Identified vulnerabilities (CVEs) in vulnscan

Vulnerabilities are selectively added to the vulnscan category when exploitation is likely and poses a significant threat to entreprise networks.

We aim to deploy detection capability before mass-exploitation of a vulnerability is observed. The following criteria are used as a binary-scoring system to determine if a vulnerability will be added to vulnscan:

• unauthenticated : exploitation occurs before authentication or enables authentication bypass
• remote access : exploiting the vulnerability directly or indirectly allows for remote code execution (RCE)
• massively deployed : the number of potentially vulnerable systems exposed on the Internet is significant
• identifiable : potentially vulnerable systems can be identified before an exploitation attempt is made
• used by entreprises and governments : the technology is used by businesses and on public-sector networks (ie. typically not SOHO devices)
• exploit reliability : the vulnerability can be exploited reliably outside the lab

Threat intelligence from private and public sources is used to complement these criteria. The existence of published exploit code for the vulnerability is not a selection criteria, because if all other criteria are met then mass exploitation is likely to be imminent whether an exploit PoC has been published or not.

The following CVEs are identified by the vulnscan category of information. CVEs are either detected by an active, innocuous and non-intrusive check (check-based) or by specific version detection techniques (version-based):

• category:vulnscan cve:CVE-2010-4344
• category:vulnscan cve:CVE-2018-6789
• category:vulnscan cve:CVE-2018-9276
• category:vulnscan cve:CVE-2018-13379
• category:vulnscan cve:CVE-2019-7481
• category:vulnscan cve:CVE-2019-10149
• category:vulnscan cve:CVE-2019-11510
• category:vulnscan cve:CVE-2019-16928
• category:vulnscan cve:CVE-2019-18935
• category:vulnscan cve:CVE-2019-19781
• category:vulnscan cve:CVE-2020-2021
• category:vulnscan cve:CVE-2020-3187
• category:vulnscan cve:CVE-2020-3259
• category:vulnscan cve:CVE-2020-3580
• category:vulnscan cve:CVE-2020-5902
• category:vulnscan cve:CVE-2020-6287
• category:vulnscan cve:CVE-2020-8193
• category:vulnscan cve:CVE-2020-8195
• category:vulnscan cve:CVE-2020-8196
• category:vulnscan cve:CVE-2020-8209
• category:vulnscan cve:CVE-2020-10148
• category:vulnscan cve:CVE-2020-14882
• category:vulnscan cve:CVE-2020-12640
• category:vulnscan cve:CVE-2020-12641
• category:vulnscan cve:CVE-2021-20028
• category:vulnscan cve:CVE-2021-20034
• category:vulnscan cve:CVE-2021-21972
• category:vulnscan cve:CVE-2021-21973
• category:vulnscan cve:CVE-2021-21985
• category:vulnscan cve:CVE-2021-26855
• category:vulnscan cve:CVE-2021-31207
• category:vulnscan cve:CVE-2021-34473
• category:vulnscan cve:CVE-2021-34523
• category:vulnscan cve:CVE-2021-35211
• category:vulnscan cve:CVE-2021-40539
• category:vulnscan cve:CVE-2021-44228
• category:vulnscan cve:CVE-UNKNOWN-20211201
• category:vulnscan cve:CVE-2022-1388
• category:vulnscan cve:CVE-2022-22954
• category:vulnscan cve:CVE-2022-26134
• category:vulnscan cve:CVE-2022-27518
• category:vulnscan cve:CVE-2022-27925
• category:vulnscan cve:CVE-2022-35914
• category:vulnscan cve:CVE-2022-36537
• category:vulnscan cve:CVE-2022-37042
• category:vulnscan cve:CVE-2022-40684
• category:vulnscan cve:CVE-2022-41040
• category:vulnscan cve:CVE-2022-41082
• category:vulnscan cve:CVE-2022-42475
• category:vulnscan cve:CVE-2022-47986
• category:vulnscan cve:CVE-2023-0669
• category:vulnscan cve:CVE-2023-3519
• category:vulnscan cve:CVE-2023-4966
• category:vulnscan cve:CVE-2023-7028
• category:vulnscan cve:CVE-2023-20032
• category:vulnscan cve:CVE-2023-20198
• category:vulnscan cve:CVE-2023-22515
• category:vulnscan cve:CVE-2023-22518
• category:vulnscan cve:CVE-2023-23752
• category:vulnscan cve:CVE-2023-25610
• category:vulnscan cve:CVE-2023-26359
• category:vulnscan cve:CVE-2023-26360
• category:vulnscan cve:CVE-2023-29298
• category:vulnscan cve:CVE-2023-27350
• category:vulnscan cve:CVE-2023-27351
• category:vulnscan cve:CVE-2023-27524
• category:vulnscan cve:CVE-2023-27898
• category:vulnscan cve:CVE-2023-27997
• category:vulnscan cve:CVE-2023-34123
• category:vulnscan cve:CVE-2023-34124
• category:vulnscan cve:CVE-2023-34133
• category:vulnscan cve:CVE-2023-34134
• category:vulnscan cve:CVE-2023-34137
• category:vulnscan cve:CVE-2023-34362
• category:vulnscan cve:CVE-2023-35078
• category:vulnscan cve:CVE-2023-35081
• category:vulnscan cve:CVE-2023-36845
• category:vulnscan cve:CVE-2023-37470
• category:vulnscan cve:CVE-2023-38646
• category:vulnscan cve:CVE-2023-39143
• category:vulnscan cve:CVE-2023-41265
• category:vulnscan cve:CVE-2023-41266
• category:vulnscan cve:CVE-2023-42793
• category:vulnscan cve:CVE-2023-42802
• category:vulnscan cve:CVE-2023-43177
• category:vulnscan cve:CVE-2023-43208
• category:vulnscan cve:CVE-2023-46604
• category:vulnscan cve:CVE-2023-46805
• category:vulnscan cve:CVE-2023-48788
• category:vulnscan cve:CVE-2023-49103
• category:vulnscan cve:CVE-2024-0204
• category:vulnscan cve:CVE-2024-1708
• category:vulnscan cve:CVE-2024-1709
• category:vulnscan cve:CVE-2024-3400
• category:vulnscan cve:CVE-2024-4040
• category:vulnscan cve:CVE-2024-21887
• category:vulnscan cve:CVE-2024-21888
• category:vulnscan cve:CVE-2024-21893
• category:vulnscan cve:CVE-2024-23917
• category:vulnscan cve:CVE-2024-24919
• category:vulnscan cve:CVE-2024-27198
• category:vulnscan cve:CVE-2024-27199
• category:vulnscan cve:CVE-2024-36401

