Wietse Boonstra

Role: Research unit manager Level 3

Articles / cases / cves

CSIRT Cases

• DIVD-2023-00023 - SQL injection in MOVEit Transfer - CVE-2023-34362
• DIVD-2022-00058 - ZK Framework - ZK AuUploader Servlet Upload Vulnerability
• DIVD-2022-00025 - VMware - CVE-2022-22954
• DIVD-2022-00010 - Auth bypass in SAP
• DIVD-2022-00004 - Post-Log4J Open Database C2 and Monero Miner Infections
• DIVD-2021-00038 - Apache Log4j2
• DIVD-2021-00037 - Critical vulnerabilities in ITarian MSP platform and on-premise solution
• DIVD-2021-00029 - Smartertrack
• DIVD-2021-00026 - Omigod: Microsoft Open Management Interface RCE
• DIVD-2021-00020 - OSNexsus QuantaStor limited disclosure and product warning
• DIVD-2021-00014 - Kaseya Unitrends
• DIVD-2021-00011 - Kaseya VSA Disclosure
• DIVD-2021-00006 - SmarterMail
• DIVD-2021-00002 - Kaseya VSA
• DIVD-2020-00011 - Four critical vulnerabilities in Vembu BDR

CVEs discovered

• CVE-2021-26471 - Unauthenticated remote command execution in Vembu products
• CVE-2021-26472 - Unauthenticated remote command execution with SYSTEM privileges in Vembu products
• CVE-2021-26473 - Unauthenticated arbitrary file upload and command execution in Vembu products
• CVE-2021-26474 - UNAUTHENTICATED SERVER SIDE REQUEST FORGERY IN VEMBU PRODUCTS
• CVE-2021-30116 - Unauthenticated credential leak and business logic flaw in Kaseya VSA <= v9.5.6
• CVE-2021-30117 - Authenticated SQL injection in Kaseya VSA < v9.5.6
• CVE-2021-30118 - Unauthenticated Remote Code Execution in Kaseya VSA < v9.5.5
• CVE-2021-30119 - Authenticated Authenticated reflective XSS in Kaseya VSA <= v9.5.6
• CVE-2021-30120 - 2FA bypass in Kaseya VSA <= v9.5.6
• CVE-2021-30121 - (Semi-)Authenticated local file inclusion in Kaseya VSA < v9.5.6
• CVE-2021-30201 - Unauthenticated XML External Entity vulnerability in Kaseya VSA < v9.5.6
• CVE-2021-32233 - SmarterTools SmarterMail before Build 7776 allows XSS
• CVE-2021-32234 - SmarterTools SmarterMail before Build 7776 allows RCE
• CVE-2021-40385 - Privilege escalation from read-only user to admin in Kaseya Unitrends Backup Server < 10.5.5-2
• CVE-2021-40386 - Remote code execution in Unitrends Client prior to v10.6.2
• CVE-2021-40387 - Authenticated Remote Code Execution in UniTrends Server < v10.5.5-2
• CVE-2021-42079 - SSRF vulnerability in OSNEXUS QuantaStor before 6.0.0.355
• CVE-2021-42080 - Reflected XSS vulnerability in OSNEXUS QuantaStor before 6.0.0.355
• CVE-2021-42081 - Authenticated Remote Command Execution vulnerability in OSNEXUS QuantaStor before 6.0.0.355
• CVE-2021-42082 - Local Privilege Escalation to root in OSNEXUS QuantaStor before 6.0.0.355
• CVE-2021-42083 - Authenticated Stored XSS in OSNEXUS QuantaStor 6.0.0.335
• CVE-2021-43977 - SmarterTools SmarterMail before 100.0.7803 allows XSS
• CVE-2021-4406 - Authenticated Remote COmmand Execution as root in OSNEXUS QuantaStor version 6.0.0.355 and others
• CVE-2022-24384 - Reflective XSS on SmarterTrack v100.0.8019.14010
• CVE-2022-24385 - Information disclosure via direct object access on SmarterTrack v100.0.8019.14010
• CVE-2022-24386 - Stored XSS in SmarterTrack v100.0.8019.14010
• CVE-2022-24387 - File upload and overwrite to app_data/Config in SmarterTrack v100.0.8019.14010

CVEs contributed to

• CVE-2022-25151 - ITarian - Session cookie not protected by HttpOnly flag
• CVE-2022-25152 - ITarian - Any user with a valid session token can create and execute agent procedures and bypass mandatory approvals
• CVE-2022-25153 - ITarian - Local privilege escalation in Endpoint Manager agent on Windows