Wietse Boonstra
Role: Research unit manager Level 3Articles / cases / cves
CSIRT Cases
- DIVD-2023-00023 - SQL injection in MOVEit Transfer - CVE-2023-34362
- DIVD-2022-00058 - ZK Framework - ZK AuUploader Servlet Upload Vulnerability
- DIVD-2022-00025 - VMware - CVE-2022-22954
- DIVD-2022-00010 - Auth bypass in SAP
- DIVD-2022-00004 - Post-Log4J Open Database C2 and Monero Miner Infections
- DIVD-2021-00038 - Apache Log4j2
- DIVD-2021-00037 - Critical vulnerabilities in ITarian MSP platform and on-premise solution
- DIVD-2021-00029 - Smartertrack
- DIVD-2021-00026 - Omigod: Microsoft Open Management Interface RCE
- DIVD-2021-00020 - OSNexsus QuantaStor limited disclosure and product warning
- DIVD-2021-00014 - Kaseya Unitrends
- DIVD-2021-00011 - Kaseya VSA Disclosure
- DIVD-2021-00006 - SmarterMail
- DIVD-2021-00002 - Kaseya VSA
- DIVD-2020-00011 - Four critical vulnerabilities in Vembu BDR
CVEs discovered
- CVE-2021-26471 - Unauthenticated remote command execution in Vembu products
- CVE-2021-26472 - Unauthenticated remote command execution with SYSTEM privileges in Vembu products
- CVE-2021-26473 - Unauthenticated arbitrary file upload and command execution in Vembu products
- CVE-2021-26474 - UNAUTHENTICATED SERVER SIDE REQUEST FORGERY IN VEMBU PRODUCTS
- CVE-2021-30116 - Unauthenticated credential leak and business logic flaw in Kaseya VSA <= v9.5.6
- CVE-2021-30117 - Authenticated SQL injection in Kaseya VSA < v9.5.6
- CVE-2021-30118 - Unauthenticated Remote Code Execution in Kaseya VSA < v9.5.5
- CVE-2021-30119 - Authenticated Authenticated reflective XSS in Kaseya VSA <= v9.5.6
- CVE-2021-30120 - 2FA bypass in Kaseya VSA <= v9.5.6
- CVE-2021-30121 - (Semi-)Authenticated local file inclusion in Kaseya VSA < v9.5.6
- CVE-2021-30201 - Unauthenticated XML External Entity vulnerability in Kaseya VSA < v9.5.6
- CVE-2021-32233 - SmarterTools SmarterMail before Build 7776 allows XSS
- CVE-2021-32234 - SmarterTools SmarterMail before Build 7776 allows RCE
- CVE-2021-40385 - Privilege escalation from read-only user to admin in Kaseya Unitrends Backup Server < 10.5.5-2
- CVE-2021-40386 - Remote code execution in Unitrends Client prior to v10.6.2
- CVE-2021-40387 - Authenticated Remote Code Execution in UniTrends Server < v10.5.5-2
- CVE-2021-42079 - SSRF vulnerability in OSNEXUS QuantaStor before 6.0.0.355
- CVE-2021-42080 - Reflected XSS vulnerability in OSNEXUS QuantaStor before 6.0.0.355
- CVE-2021-42081 - Authenticated Remote Command Execution vulnerability in OSNEXUS QuantaStor before 6.0.0.355
- CVE-2021-42082 - Local Privilege Escalation to root in OSNEXUS QuantaStor before 6.0.0.355
- CVE-2021-42083 - Authenticated Stored XSS in OSNEXUS QuantaStor 6.0.0.335
- CVE-2021-43977 - SmarterTools SmarterMail before 100.0.7803 allows XSS
- CVE-2021-4406 - Authenticated Remote COmmand Execution as root in OSNEXUS QuantaStor version 6.0.0.355 and others
- CVE-2022-24384 - Reflective XSS on SmarterTrack v100.0.8019.14010
- CVE-2022-24385 - Information disclosure via direct object access on SmarterTrack v100.0.8019.14010
- CVE-2022-24386 - Stored XSS in SmarterTrack v100.0.8019.14010
- CVE-2022-24387 - File upload and overwrite to app_data/Config in SmarterTrack v100.0.8019.14010