Advisories

The NCSC was recently recognised by the competent independent US organisation, MITRE as a CVE Numbering Authority on 29 September 2021. In this role, the NCSC is responsible for preparing and publishing information about the vulnerabilities reported to it and the associated CVE records. This means that the NCSC is not only the official contact point for reporting security vulnerabilities in Switzerland, but also maintains their CVE IDs for international exchange.

Vulnerabilities / CVE

Multi Factor Authentication Bypass in various versions of Abacus ERP

Published: 19. April 2022
Severity : 8.1 HIGH

MITRE: CVE-2022-1065

Insecure EBICS messages encryption implementation in ebics-java/ebics-java-client could allow an adjacent attacker to decrypt EBICS payloads

Published: 14. April 2022
Severity : 6.5 MEDIUM

MITRE: CVE-2022-1279

Novel attack against the Combined Charging System (CCS) in electric vehicles to remotely cause a denial of service

Published: 12. April 2022
Severity : 4.6 MEDIUM

MITRE: CVE-2022-0878

Reflected XSS in the search the functionality of AlCoda NetBiblio WebOPAC

Published: 14. January 2022
Severity: 6.1 MEDIUM

MITRE: CVE-2021-42551

Attacker with privileges to edit configuration files is able to execute code through JNDI lookup, logback

Published: 16. December 2021
Severity: 6.6 MEDIUM

MITRE: CVE-2021-42550

Reflected XSS in search the functionality of Wordpress, WP Cloud Plugins Use-Your-Drive

Published: 13. Dezember 2021
Severity: 4.7 MEDIUM

MITRE: CVE-2021-42546

Reflected XSS in search the functionality of Wordpress, WP Cloud Plugins Out-of-the-Box

Published: 13. Dezember 2021
Severity: 4.7 MEDIUM

MITRE: CVE-2021-42547

Reflected XSS in search the functionality of Wordpress, WP Cloud Plugins Share-one-Drive

Published: 13. Dezember 2021
Severity: 4.7 MEDIUM

MITRE: CVE-2021-42548

Reflected XSS in search the functionality of Wordpress, WP Cloud Plugins Lets-Box

Published: 13. Dezember 2021
Severity: 4.7 MEDIUM

MITRE: CVE-2021-42549

Missing HTTPOnly flag on sensitive cookie in TopEase

Published: 30. November 2021
Severity: 8.1 - high

MITRE: CVE-2021-42115

Unauthorized Menu Item Access in TopEase

Published: 30. November 2021
Severity: 4.3 - medium

MITRE: CVE-2021-42116

UI Redressing in TopEase

Published: 30. November 2021
Severity: 3.5 - low

MITRE: CVE-2021-42117

Stored XSS in TopEase

Published: 30. November 2021
Severity: 8.1 - high

MITRE: CVE-2021-42118

Stored XSS in Search Function in TopEase

Published: 30. November 2021
Severity: 7.3 - high

MITRE: CVE-2021-42119

Missing Character Length (Denial of Service) in TopEase

Published: 30. November 2021
Severity: 6.5 - medium

MITRE: CVE-2021-42120

Denial of Service via Invalid Date Format in TopEase

Published: 30. November 2021
Severity: 4.3 - medium

MITRE: CVE-2021-42121

Denial of Service via Invalid Object Attribute in TopEase

Published: 30. November 2021
Severity: 4.3 - medium

MITRE: CVE-2021-42122

Missing Upload Filter in TopEase

Published: 30. November 2021
Severity: 7.3 - high

MITRE: CVE-2021-42123

Lack of Rate limiting in Authentication in TopEase

Published: 30. November 2021
Severity: 7.5 - high

MITRE: CVE-2021-42144

Insufficient Session Expiration in TopEase

Published: 30. November 2021
Severity: 8.1 - high

MITRE: CVE-2021-42145

Blacksmith, Scalable Rowhammering In the Frequency Domain to Bypass TRR Mitigations On Modern DDR4/LPDDR4X Devices

Published: 15. November 2021
Severity: 9.0 - critical

MITRE: CVE-2021-42114

Last modification 19.04.2022

Top of page

https://www.ncsc.admin.ch/content/ncsc/en/home/infos-fuer/infos-it-spezialisten/themen/schwachstelle-melden/advisories.html