Skip to main content

Evaluaciones del marco de seguridad

Los contratistas del Departamento de Defensa deben prepararse ahora para la nueva Certificación del Modelo de Madurez de Ciberseguridad (CMMC) que se requerirá para presentar ofertas en contratos futuros. UNS puede ayudarlo a identificar deficiencias y desarrollar un plan específico para cumplir con estos nuevos requisitos de cumplimiento.

Nuestros consultores capacitados y experimentados realizarán una evaluación inicial de su organización según los mismos criterios utilizados en las auditorías NIST SP 800-171 y CMMC. Nos reuniremos con su personal gerencial, administrativo y operativo para ayudarlo a alinear los resultados de la evaluación con sus habilidades y plazos para hacer recomendaciones específicas que lo ayudarán a alcanzar sus objetivos de cumplimiento.

Base de datos de vulnerabilidades del NIST

El NVD es el repositorio del gobierno de EE. UU. de datos de gestión de vulnerabilidades basados en estándares representados mediante el Protocolo de automatización de contenido de seguridad (SCAP). Estos datos permiten la automatización de la gestión de vulnerabilidades, la medición de la seguridad y el cumplimiento. El NVD incluye bases de datos de referencias de listas de verificación de seguridad, fallas de software relacionadas con la seguridad, configuraciones incorrectas, nombres de productos y métricas de impacto.

Últimos 20 identificadores de vulnerabilidad puntuados y resúmenes

CVE-2021-24705 – The NEX-Forms WordPress plugin before 8.3.3 does not have CSRF checks in place when editing a form, and does not escape some of its… Read More
Published: Dec 13, 2021 | Updated: Mar 17, 2023
CVSS Severity
V2.0: 3.5 LOW

CVE-2021-3595 – An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur… Read More
Published: Jun 15, 2021 | Updated: Mar 15, 2023
CVSS Severity
V3.1: 3.8 LOW
V2.0: 2.1 LOW

CVE-2021-3594 – An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur… Read More
Published: Jun 15, 2021 | Updated: Mar 15, 2023
CVSS Severity
V3.1: 3.8 LOW
V2.0: 2.1 LOW

CVE-2021-3593 – An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp6_input() function and could occur… Read More
Published: Jun 15, 2021 | Updated: Mar 15, 2023
CVSS Severity
V3.1: 3.8 LOW
V2.0: 2.1 LOW

CVE-2021-3592 – An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur… Read More
Published: Jun 15, 2021 | Updated: Mar 15, 2023
CVSS Severity
V3.1: 3.8 LOW
V2.0: 2.1 LOW

CVE-2021-37208 – A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100,… Read More
Published: Mar 08, 2022 | Updated: Mar 14, 2023
CVSS Severity
V2.0: 3.5 LOW

CVE-2021-21303 – Helm is open-source software which is essentially "The Kubernetes Package Manager". Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes… Read More
Published: Feb 05, 2021 | Updated: Mar 13, 2023
CVSS Severity
V2.0: 3.5 LOW

CVE-2019-1949 – A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS)… Read More
Published: Aug 08, 2019 | Updated: Mar 08, 2023
CVSS Severity
V2.0: 3.5 LOW

CVE-2022-0350 – Cross-site Scripting (XSS) – Stored in GitHub repository vanessa219/vditor prior to 3.8.13. Read More
Published: Mar 31, 2022 | Updated: Mar 07, 2023
CVSS Severity
V2.0: 3.5 LOW

CVE-2022-1290 – Stored XSS in "Name", "Group Name" & "Title" in GitHub repository polonel/trudesk prior to v1.2.0. This allows attackers to execute malicious scripts in the… Read More
Published: Apr 10, 2022 | Updated: Mar 07, 2023
CVSS Severity
V2.0: 3.5 LOW

CVE-2018-3764 – In Nextcloud Contacts before 2.1.2, a missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The… Read More
Published: Jul 05, 2018 | Updated: Mar 04, 2023
CVSS Severity
V2.0: 3.5 LOW

CVE-2018-3829 – In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 it was discovered that a user could scale out allocators on new hosts with an… Read More
Published: Sep 19, 2018 | Updated: Mar 04, 2023
CVSS Severity
V2.0: 3.5 LOW

CVE-2018-3823 – X-Pack Machine Learning versions before 6.2.4 and 5.6.9 had a cross-site scripting (XSS) vulnerability. Users with manage_ml permissions could create jobs containing malicious data… Read More
Published: Sep 19, 2018 | Updated: Mar 04, 2023
CVSS Severity
V2.0: 3.5 LOW

CVE-2018-6681 – Abuse of Functionality vulnerability in the web interface in McAfee Network Security Management (NSM) 9.1.7.11 and earlier allows authenticated users to allow arbitrary HTML… Read More
Published: Jul 17, 2018 | Updated: Mar 04, 2023
CVSS Severity
V2.0: 3.5 LOW

CVE-2020-24588 – The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in… Read More
Published: May 11, 2021 | Updated: Mar 04, 2023
CVSS Severity
V3.1: 3.5 LOW
V2.0: 2.9 LOW

CVE-2022-24588 – Flatpress v1.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability in the Upload SVG File function. Read More
Published: Feb 15, 2022 | Updated: Mar 04, 2023
CVSS Severity
V2.0: 3.5 LOW

CVE-2019-11884 – The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory… Read More
Published: May 10, 2019 | Updated: Mar 03, 2023
CVSS Severity
V3.1: 3.3 LOW
V2.0: 2.1 LOW

CVE-2019-4410 – IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in… Read More
Published: Jul 01, 2019 | Updated: Mar 03, 2023
CVSS Severity
V2.0: 3.5 LOW

CVE-2019-0182 – Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access. Read More
Published: Jun 13, 2019 | Updated: Mar 03, 2023
CVSS Severity
V3.1: 3.3 LOW
V2.0: 2.1 LOW

CVE-2019-14415 – An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. A persistent cross-site scripting (XSS) vulnerability allows a malicious VRP user to… Read More
Published: Jul 29, 2019 | Updated: Mar 03, 2023
CVSS Severity
V2.0: 3.5 LOW

Chequeo de salud

No siga su instinto, use datos reales para tomar decisiones tecnológicas informadas.

La tecnología y la seguridad de su organización comienzan con la comprensión de su desempeño actual. Utilice nuestro Health Check para evaluar la salud y la seguridad generales de su organización y obtenga una hoja de ruta clara para la mejora.