Kwetsbaarheden - Week 25

Het CSIRT-DSP maakt op wekelijkse basis een selectie van kwetsbaarheden, waarbij het CSIRT-DSP de inschatting heeft gemaakt dat deze relevant zijn voor digitale dienstverleners.

Het betreft een selectie van 'Medium' en 'High' kwetsbaarheden. Voor de inschatting hiervan wordt er gebruik gemaakt van de CVSS 3.1 base scores indien deze beschikbaar zijn. Indien deze niet beschikbaar zijn, zal dit worden aangegeven met 'n/a'.

Critical & High

Elastic Kibana
https://discuss.elastic.co/t/kibana-7-17-22-8-14-0-security-update-esa-2024-17/361508 (9.9)
https://discuss.elastic.co/t/kibana-8-14-0-7-17-22-security-update/361502 (6.1)
https://discuss.elastic.co/t/kibana-8-14-0-7-17-22-security-update-esa-2024-11/361460 (4.9)
https://discuss.elastic.co/t/kibana-8-14-0-security-update-esa-2024-15/360887 (4.3)

VMware vCenter Server
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453 (9.8-7.8)

Dell OS10 Networking Switches
https://www.dell.com/support/kbdoc/en-us/000225922/dsa-2024-087-security-update-for-dell-networking-os10-vulnerability (8.8) 

Jupyter JupyterHub
https://nvd.nist.gov/vuln/detail/CVE-2024-37300 (8.1)

Nextcloud Server
https://nvd.nist.gov/vuln/detail/CVE-2024-37882 (8.1)
https://nvd.nist.gov/vuln/detail/CVE-2024-37313 (7.3)

Cillium
https://nvd.nist.gov/vuln/detail/CVE-2024-37307 (7.9)

Dell Client Platform BIOS / BIOS
https://www.dell.com/support/kbdoc/en-us/000223440/dsa-2024-125 (7.5)
https://www.dell.com/support/kbdoc/en-us/000223439/dsa-2024-124 (7.5)
https://www.dell.com/support/kbdoc/de-de/000224763/dsa-2024-122 (6.8)
https://www.dell.com/support/kbdoc/en-us/000221745/dsa-2024-067 (5.1)
https://www.dell.com/support/kbdoc/de-de/000225476/dsa-2024-168 (4.7)

Dell Secure Connect Gateway Policy Manager
https://nvd.nist.gov/vuln/detail/CVE-2024-37131 (7.5)

Telemetry Dashboard for Dell ThinOS 2402
https://nvd.nist.gov/vuln/detail/CVE-2024-30472 (7.5) 

Atlassian Jira Core Data Center
https://nvd.nist.gov/vuln/detail/CVE-2024-21685 (7.4)

IBM Cloud Pak for Security
https://nvd.nist.gov/vuln/detail/CVE-2023-47726 (7.1)

Medium

Palo Alto Networks Cortex XDR Agent (Windows)
https://security.paloaltonetworks.com/CVE-2024-5909 (6.8) 
https://nvd.nist.gov/vuln/detail/CVE-2024-5907 (5.2)

Checkmk
https://nvd.nist.gov/vuln/detail/CVE-2024-5741 (6.5) 

Gitlab CE/EE
https://about.gitlab.com/releases/2024/06/12/patch-release-gitlab-17-0-2-released/ (6.5-4.4)

Nextcloud OpenID
https://nvd.nist.gov/vuln/detail/CVE-2024-37312 (6.3)
https://nvd.nist.gov/vuln/detail/CVE-2024-37886 (5.4)

Citrix XenServer / Hypervisor
https://support.citrix.com/article/CTX677100/xenserver-and-citrix-hypervisor-security-update-for-cve20245661 (5.9) 

389-ds-base LDAP server
https://nvd.nist.gov/vuln/detail/CVE-2024-5953 (5.7)

Devolutions Remote Desktop Manager
https://devolutions.net/security/advisories/DEVO-2024-0008 (5.7)

Palo Alto Networks GlobalProtect App
https://security.paloaltonetworks.com/CVE-2024-5908 (5.5)
https://security.paloaltonetworks.com/CVE-2024-5907 (5.2)

Dell Secure Connect Gateway (SCG)
https://www.dell.com/support/kbdoc/en-us/000225910/dsa-2024-181-security-update-for-dell-secure-connect-gateway-application-and-appliance-vulnerabilities (5.4-4.3)

Palo Alto Networks Prisma Cloud Compute
https://nvd.nist.gov/vuln/detail/CVE-2024-5906 (4.8)

Nextcloud OpenID Connect
https://nvd.nist.gov/vuln/detail/CVE-2024-37886 (5.4)

NetApp StorageGRID
https://security.netapp.com/advisory/ntap-20240614-0010/ (5.3)

Palo Alto Networks Prisma Cloud Compute
https://security.paloaltonetworks.com/CVE-2024-5906 (4.8)

Nextcloud Calendar
https://nvd.nist.gov/vuln/detail/CVE-2024-37316 (4.6)

Nextcloud Notes
https://nvd.nist.gov/vuln/detail/CVE-2024-37317 (4.6)

Acronis Cloud Manager (Windows)
https://nvd.nist.gov/vuln/detail/CVE-2024-34012 (4.4)

NextCloud Deck
https://nvd.nist.gov/vuln/detail/CVE-2024-37883 (4.3)

Zoom Workplace / Rooms / Meeting SDK
https://www.zoom.com/en/trust/security-bulletin/zsb-24016/ (4.3)
https://www.zoom.com/en/trust/security-bulletin/zsb-24017/ (4.3)
https://www.zoom.com/en/trust/security-bulletin/zsb-24018/ (4.3)

HashiCorp Vault / Vault Enterprise
https://nvd.nist.gov/vuln/detail/CVE-2024-5798 (n/a)