Skip to main content

Evaluaciones del marco de seguridad

Los contratistas del Departamento de Defensa deben prepararse ahora para la nueva Certificación del Modelo de Madurez de Ciberseguridad (CMMC) que se requerirá para presentar ofertas en contratos futuros. UNS puede ayudarlo a identificar deficiencias y desarrollar un plan específico para cumplir con estos nuevos requisitos de cumplimiento.

Nuestros consultores capacitados y experimentados realizarán una evaluación inicial de su organización según los mismos criterios utilizados en las auditorías NIST SP 800-171 y CMMC. Nos reuniremos con su personal gerencial, administrativo y operativo para ayudarlo a alinear los resultados de la evaluación con sus habilidades y plazos para hacer recomendaciones específicas que lo ayudarán a alcanzar sus objetivos de cumplimiento.

Base de datos de vulnerabilidades del NIST

El NVD es el repositorio del gobierno de EE. UU. de datos de gestión de vulnerabilidades basados en estándares representados mediante el Protocolo de automatización de contenido de seguridad (SCAP). Estos datos permiten la automatización de la gestión de vulnerabilidades, la medición de la seguridad y el cumplimiento. El NVD incluye bases de datos de referencias de listas de verificación de seguridad, fallas de software relacionadas con la seguridad, configuraciones incorrectas, nombres de productos y métricas de impacto.

Últimos 20 identificadores de vulnerabilidad puntuados y resúmenes

CVE-2022-31303 – maccms10 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Server Group text field. Read More
Published: Jun 21, 2022 | Updated: Jun 29, 2022
CVSS Severity
V2.0: 3.5 LOW

CVE-2022-0544 – An integer underflow in the DDS loader of Blender leads to an out-of-bounds read, possibly allowing an attacker to read sensitive data using a… Read More
Published: Feb 24, 2022 | Updated: Jun 29, 2022
CVSS Severity
V2.0: 2.6 LOW

CVE-2022-32159 – In openlibrary versions deploy-2016-07-0 through deploy-2021-12-22 are vulnerable to Stored XSS. Read More
Published: Jun 22, 2022 | Updated: Jun 28, 2022
CVSS Severity
V2.0: 3.5 LOW

CVE-2022-30874 – There is a Cross Site Scripting Stored (XSS) vulnerability in NukeViet CMS before 4.5.02. Read More
Published: Jun 21, 2022 | Updated: Jun 28, 2022
CVSS Severity
V2.0: 3.5 LOW

CVE-2022-25585 – Unioncms v1.0.13 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Default settings. Read More
Published: Jun 21, 2022 | Updated: Jun 28, 2022
CVSS Severity
V2.0: 3.5 LOW

CVE-2022-31302 – maccms8 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Server Group text field. Read More
Published: Jun 21, 2022 | Updated: Jun 28, 2022
CVSS Severity
V2.0: 3.5 LOW

CVE-2022-23072 – In Recipes, versions 1.0.5 through 1.2.5 are vulnerable to Stored Cross-Site Scripting (XSS), in “Add to Cart” functionality. When a victim accesses the food… Read More
Published: Jun 21, 2022 | Updated: Jun 28, 2022
CVSS Severity
V2.0: 3.5 LOW

CVE-2022-1945 – The Coming Soon & Maintenance Mode by Colorlib WordPress plugin before 1.0.99 does not sanitize and escape some settings, allowing high privilege users such… Read More
Published: Jun 20, 2022 | Updated: Jun 28, 2022
CVSS Severity
V2.0: 3.5 LOW

CVE-2022-1717 – The Custom Share Buttons with Floating Sidebar WordPress plugin before 4.2 does not sanitise and escape some of its settings, which could allow high… Read More
Published: Jun 20, 2022 | Updated: Jun 28, 2022
CVSS Severity
V2.0: 3.5 LOW

CVE-2022-1818 – The Multi-page Toolkit WordPress plugin through 2.6 does not have CSRF check in place when updating its settings, which could allow attackers to make… Read More
Published: Jun 20, 2022 | Updated: Jun 28, 2022
CVSS Severity
V2.0: 3.5 LOW

CVE-2022-1915 – The WP Zillow Review Slider WordPress plugin before 2.4 does not escape a settings, which could allow high privilege users to perform Cross-Site Scripting… Read More
Published: Jun 20, 2022 | Updated: Jun 28, 2022
CVSS Severity
V2.0: 3.5 LOW

CVE-2022-23074 – In Recipes, versions 0.17.0 through 1.2.5 are vulnerable to Stored Cross-Site Scripting (XSS), in the ‘Name’ field of Keyword, Food and Unit components. When… Read More
Published: Jun 21, 2022 | Updated: Jun 28, 2022
CVSS Severity
V2.0: 3.5 LOW

CVE-2022-23073 – In Recipes, versions 1.0.5 through 1.2.5 are vulnerable to Stored Cross-Site Scripting (XSS), in copy to clipboard functionality. When a victim accesses the food… Read More
Published: Jun 21, 2022 | Updated: Jun 28, 2022
CVSS Severity
V2.0: 3.5 LOW

CVE-2022-1896 – The underConstruction WordPress plugin before 1.21 does not sanitise or escape the "Display a custom page using your own HTML" setting before outputting it,… Read More
Published: Jun 20, 2022 | Updated: Jun 28, 2022
CVSS Severity
V2.0: 3.5 LOW

CVE-2022-1889 – The Newsletter WordPress plugin before 7.4.6 does not escape and sanitise the preheader_text setting, which could allow high privilege users to perform Stored Cross-Site… Read More
Published: Jun 20, 2022 | Updated: Jun 28, 2022
CVSS Severity
V2.0: 3.5 LOW

CVE-2022-1831 – The WPlite WordPress plugin through 1.3.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a… Read More
Published: Jun 20, 2022 | Updated: Jun 28, 2022
CVSS Severity
V2.0: 3.5 LOW

CVE-2022-1830 – The Amazon Einzeltitellinks WordPress plugin through 1.3.3 does not have CSRF check in place when updating its settings, which could allow attackers to make… Read More
Published: Jun 20, 2022 | Updated: Jun 28, 2022
CVSS Severity
V2.0: 3.5 LOW

CVE-2022-33981 – drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in… Read More
Published: Jun 18, 2022 | Updated: Jun 28, 2022
CVSS Severity
V3.1: 3.3 LOW
V2.0: 2.1 LOW

CVE-2017-20056 – A vulnerability was found in weblizar User Login Log Plugin 2.2.1. It has been classified as problematic. Affected is an unknown function. The manipulation… Read More
Published: Jun 16, 2022 | Updated: Jun 28, 2022
CVSS Severity
V2.0: 3.5 LOW

CVE-2017-20055 – A vulnerability classified as problematic has been found in BestWebSoft Contact Form Plugin 4.0.0. This affects an unknown part. The manipulation leads to basic… Read More
Published: Jun 16, 2022 | Updated: Jun 28, 2022
CVSS Severity
V2.0: 3.5 LOW

Chequeo de salud

No siga su instinto, use datos reales para tomar decisiones tecnológicas informadas.

La tecnología y la seguridad de su organización comienzan con la comprensión de su desempeño actual. Utilice nuestro Health Check para evaluar la salud y la seguridad generales de su organización y obtenga una hoja de ruta clara para la mejora.