Wietse Boonstra
Role: Research unit manager Level 3Articles / cases / cves
CSIRT Cases
- DIVD-2022-00058 - ZK Framework - ZK AuUploader Servlet Upload Vulnerability
- DIVD-2022-00025 - VMware - CVE-2022-22954
- DIVD-2022-00010 - Auth bypass in SAP
- DIVD-2022-00004 - Post-Log4J Open Database C2 and Monero Miner Infections
- DIVD-2021-00038 - Apache Log4j2
- DIVD-2021-00037 - Critical vulnerabilities in ITarian MSP platform and on-premise solution
- DIVD-2021-00029 - Smartertrack
- DIVD-2021-00026 - Omigod: Microsoft Open Management Interface RCE
- DIVD-2021-00014 - Kaseya Unitrends
- DIVD-2021-00011 - Kaseya VSA Disclosure
- DIVD-2021-00006 - SmarterMail
- DIVD-2021-00002 - Kaseya VSA
- DIVD-2020-00011 - Four critical vulnerabilities in Vembu BDR
CVEs discovered
- CVE-2021-26471 - Unauthenticated remote command execution in Vembu products
- CVE-2021-26472 - Unauthenticated remote command execution with SYSTEM privileges in Vembu products
- CVE-2021-26473 - Unauthenticated arbitrary file upload and command execution in Vembu products
- CVE-2021-26474 - UNAUTHENTICATED SERVER SIDE REQUEST FORGERY IN VEMBU PRODUCTS
- CVE-2021-30116 - Unauthenticated credential leak and business logic flaw in Kaseya VSA <= v9.5.6
- CVE-2021-30117 - Authenticated SQL injection in Kaseya VSA < v9.5.6
- CVE-2021-30118 - Unauthenticated Remote Code Execution in Kaseya VSA < v9.5.5
- CVE-2021-30119 - Authenticated Authenticated reflective XSS in Kaseya VSA <= v9.5.6
- CVE-2021-30120 - 2FA bypass in Kaseya VSA <= v9.5.6
- CVE-2021-30121 - (Semi-)Authenticated local file inclusion in Kaseya VSA < v9.5.6
- CVE-2021-30201 - Unauthenticated XML External Entity vulnerability in Kaseya VSA < v9.5.6
- CVE-2021-32233 - SmarterTools SmarterMail before Build 7776 allows XSS
- CVE-2021-32234 - SmarterTools SmarterMail before Build 7776 allows RCE
- CVE-2021-40385 - Privilege escalation from read-only to administrator in web interface of UniTrends Server < v10.5.5-2
- CVE-2021-40386 - Undisclosed critical vulnerability in Unitrends Client, currently unpatched
- CVE-2021-40387 - Authenticated Remote Code Execution in UniTrends Server < v10.5.5-2
- CVE-2021-43977 - SmarterTools SmarterMail before 100.0.7803 allows XSS
- CVE-2022-24384 - Reflective XSS on SmarterTrack v100.0.8019.14010
- CVE-2022-24385 - Information disclosure via direct object access on SmarterTrack v100.0.8019.14010
- CVE-2022-24386 - Stored XSS in SmarterTrack v100.0.8019.14010
- CVE-2022-24387 - File upload and overwrite to app_data/Config in SmarterTrack v100.0.8019.14010