Kwetsbaarheden - Week 43

Het CSIRT-DSP maakt op wekelijkse basis een selectie van kwetsbaarheden, waarbij het CSIRT-DSP de inschatting heeft gemaakt dat deze relevant zijn voor digitale dienstverleners.

Het betreft een selectie van 'Medium' en 'High' kwetsbaarheden. Voor de inschatting hiervan wordt er gebruik gemaakt van de CVSS 3.1 base scores indien deze beschikbaar zijn. Indien deze niet beschikbaar zijn, zal dit worden aangegeven met 'n/a'.

Critical & High

Jenkins diverse plugins
https://www.jenkins.io/security/advisory/2022-10-19/ (9.9-4.3)

Aruba ArubaOS / SD-WAN
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-016.txt (9.8-4.4)

Exim
https://nvd.nist.gov/vuln/detail/CVE-2022-3620 (9.8)

VMware Cloud Foundation (NSX-V)
https://www.vmware.com/security/advisories/VMSA-2022-0027.html (9.8-5.3)

Adobe Commerce / Magento
https://nvd.nist.gov/vuln/detail/CVE-2022-42344 (8.8)

F5OS
https://nvd.nist.gov/vuln/detail/CVE-2022-41835 (8.8)
https://nvd.nist.gov/vuln/detail/CVE-2022-41780 (5.5)

GitHub Enterprise Server
https://nvd.nist.gov/vuln/detail/CVE-2022-23734 (8.8)

SolarWinds Platform
https://nvd.nist.gov/vuln/detail/CVE-2022-36958 (8.8)
https://nvd.nist.gov/vuln/detail/CVE-2022-38108 (7.2)
https://nvd.nist.gov/vuln/detail/CVE-2022-36957 (7.2)
https://nvd.nist.gov/vuln/detail/CVE-2022-36966 (5.4)

Cisco Meraki MX and Z3 Teleworker Gateway VPN
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/c… (8.6)

Azure CLI
https://nvd.nist.gov/vuln/detail/CVE-2022-39327 (8.1)

NetApp ONTAP
https://nvd.nist.gov/vuln/detail/CVE-2022-23241 (8.1)

baramundi Management Agent (bMA)
https://nvd.nist.gov/vuln/detail/CVE-2022-43747 (8.0)

Broadcom Brocade Fabric OS
https://nvd.nist.gov/vuln/detail/CVE-2022-33182 (7.8)
https://nvd.nist.gov/vuln/detail/CVE-2022-33185 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-28169 (7.3)
https://nvd.nist.gov/vuln/detail/CVE-2022-33178 (7.2)
https://nvd.nist.gov/vuln/detail/CVE-2022-33183 (7.1)
https://nvd.nist.gov/vuln/detail/CVE-2022-28170 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-33184 (6.1)
https://nvd.nist.gov/vuln/detail/CVE-2022-33179 (5.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-33180 (5.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-33181 (5.5)

Automox Agent
https://nvd.nist.gov/vuln/detail/CVE-2022-36122 (7.8)

F5 NGNIX Plus / Open Source
https://nvd.nist.gov/vuln/detail/CVE-2022-41741 (7.8)
https://nvd.nist.gov/vuln/detail/CVE-2022-41742 (7.1)
https://nvd.nist.gov/vuln/detail/CVE-2022-41743 (7.0)

Dell EMC PowerScale OneFS
https://www.dell.com/support/kbdoc/nl-nl/000204053/dsa-2022-245-dell-em… (7.5-6.7)
https://www.dell.com/support/kbdoc/nl-nl/000201094/dsa-2022-149-dell-em… (4.4)

F5 BIG-IP
https://nvd.nist.gov/vuln/detail/CVE-2022-41624 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-41832 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-41833 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-36795 (5.3)
https://nvd.nist.gov/vuln/detail/CVE-2022-41743 (4.9)

F5 BIG-IP Advanced WAF / ASM
https://nvd.nist.gov/vuln/detail/CVE-2022-41836 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-41691 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-41617 (7.2)

F5 BIG-IP AFM / PEM
https://nvd.nist.gov/vuln/detail/CVE-2022-41813 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-41813 (6.5)

F5 BIG-IP DNS
https://nvd.nist.gov/vuln/detail/CVE-2022-41787 (7.5)

GitLab CE/EE
https://nvd.nist.gov/vuln/detail/CVE-2022-3639 (7.5)

Redis
https://nvd.nist.gov/vuln/detail/CVE-2022-3647 (7.5)

Cisco Identity Services Engine (ISE)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/c… (7.1)

Medium

F5 BIG-IP / BIG-IQ
https://nvd.nist.gov/vuln/detail/CVE-2022-41770 (6.5)

oVirt
https://nvd.nist.gov/vuln/detail/CVE-2022-2805 (6.5)

Flux
https://nvd.nist.gov/vuln/detail/CVE-2022-39272 (4.3)

VMWare Reactor Netty
https://nvd.nist.gov/vuln/detail/CVE-2022-31684 (4.3)

OX App Suite
https://nvd.nist.gov/vuln/detail/CVE-2022-31468 (n/a)