Kwetsbaarheden - Week 17

Het CSIRT-DSP maakt op wekelijkse basis een selectie van kwetsbaarheden, waarbij het CSIRT-DSP de inschatting heeft gemaakt dat deze relevant zijn voor digitale dienstverleners.

Het betreft een selectie van 'Medium' en 'High' kwetsbaarheden. Voor de inschatting hiervan wordt er gebruik gemaakt van de CVSS 3.1 base scores indien deze beschikbaar zijn. Indien deze niet beschikbaar zijn, zal dit worden aangegeven met 'n/a'.

Critical & High

CrushFTP
https://nvd.nist.gov/vuln/detail/CVE-2024-4040 (9.8)

FreeRDP
https://nvd.nist.gov/vuln/detail/CVE-2024-32039 (9.8)
https://nvd.nist.gov/vuln/detail/CVE-2024-32041 (9.8)
https://nvd.nist.gov/vuln/detail/CVE-2024-32458 (9.8)
https://nvd.nist.gov/vuln/detail/CVE-2024-32459 (9.8)
https://nvd.nist.gov/vuln/detail/CVE-2024-32658 (9.8)
https://nvd.nist.gov/vuln/detail/CVE-2024-32659 (9.8)
https://nvd.nist.gov/vuln/detail/CVE-2024-32040 (8.1)
https://nvd.nist.gov/vuln/detail/CVE-2024-32460 (8.1)
https://nvd.nist.gov/vuln/detail/CVE-2024-32660 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2024-32661 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2024-32662 (7.5)

BeyondTrust U-Series Appliance (Windows)
https://nvd.nist.gov/vuln/detail/CVE-2024-4017 (8.8)
https://nvd.nist.gov/vuln/detail/CVE-2024-4018 (8.8)

Dell Repository Manager
https://nvd.nist.gov/vuln/detail/CVE-2024-28976 (8.8)

Cisco Integrated Management Controller
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (8.8)
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (8.7)

Broadcom Brocade SANnav
https://nvd.nist.gov/vuln/detail/CVE-2024-29959 (8.6)
https://nvd.nist.gov/vuln/detail/CVE-2024-29963 (8.6)
https://nvd.nist.gov/vuln/detail/CVE-2024-29961 (8.2)
https://nvd.nist.gov/vuln/detail/CVE-2024-29968 (7.7)
https://nvd.nist.gov/vuln/detail/CVE-2024-29950 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2024-29957 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2024-29958 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2024-29960 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2024-29966 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2024-29969 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2024-29965 (6.8)
https://nvd.nist.gov/vuln/detail/CVE-2024-29956 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2024-29951 (5.7)
https://nvd.nist.gov/vuln/detail/CVE-2024-29952 (5.5)
https://nvd.nist.gov/vuln/detail/CVE-2024-29962 (5.5)
https://nvd.nist.gov/vuln/detail/CVE-2024-29955 (5.0)
https://nvd.nist.gov/vuln/detail/CVE-2024-29964 (4.9)
https://nvd.nist.gov/vuln/detail/CVE-2024-29967 (4.4)

SolarWinds Serv-U
https://nvd.nist.gov/vuln/detail/CVE-2024-28073 (8.4)

NetApp ONTAP
https://nvd.nist.gov/vuln/detail/CVE-2024-21989 (8.1)
https://nvd.nist.gov/vuln/detail/CVE-2024-21990 (5.4)

GitHub Enterprise Server
https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3… (8.0-5.5)

Veritas Backup Exec
https://www.veritas.com/support/en_US/security/VTS24-002 (7.7)

ClamAV
https://nvd.nist.gov/vuln/detail/CVE-2024-20380 (7.5)

Envoy Proxy
https://nvd.nist.gov/vuln/detail/CVE-2024-32475 (7.5)

Hitachi Ops Center Analyzer
https://nvd.nist.gov/vuln/detail/CVE-2024-2493 (7.5)

SolarWinds Platform
https://nvd.nist.gov/vuln/detail/CVE-2024-29001 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2024-29003 (7.5)

LibreNMS
https://nvd.nist.gov/vuln/detail/CVE-2024-32480 (7.2)
https://nvd.nist.gov/vuln/detail/CVE-2024-32461 (7.1)
https://nvd.nist.gov/vuln/detail/CVE-2024-32479 (7.1)

ownCloud
https://owncloud.com/security-advisories/authentication-bypass-using-pr… (7.5)
https://owncloud.com/security-advisories/denial-of-service-in-comments-… (4.3)
https://owncloud.com/security-advisories/improper-validation-in-the-use… (4.3)
https://owncloud.com/security-advisories/improper-validation-in-the-use… (4.3)
https://owncloud.com/security-advisories/biometric-authentication-bypas… (4.0)

OpenStack Storlets
https://nvd.nist.gov/vuln/detail/CVE-2024-28717 (n/a)

Medium

Dell ThinOS 2402
https://nvd.nist.gov/vuln/detail/CVE-2024-28963 (6.2)

Watchdog Antivirus
https://nvd.nist.gov/vuln/detail/CVE-2024-1241 (5.5)

IBM Cloud Pak for Security
https://nvd.nist.gov/vuln/detail/CVE-2023-47731 (5.4)

Cisco IOS / IOS XE Software
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (5.3)

Moby
https://nvd.nist.gov/vuln/detail/CVE-2024-32473 (4.7)

OpenStack Ironic
https://nvd.nist.gov/vuln/detail/CVE-2024-31463 (4.7)

Hitachi Ops Center Administrator
https://nvd.nist.gov/vuln/detail/CVE-2023-6833 (4.4)

BlazeMeter Jenkins plugin
https://nvd.nist.gov/vuln/detail/CVE-2024-3825 (4.3)

Octopus Deploy
https://nvd.nist.gov/vuln/detail/CVE-2023-4509 (4.3)

Check Point ZoneAlarm Extreme Security NextGen / Identity Agent for Windows / Identity Agent for Windows Terminal Server
https://nvd.nist.gov/vuln/detail/CVE-2024-24910 (medium)

Linux Kernel Netfilter
https://nvd.nist.gov/vuln/detail/CVE-2024-26910 (n/a)

Zimbra Collaboration
https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P40#Security_Fixes (n/a)