CVEs by product vendors

Adobe

• CVE-2023-26359: Adobe ColdFusion - check-based
• CVE-2023-26360: Adobe ColdFusion - check-based
• CVE-2023-29298: Adobe ColdFusion - check-based

Apache

• CVE-2023-27524: Apache Superset - version-based
• CVE-2023-46604: Apache ActiveMQ - version-based - CISA KEV catalog

Atlassian

• CVE-2022-26134: Atlassian Confluence - check-based - CISA KEV catalog, ANSSI TOP10
• CVE-2023-22515: Atlassian Confluence - version-based - CISA KEV catalog
• CVE-2023-22518: Atlassian Confluence - version-based - CISA KEV catalog

CheckPoint

• CVE-2024-24919: CheckPoint VPN Servers (multiple products) - check-based - CISA KEV catalog

Cisco

• CVE-2020-3187: Cisco ASA - check-based
• CVE-2020-3259: Cisco ASA - check-based - CISA KEV catalog
• CVE-2020-3580: Cisco ASA - check-based - CISA KEV catalog
• CVE-2023-20198: Cisco IOS XE - check-based - CISA KEV catalog

Citrix

• CVE-2019-19781: Citrix Gateway (shitrix) - check-based - CISA KEV catalog
• CVE-2020-8193: Citrix Gateway - version-based - CISA KEV catalog
• CVE-2020-8195: Citrix Gateway - version-based - CISA KEV catalog
• CVE-2020-8196: Citrix Gateway - version-based - CISA KEV catalog
• CVE-2020-8209: Citrix XenMobile Server - check-based
• CVE-2022-27518: Citrix Gateway - version-based - CISA KEV catalog
• CVE-2023-3519: Citrix Gateway - version-based - CISA KEV catalog
• CVE-2023-4966: Citrix Gateway - version-based - CISA KEV catalog

ConnectWise Control

• CVE-2024-1708: ConnectWise Control (ScreenConnect) - version-based
• CVE-2024-1709: ConnectWise Control (ScreenConnect) - version-based - CISA KEV catalog

