Skip to main content

Evaluaciones del marco de seguridad

Los contratistas del Departamento de Defensa deben prepararse ahora para la nueva Certificación del Modelo de Madurez de Ciberseguridad (CMMC) que se requerirá para presentar ofertas en contratos futuros. UNS puede ayudarlo a identificar deficiencias y desarrollar un plan específico para cumplir con estos nuevos requisitos de cumplimiento.

Nuestros consultores capacitados y experimentados realizarán una evaluación inicial de su organización según los mismos criterios utilizados en las auditorías NIST SP 800-171 y CMMC. Nos reuniremos con su personal gerencial, administrativo y operativo para ayudarlo a alinear los resultados de la evaluación con sus habilidades y plazos para hacer recomendaciones específicas que lo ayudarán a alcanzar sus objetivos de cumplimiento.

Base de datos de vulnerabilidades del NIST

El NVD es el repositorio del gobierno de EE. UU. de datos de gestión de vulnerabilidades basados en estándares representados mediante el Protocolo de automatización de contenido de seguridad (SCAP). Estos datos permiten la automatización de la gestión de vulnerabilidades, la medición de la seguridad y el cumplimiento. El NVD incluye bases de datos de referencias de listas de verificación de seguridad, fallas de software relacionadas con la seguridad, configuraciones incorrectas, nombres de productos y métricas de impacto.

Últimos 20 identificadores de vulnerabilidad puntuados y resúmenes

CVE-2019-16780 – WordPress users with lower privileges (like contributors) can inject JavaScript code in the block editor using a specific payload, which is executed within the… Read More
Published: Dec 26, 2019 | Updated: Nov 23, 2022
CVSS Severity
V2.0: 3.5 LOW

CVE-2022-32060 – An arbitrary file upload vulnerability in the Update Branding Settings component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file. Read More
Published: Jul 07, 2022 | Updated: Nov 23, 2022
CVSS Severity
V2.0: 3.5 LOW

CVE-2019-19221 – In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call. For example, bsdtar crashes via a… Read More
Published: Nov 21, 2019 | Updated: Nov 22, 2022
CVSS Severity
V2.0: 2.1 LOW

CVE-2019-0185 – Insufficient access control in protected memory subsystem for SMM for 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor families; Intel(R) Xeon(R) Processor E3-1500… Read More
Published: Nov 14, 2019 | Updated: Nov 21, 2022
CVSS Severity
V2.0: 2.1 LOW

CVE-2017-2127 – Cross-site scripting vulnerability in YOP Poll versions prior to 5.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Read More
Published: Apr 28, 2017 | Updated: Nov 21, 2022
CVSS Severity
V2.0: 3.5 LOW

CVE-2020-8017 – A Race Condition Enabling Link Following vulnerability in the cron job shipped with texlive-filesystem of SUSE Linux Enterprise Module for Desktop Applications 15-SP1, SUSE… Read More
Published: Apr 02, 2020 | Updated: Nov 21, 2022
CVSS Severity
V2.0: 3.3 LOW

CVE-2020-12866 – A NULL pointer dereference in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause… Read More
Published: Jun 24, 2020 | Updated: Nov 21, 2022
CVSS Severity
V2.0: 2.7 LOW

CVE-2020-25596 – An issue was discovered in Xen through 4.14.x. x86 PV guest kernels can experience denial of service via SYSENTER. The SYSENTER instruction leaves various… Read More
Published: Sep 23, 2020 | Updated: Nov 21, 2022
CVSS Severity
V2.0: 2.1 LOW

CVE-2022-2060 – Cross-site Scripting (XSS) – Stored in GitHub repository dolibarr/dolibarr prior to 16.0. Read More
Published: Jun 13, 2022 | Updated: Nov 17, 2022
CVSS Severity
V2.0: 3.5 LOW

CVE-2017-1000509 – Dolibarr version 6.0.2 contains a Cross Site Scripting (XSS) vulnerability in Product details that can result in execution of javascript code. Read More
Published: Feb 09, 2018 | Updated: Nov 17, 2022
CVSS Severity
V2.0: 3.5 LOW

CVE-2018-19992 – A stored cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" (POST)… Read More
Published: Jan 03, 2019 | Updated: Nov 17, 2022
CVSS Severity
V2.0: 3.5 LOW

CVE-2018-19995 – A stored cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" (POST)… Read More
Published: Jan 03, 2019 | Updated: Nov 17, 2022
CVSS Severity
V2.0: 3.5 LOW

CVE-2019-16685 – Dolibarr 9.0.5 has stored XSS vulnerability via a User Group Description section to card.php. A user with the "Create/modify other users, groups and permissions"… Read More
Published: Sep 27, 2019 | Updated: Nov 17, 2022
CVSS Severity
V2.0: 3.5 LOW

CVE-2019-16686 – Dolibarr 9.0.5 has stored XSS in a User Note section to note.php. A user with no privileges can inject script to attack the admin. Read More
Published: Sep 27, 2019 | Updated: Nov 17, 2022
CVSS Severity
V2.0: 3.5 LOW

CVE-2019-16687 – Dolibarr 9.0.5 has stored XSS in a User Profile in a Signature section to card.php. A user with the "Create/modify other users, groups and… Read More
Published: Sep 27, 2019 | Updated: Nov 17, 2022
CVSS Severity
V2.0: 3.5 LOW

CVE-2019-16688 – Dolibarr 9.0.5 has stored XSS in an Email Template section to mails_templates.php. A user with no privileges can inject script to attack the admin…. Read More
Published: Sep 27, 2019 | Updated: Nov 17, 2022
CVSS Severity
V2.0: 3.5 LOW

CVE-2019-17576 – An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the /admin/mails.php?action=edit URI via the "Send all… Read More
Published: Oct 16, 2019 | Updated: Nov 17, 2022
CVSS Severity
V2.0: 3.5 LOW

CVE-2019-17577 – An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the admin/mails.php?action=edit URI via the "Email used… Read More
Published: Oct 16, 2019 | Updated: Nov 17, 2022
CVSS Severity
V2.0: 3.5 LOW

CVE-2019-17578 – An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the admin/mails.php?action=edit URI via the "Sender email… Read More
Published: Oct 16, 2019 | Updated: Nov 17, 2022
CVSS Severity
V2.0: 3.5 LOW

CVE-2019-19206 – Dolibarr CRM/ERP 10.0.3 allows viewimage.php?file= Stored XSS due to JavaScript execution in an SVG image for a profile picture. Read More
Published: Nov 26, 2019 | Updated: Nov 17, 2022
CVSS Severity
V2.0: 3.5 LOW

Chequeo de salud

No siga su instinto, use datos reales para tomar decisiones tecnológicas informadas.

La tecnología y la seguridad de su organización comienzan con la comprensión de su desempeño actual. Utilice nuestro Health Check para evaluar la salud y la seguridad generales de su organización y obtenga una hoja de ruta clara para la mejora.