Skip to main content

Security Framework Assessments

Department of Defense contractors need to prepare now for the new Cybersecurity Maturity Model Certification (CMMC) that will be required to bid on future contracts. UNS can help you identify shortcomings and develop a targeted plan to meet these new compliance requirements.

Our trained and experienced consultants will conduct an initial assessment of your organization against the same criteria used in the NIST SP 800-171 and CMMC audits. We will meet with your management, administrative, and operational staff to help you align the assessment results with your abilities and timelines to make targeted recommendations that will help you meet your compliance goals.

NIST Vulnerability Database

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

Last 20 Scored Vulnerability IDs & Summaries

CVE-2022-34212 – A missing permission check in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers with Overall/Read permission to send an HTTP POST request to… Read More
Published: Jun 23, 2022 | Updated: Jun 29, 2022
CVSS Severity
V2.0: 3.5 LOW

CVE-2022-32987 – Multiple cross-site scripting (XSS) vulnerabilities in /bsms/?page=manage_account of Simple Bakery Shop Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via… Read More
Published: Jun 23, 2022 | Updated: Jun 29, 2022
CVSS Severity
V2.0: 3.5 LOW

CVE-2022-34198 – Jenkins Stash Branch Parameter Plugin 0.3.0 and earlier does not escape the name and description of Stash Branch parameters on views displaying parameters, resulting… Read More
Published: Jun 23, 2022 | Updated: Jun 29, 2022
CVSS Severity
V2.0: 3.5 LOW

CVE-2022-34197 – Jenkins Sauce OnDemand Plugin 1.204 and earlier does not escape the name and description of Sauce Labs Browsers parameters on views displaying parameters, resulting… Read More
Published: Jun 23, 2022 | Updated: Jun 29, 2022
CVSS Severity
V2.0: 3.5 LOW

CVE-2022-34196 – Jenkins REST List Parameter Plugin 1.5.2 and earlier does not escape the name and description of REST list parameters on views displaying parameters, resulting… Read More
Published: Jun 23, 2022 | Updated: Jun 29, 2022
CVSS Severity
V2.0: 3.5 LOW

CVE-2022-1353 – A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access… Read More
Published: Apr 29, 2022 | Updated: Jun 29, 2022
CVSS Severity
V3.1: 7.1 HIGH
V2.0: 3.6 LOW

CVE-2022-34195 – Jenkins Repository Connector Plugin 2.2.0 and earlier does not escape the name and description of Maven Repository Artifact parameters on views displaying parameters, resulting… Read More
Published: Jun 23, 2022 | Updated: Jun 29, 2022
CVSS Severity
V2.0: 3.5 LOW

CVE-2022-34194 – Jenkins Readonly Parameter Plugin 1.0.0 and earlier does not escape the name and description of Readonly String and Readonly Text parameters on views displaying… Read More
Published: Jun 23, 2022 | Updated: Jun 29, 2022
CVSS Severity
V2.0: 3.5 LOW

CVE-2022-34193 – Jenkins Package Version Plugin 1.0.1 and earlier does not escape the name of Package version parameters on views displaying parameters, resulting in a stored… Read More
Published: Jun 23, 2022 | Updated: Jun 29, 2022
CVSS Severity
V2.0: 3.5 LOW

CVE-2022-34192 – Jenkins ontrack Jenkins Plugin 4.0.0 and earlier does not escape the name of Ontrack: Multi Parameter choice, Ontrack: Parameter choice, and Ontrack: SingleParameter parameters… Read More
Published: Jun 23, 2022 | Updated: Jun 29, 2022
CVSS Severity
V2.0: 3.5 LOW

CVE-2022-34191 – Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.77 and earlier does not escape the name of NetStorm Test parameters on views displaying parameters, resulting in… Read More
Published: Jun 23, 2022 | Updated: Jun 29, 2022
CVSS Severity
V2.0: 3.5 LOW

CVE-2022-34190 – Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.1 and earlier does not escape the name and description of List maven artifact versions… Read More
Published: Jun 23, 2022 | Updated: Jun 29, 2022
CVSS Severity
V2.0: 3.5 LOW

CVE-2022-34176 – Jenkins JUnit Plugin 1119.va_a_5e9068da_d7 and earlier does not escape descriptions of test results, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers… Read More
Published: Jun 23, 2022 | Updated: Jun 29, 2022
CVSS Severity
V2.0: 3.5 LOW

CVE-2017-20085 – A vulnerability has been found in Atahualpa Theme and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to… Read More
Published: Jun 23, 2022 | Updated: Jun 29, 2022
CVSS Severity
V2.0: 3.5 LOW

CVE-2022-34183 – Jenkins Agent Server Parameter Plugin 1.1 and earlier does not escape the name and description of Agent Server parameters on views displaying parameters, resulting… Read More
Published: Jun 23, 2022 | Updated: Jun 29, 2022
CVSS Severity
V2.0: 3.5 LOW

CVE-2021-46824 – Cross Site Scripting (XSS) vulnerability in sourcecodester School File Management System 1.0 via the Lastname parameter to the Update Account form in student_profile.php. Read More
Published: Jun 23, 2022 | Updated: Jun 29, 2022
CVSS Severity
V2.0: 3.5 LOW

CVE-2022-20651 – A vulnerability in the logging component of Cisco Adaptive Security Device Manager (ASDM) could allow an authenticated, local attacker to view sensitive information in… Read More
Published: Jun 22, 2022 | Updated: Jun 29, 2022
CVSS Severity
V2.0: 2.1 LOW

CVE-2021-41432 – A stored cross-site scripting (XSS) vulnerability exists in FlatPress 1.2.1 that allows for arbitrary execution of JavaScript commands through blog content. Read More
Published: Jun 23, 2022 | Updated: Jun 29, 2022
CVSS Severity
V2.0: 3.5 LOW

CVE-2022-33113 – Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the keyword text field under the… Read More
Published: Jun 23, 2022 | Updated: Jun 29, 2022
CVSS Severity
V2.0: 3.5 LOW

CVE-2022-30874 – There is a Cross Site Scripting Stored (XSS) vulnerability in NukeViet CMS before 4.5.02. Read More
Published: Jun 21, 2022 | Updated: Jun 29, 2022
CVSS Severity
V2.0: 3.5 LOW

Health Check

Don’t just go with your gut, use real data to make informed technology decisions.

Your organization’s technology and safety starts by understanding your current performance. Use our Health Check to assess the overall health and safety of your organization, and get a clear roadmap for improvement.