtualize
https://nvd.nist.gov/vuln/detail/CVE-2022-43870 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-43873 (6.3)
Cisco FXOS / UCS Manager Software
https://nvd.nist.gov/vuln/detail/CVE-2023-20016 (6.3)
VMware Workspace ONE Content
https://nvd.nist.gov/vuln/detail/CVE-2023-20857 (6.3)
Cisco Firepower 4100 Series / Firepower 9300 Security Appliances / UCS 6200, 6300, 6400, 6500 Series Fabric Interconnects
https://nvd.nist.gov/vuln/detail/CVE-2023-20015 (6.0)
Dell PowerScale OneFS
https://www.dell.com/support/kbdoc/nl-nl/000209895/dell-emc-powerscale-… (6.0-5.3)
Nextcloud Server / Enterprise Server
https://nvd.nist.gov/vuln/detail/CVE-2023-25579 (6.0)
https://nvd.nist.gov/vuln/detail/CVE-2023-25821 (5.7)
https://nvd.nist.gov/vuln/detail/CVE-2023-25816 (4.3)
IBM Cloud Pak for Business Automation
https://nvd.nist.gov/vuln/detail/CVE-2023-22860 (5.4)
Cisco AsyncOS Software for Cisco Secure Web Appliance (voorheen Web Security Appliance (WSA))
https://nvd.nist.gov/vuln/detail/CVE-2022-20952 (5.3)
Cisco Nexus 9300-FX3 Series Fabric Extender (FEX)
https://nvd.nist.gov/vuln/detail/CVE-2023-20012 (5.3)
NetApp Active IQ Unified Manager for VMware vSphere
https://nvd.nist.gov/vuln/detail/CVE-2022-23239 (4.8)
https://nvd.nist.gov/vuln/detail/CVE-2022-23240 (4.3)
Cisco NX-OS Software
https://nvd.nist.gov/vuln/detail/CVE-2023-20050 (4.4)
Red Hat Directory Server
https://nvd.nist.gov/vuln/detail/CVE-2023-1055 (medium)
pfSense CE / Plus
https://nvd.nist.gov/vuln/detail/CVE-2022-29273 (n/a)