Het CSIRT-DSP maakt op wekelijkse basis een selectie van kwetsbaarheden, waarbij het CSIRT-DSP de inschatting heeft gemaakt dat deze relevant zijn voor digitale dienstverleners.
Het betreft een selectie van 'Medium' en 'High' kwetsbaarheden. Voor de inschatting hiervan wordt er gebruik gemaakt van de CVSS 3.1 base scores indien deze beschikbaar zijn. Indien deze niet beschikbaar zijn, zal dit worden aangegeven met 'n/a'.
Critical & High
Atlassian Confluence Data Center / Confluence Server
https://nvd.nist.gov/vuln/detail/CVE-2023-22527 (10.0)
https://nvd.nist.gov/vuln/detail/CVE-2024-21674 (8.6)
https://nvd.nist.gov/vuln/detail/CVE-2024-21672 (8.3)
https://nvd.nist.gov/vuln/detail/CVE-2024-21673 (8.0)
https://nvd.nist.gov/vuln/detail/CVE-2023-22526 (7.2)
GitLab CE/EE
https://about.gitlab.com/releases/2024/01/11/critical-security-release-… (10.0-6.6)
Juniper Networks Junos OS
https://nvd.nist.gov/vuln/detail/CVE-2024-21616 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-36842 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2024-21617 (6.5)
SRX Series / EX Series (J-Web)
https://nvd.nist.gov/vuln/detail/CVE-2024-21591 (9.8)
EX4100 / EX4400 / EX4600 / QFX5000 Series
https://nvd.nist.gov/vuln/detail/CVE-2024-21595 (7.5)
SRX Series
https://nvd.nist.gov/vuln/detail/CVE-2024-21606 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2024-21601 (5.9)
MX Series
https://nvd.nist.gov/vuln/detail/CVE-2024-21587 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2024-21599 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2024-21603 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2024-21597 (5.3)
PTX Series
https://nvd.nist.gov/vuln/detail/CVE-2024-21600 (6.5)
SRX 5000 Series
https://nvd.nist.gov/vuln/detail/CVE-2024-21594 (5.5)
MX Series / EX9200 Series
https://nvd.nist.gov/vuln/detail/CVE-2024-21607 (5.3)
Ivanti Connect Secure (ICS) (voorheen Pulse Connect Secure en Ivanti Policy Secure)
https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypas… (9.1-8.2)
Zoho ManageEngine ADSelfService Plus
https://nvd.nist.gov/vuln/detail/CVE-2024-0252 (8.8)
IBM Security Access Manager Container (Security Verify Access Appliance / Security Verify Access Docker)
https://nvd.nist.gov/vuln/detail/CVE-2023-31003 (8.4)
https://nvd.nist.gov/vuln/detail/CVE-2023-38267 (6.2)
https://nvd.nist.gov/vuln/detail/CVE-2023-31001 (5.1)
SonicWall NetExtender Windows Client
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-6340 (8.2)
Redis
https://nvd.nist.gov/vuln/detail/CVE-2023-41056 (8.1)
Trend Micro Deep Security Agent / Cloud One
https://success.trendmicro.com/dcx/s/solution/000296337 (7.8)
Juniper Networks Junos OS Evolved
https://nvd.nist.gov/vuln/detail/CVE-2024-21604 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2024-21612 (7.5)
ACX7024 / ACX7100-32C / ACX7100-48L
https://nvd.nist.gov/vuln/detail/CVE-2024-21602 (7.5)
Juniper Networks Junos OS / Junos OS Evolved
https://nvd.nist.gov/vuln/detail/CVE-2024-21611 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2024-21614 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2024-21613 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2024-21585 (5.9)
https://nvd.nist.gov/vuln/detail/CVE-2024-21596 (5.3)
Juniper Networks Paragon Active Assurance Control Center
https://nvd.nist.gov/vuln/detail/CVE-2024-21589 (7.4)
Cisco Unity Connection
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (7.3)
GitHub Enterprise Server
https://nvd.nist.gov/vuln/detail/CVE-2024-0200 (7.2)
https://nvd.nist.gov/vuln/detail/CVE-2024-0507 (6.5)
Dell iDRAC Service Module
https://nvd.nist.gov/vuln/detail/CVE-2024-22428 (7.0)
Medium
Cisco ThousandEyes Enterprise Agent
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (6.8)
Hitachi Tuning Manager (Windows)
https://nvd.nist.gov/vuln/detail/CVE-2023-6457 (6.6)
Cisco Evolved Programmable Network Manager / Prime Infrastructure
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (6.5)
Cisco WAP371 Wireless Access Point
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (6.5)
QEMU
https://nvd.nist.gov/vuln/detail/CVE-2023-6683 (6.5)
HCL BigFix Bare OSD Metal Server WebUI
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB01097… (5.6)
Cisco TelePresence Management Suite
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (5.4)
Hitachi Device Manager (Windows / Linux)
https://www.hitachi.com/products/it/software/security/info/vuls/hitachi… (5.3-4.6)
Cisco BroadWorks Application Delivery Platform / Xtended Services Platform
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (4.8)
Cisco Identity Services Engine
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (4.8)
WithSecure Endpoint Protection Windows / Client Security / Server Security / Email and Server Security / Elements Endpoint Protection
https://www.withsecure.com/en/support/security-advisories/cve-2024-n (n/a)