CrushFTP

• CVE-2023-43177: CrushFTP CrushFTP - check-based
• CVE-2024-4040: CrushFTP CrushFTP - check-based

Exim

• CVE-2010-4344: Exim Exim - version-based - CISA KEV catalog
• CVE-2018-6789: Exim Exim - version-based - CISA KEV catalog
• CVE-2019-10149: Exim Exim - version-based - CISA KEV catalog
• CVE-2019-16928: Exim Exim - version-based - CISA KEV catalog

F5 Networks

• CVE-2020-5902: F5 Networks BIGIP - check-based - CISA KEV catalog
• CVE-2022-1388: F5 Networks BIGIP - check-based - CISA KEV catalog

Fortinet

• CVE-2018-13379: Fortinet FortiGate - check-based - CISA KEV catalog
• CVE-2022-40684: Fortinet FortiGate - check-based - CISA KEV catalog
• CVE-2022-42475: Fortinet FortiGate - version-based - CISA KEV catalog
• CVE-2023-25610: Fortinet FortiGate - version-based
• CVE-2023-27997: Fortinet FortiGate - version-based - CISA KEV catalog
• CVE-2023-48788: Fortinet FortiClient - version-based - CISA KEV catalog

Fortra

• CVE-2023-0669: Fortra GoAnywhere MFT - version-based - CISA KEV catalog
• CVE-2024-0204: Fortra GoAnywhere MFT - version-based

GeoServer GeoServer

• CVE-2024-36401: GeoServer GeoServer - version-based - CISA KEV catalog

Gitlab Gitlab

• CVE-2023-7028: Gitlab Gitlab - version-based

GLPI-Project

• CVE-2022-35914: GLPI-Project GLPI - check-based - CISA KEV catalog, ANSSI TOP 10
• CVE-2023-42802: GLPI-Project GLPI - version-based

IBM

• CVE-2022-47986: IBM Aspera Faspex - version-based - CISA KEV catalog

Jenkins

• CVE-2023-27898: Jenkins Jenkins (coreplague) - version-based

JetBrains

• CVE-2023-42793: JetBrains TeamCity - version-based - CISA KEV catalog
• CVE-2024-23917: JetBrains TeamCity - version-based
• CVE-2024-27198: JetBrains TeamCity - version-based
• CVE-2024-27199: JetBrains TeamCity - version-based

Joomla

• CVE-2023-23752: Joomla Joomla! - check-based

Juniper

• CVE-2023-36845: Juniper SRX - check-based

Metabase

• CVE-2023-37470: Metabase Metabase - version-based
• CVE-2023-38646: Metabase Metabase - version-based

Microsoft

• CVE-2021-26855: Microsoft Exchange Server (proxylogon) - check-based + version-based - CISA KEV catalog, ANSSI TOP10
• CVE-2021-31207: Microsoft Exchange Server (proxyshell) - check-based + version-based - CISA KEV catalog, ANSSI TOP10
• CVE-2021-34473: Microsoft Exchange Server (proxyshell) - check-based + version-based - CISA KEV catalog, ANSSI TOP10
• CVE-2021-34523: Microsoft Exchange Server (proxyshell) - check-based + version-based - CISA KEV catalog, ANSSI TOP10
• CVE-2022-41040: Microsoft Exchange Server (proxynotshell) - version-based - CISA KEV catalog, ANSSI TOP10
• CVE-2022-41082: Microsoft Exchange Server (proxynotshell) - version-based - CISA KEV catalog, ANSSI TOP10

MobileIron

NOTE: log4shell checks are only active for on-demand scans:

• CVE-2021-44228: MobileIron Core (log4shell) - check-based - CISA KEV catalog, ANSSI TOP10
• CVE-2023-35078: MobileIron Core - version-based - CISA KEV catalog
• CVE-2023-35081: MobileIron Core - version-based - CISA KEV catalog

MOVEit

• CVE-2023-34362: MOVEit MOVEit - version-based - CISA KEV catalog

NextGen

• CVE-2023-43208: NextGen Mirth Connect - version-based

Oracle

• CVE-2020-14882: Oracle Weblogic - check-based - CISA KEV catalog

ownCloud

• CVE-2023-49103: ownCloud ownCloud - check-based - CISA KEV catalog

Paessler AG

• CVE-2018-9276: Paessler AG PRTG Network Monitor - version-based

PaloAltoNetworks

• CVE-2020-2021: PaloAltoNetworks GlobalProtect - version-based - CISA KEV catalog
• CVE-2024-3400: PaloAltoNetworks GlobalProtect - version-based - CISA KEV catalog

