Skip to main content

Security Framework Assessments

Department of Defense contractors need to prepare now for the new Cybersecurity Maturity Model Certification (CMMC) that will be required to bid on future contracts. UNS can help you identify shortcomings and develop a targeted plan to meet these new compliance requirements.

Our trained and experienced consultants will conduct an initial assessment of your organization against the same criteria used in the NIST SP 800-171 and CMMC audits. We will meet with your management, administrative, and operational staff to help you align the assessment results with your abilities and timelines to make targeted recommendations that will help you meet your compliance goals.

NIST Vulnerability Database

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

Last 20 Scored Vulnerability IDs & Summaries

CVE-2021-3753 – A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel, which may cause an out of bounds read in vt… Read More
Published: Feb 16, 2022 | Updated: Dec 07, 2022
CVSS Severity
V2.0: 1.9 LOW

CVE-2021-40528 – The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime… Read More
Published: Sep 06, 2021 | Updated: Dec 07, 2022
CVSS Severity
V2.0: 2.6 LOW

CVE-2021-3598 – There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an… Read More
Published: Jul 06, 2021 | Updated: Dec 07, 2022
CVSS Severity
V2.0: 2.1 LOW

CVE-2019-2614 – Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior… Read More
Published: Apr 23, 2019 | Updated: Dec 07, 2022
CVSS Severity
V2.0: 3.5 LOW

CVE-2022-21704 – log4js-node is a port of log4js to node.js. In affected versions default file permissions for log files created by the file, fileSync and dateFile… Read More
Published: Jan 19, 2022 | Updated: Dec 06, 2022
CVSS Severity
V2.0: 2.1 LOW

CVE-2022-28386 – An issue was discovered in certain Verbatim drives through 2022-03-31. The security feature for lockout (e.g., requiring a reformat of the drive after 20… Read More
Published: Jun 08, 2022 | Updated: Dec 06, 2022
CVSS Severity
V2.0: 2.1 LOW

CVE-2021-2372 – Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior…. Read More
Published: Jul 21, 2021 | Updated: Dec 06, 2022
CVSS Severity
V2.0: 3.5 LOW

CVE-2018-3174 – Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior,… Read More
Published: Oct 17, 2018 | Updated: Dec 06, 2022
CVSS Severity
V2.0: 1.9 LOW

CVE-2020-14393 – A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local attacker who is able to supply a string longer than 300… Read More
Published: Sep 16, 2020 | Updated: Dec 06, 2022
CVSS Severity
V3.1: 7.1 HIGH
V2.0: 3.6 LOW

CVE-2018-3284 – Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior…. Read More
Published: Oct 17, 2018 | Updated: Dec 06, 2022
CVSS Severity
V2.0: 3.5 LOW

CVE-2019-3938 – Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 stores usernames, passwords, and other configuration options in the file generated via the "export… Read More
Published: Apr 30, 2019 | Updated: Dec 06, 2022
CVSS Severity
V3.1: 7.8 HIGH
V2.0: 2.1 LOW

CVE-2020-14367 – A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd… Read More
Published: Aug 24, 2020 | Updated: Dec 06, 2022
CVSS Severity
V3.1: 6 MEDIUM
V2.0: 3.6 LOW

CVE-2019-4030 – IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web… Read More
Published: Mar 06, 2019 | Updated: Dec 03, 2022
CVSS Severity
V2.0: 3.5 LOW

CVE-2019-4029 – IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web… Read More
Published: Mar 05, 2019 | Updated: Dec 03, 2022
CVSS Severity
V2.0: 3.5 LOW

CVE-2019-4028 – IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web… Read More
Published: Mar 05, 2019 | Updated: Dec 03, 2022
CVSS Severity
V2.0: 3.5 LOW

CVE-2019-4039 – IBM WebSphere MQ 8.0.0.0 through 8.0.0.9 and 9.0.0.0 through 9.1.1 could allow a local attacker to cause a denial of service within the error… Read More
Published: May 23, 2019 | Updated: Dec 03, 2022
CVSS Severity
V2.0: 2.1 LOW

CVE-2019-4011 – IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI… Read More
Published: May 20, 2019 | Updated: Dec 03, 2022
CVSS Severity
V2.0: 3.5 LOW

CVE-2019-4033 – IBM Content Navigator 2.0.3 and 3.0CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI… Read More
Published: Apr 25, 2019 | Updated: Dec 03, 2022
CVSS Severity
V2.0: 3.5 LOW

CVE-2019-4027 – IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web… Read More
Published: Mar 05, 2019 | Updated: Dec 03, 2022
CVSS Severity
V2.0: 3.5 LOW

CVE-2022-24823 – Netty is an open-source, asynchronous event-driven network application framework. The package `io.netty:netty-codec-http` prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty's… Read More
Published: May 06, 2022 | Updated: Dec 03, 2022
CVSS Severity
V2.0: 1.9 LOW

Health Check

Don’t just go with your gut, use real data to make informed technology decisions.

Your organization’s technology and safety starts by understanding your current performance. Use our Health Check to assess the overall health and safety of your organization, and get a clear roadmap for improvement.