PaperCut

• CVE-2023-27350: PaperCut PaperCut - version-based - CISA KEV catalog
• CVE-2023-27351: PaperCut PaperCut - version-based - CISA KEV catalog
• CVE-2023-39143: PaperCut PaperCut - version-based

PulseSecure

• CVE-2019-11510: PulseSecure Pulse Connect Secure - check-based - CISA KEV catalog
• CVE-2023-46805: PulseSecure Pulse Connect Secure - check-based - CISA KEV catalog
• CVE-2024-21887: PulseSecure Pulse Connect Secure - check-based - CISA KEV catalog
• CVE-2024-21888: PulseSecure Pulse Connect Secure - check-based - CISA KEV catalog
• CVE-2024-21893: PulseSecure Pulse Connect Secure - check-based - CISA KEV catalog

Qlik

• CVE-2023-41265: Qlik Qlik Sense - check-based - CISA KEV catalog
• CVE-2023-41266: Qlik Qlik Sense - check-based - CISA KEV catalog

Roundcube

• CVE-2020-12640: Roundcube Webmail - version-based - CISA KEV catalog
• CVE-2020-12641: Roundcube Webmail - version-based - CISA KEV catalog

SAP

• CVE-2020-6287: SAP Netweaver Application Server Java (recon) - check-based - CISA KEV catalog

SonicWall

• CVE-2019-7481: SonicWall SMA - version-based - CISA KEV catalog
• CVE-2021-20028: SonicWall SMA - version-based - CISA KEV catalog
• CVE-2021-20034: SonicWall SMA - version-based
• CVE-2023-34123: SonicWall GMS - check-based
• CVE-2023-34124: SonicWall GMS - check-based
• CVE-2023-34133: SonicWall GMS - check-based
• CVE-2023-34134: SonicWall GMS - check-based
• CVE-2023-34137: SonicWall GMS - check-based

SolarWinds

• CVE-2020-10148: SolarWinds Orion Platform (supernova) - check-based - CISA KEV catalog
• CVE-2021-35211: SolarWinds Serv-U - version-based - CISA KEV catalog

Telerik

• CVE-2019-18935: Telerik UI for ASP.NET AJAX - version-based - CISA KEV catalog

VMware

NOTE: log4shell checks are only active for on-demand scans:

• CVE-2021-21972: VMware vCenter Server - check-based - CISA KEV catalog
• CVE-2021-21973: VMware vCenter Server - check-based - CISA KEV catalog
• CVE-2021-21985: VMware vCenter Server - check-based - CISA KEV catalog
• CVE-2021-44228: VMware vCenter Server (log4shell) - check-based - CISA KEV catalog, ANSSI TOP10
• CVE-2021-44228: VMware Horizon View (log4shell) - check-based - CISA KEV catalog, ANSSI TOP10
• CVE-2022-22954: VMware Workspace ONE Access - check-based - CISA KEV catalog, ANSSI TOP10
• CVE-UNKNOWN-20211201: VMware vCenter Server - check-based

Zimbra

• CVE-2022-27925: Zimbra Collaboration Server - check-based - CISA KEV catalog, ANSSI TOP10
• CVE-2022-37042: Zimbra Collaboration Server - check-based - CISA KEV catalog, ANSSI TOP10
• CVE-2023-20032: Zimbra Collaboration Server - version-based

ZKoss

• CVE-2022-36537: ZKoss ZK Framework - version-based - CISA KEV catalog

ZohoCorp

• CVE-2021-40539: ZohoCorp ManageEngine ADSelfService Plus - check-based - CISA KEV catalog
• CVE-2022-47966: ManageEngine ADManager Plus - version-based - CISA KEV catalog
• CVE-2022-47966: ManageEngine ADSelfService Plus - version-based - CISA KEV catalog
• CVE-2022-47966: ManageEngine ServiceDesk Plus - version-based - CISA KEV catalog
• CVE-2022-47966: ManageEngine ServiceDesk Plus MSP - version-based - CISA KEV catalog
• CVE-2022-47966: ManageEngine SupportCenter Plus - version-based - CISA KEV catalog
• CVE-2022-47966: ManageEngine AssetExplorer - version-based - CISA KEV catalog