Zum Inhalt springen
Auto-CTI

Wochen-Dossier · 2026-W15

Joel Traber AG

06.04.2026 – 12.04.2026

Strategischer Überblick

CRITICAL

**Strategisches Lagebild der Woche – Joel Traber AG** Die Joel Traber AG sieht sich diese Woche einer erhöhten Bedrohungslage ausgesetzt, da mehrere aktiv ausgenutzte Schwachstellen zentrale Teile der eigenen IT-Infrastruktur betreffen – darunter die Firewall-Lösung von Palo Alto, Microsoft-Produkte sowie Ivanti-Systeme. Besonders kritisch sind zwei Sicherheitslücken in den eingesetzten Palo Alto-Firewalls, die es Angreifern ermöglichen könnten, Sicherheitskontrollen zu umgehen und Schadsoftware einzuschleusen, ohne dass eine Authentifizierung erforderlich ist. Angesich

Alerts
575
CVEs
0
KEV
0
Kritisch
0

Top-News

  • STRATEGIC CISA KEV
    CVE-2021-27059 — Microsoft Office Remote Code Execution Vulnerability

    Microsoft Office: Microsoft Office Remote Code Execution Vulnerability. Required Action: Apply updates per vendor instructions.. Due: 2021-11-17.

    → The company uses Microsoft 365 and Microsoft Office products, making this vulnerability directly relevant to its tech stack.

  • STRATEGIC CISA KEV
    CVE-2024-0012 — Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability

    Palo Alto Networks PAN-OS: Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability. Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Additionally, management interface for affected devices should n

    → The company uses Palo Alto PAN-OS firewalls, making this authentication bypass vulnerability directly relevant to their network security.

  • STRATEGIC CISA KEV
    CVE-2024-3400 — Palo Alto Networks PAN-OS Command Injection Vulnerability

    This vulnerability is being actively exploited in the wild, requiring immediate patching or mitigation beyond standard update cycles.

    → The company uses Palo Alto PAN-OS firewalls, making this critical vulnerability directly relevant to their network security.

  • STRATEGIC CISA KEV
    CVE-2021-36934 — Microsoft Windows SAM Local Privilege Escalation Vulnerability

    Microsoft Windows: Microsoft Windows SAM Local Privilege Escalation Vulnerability. Required Action: Apply updates per vendor instructions.. Due: 2022-02-24.

    → Directly affects Microsoft Windows Server 2022 and 2019 which are core components of the company's tech stack.

  • STRATEGIC CISA KEV
    CVE-2024-13161 — Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability

    Ivanti Endpoint Manager (EPM): Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability. Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.. Due: 2025-03-31.

    → The company uses Ivanti Connect Secure, indicating a reliance on Ivanti products, making this EPM vulnerability highly relevant.

  • STRATEGIC CISA KEV
    CVE-2026-1340 — Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability

    Ivanti Endpoint Manager Mobile (EPMM): Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability. Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.. Due: 2026

    → The company uses Ivanti Connect Secure, indicating a reliance on Ivanti products, making this related vulnerability highly relevant.

  • STRATEGIC CISA KEV
    CVE-2021-34486 — Microsoft Windows Event Tracing Privilege Escalation Vulnerability

    Microsoft Windows: Microsoft Windows Event Tracing Privilege Escalation Vulnerability. Required Action: Apply updates per vendor instructions.. Due: 2022-04-18.

    → The company uses Microsoft Windows Server 2022 and 2019, making this privilege escalation vulnerability directly relevant to its core infrastructure.

  • STRATEGIC CISA KEV
    CVE-2019-1214 — Microsoft Windows Privilege Common Log File System (CLFS) Escalation Vulnerability

    Microsoft Windows: Microsoft Windows Privilege Common Log File System (CLFS) Escalation Vulnerability. Required Action: Apply updates per vendor instructions.. Due: 2022-05-03.

    → The company's tech stack includes multiple Microsoft Windows Server versions, making this CLFS privilege escalation vulnerability directly relevant.

  • STRATEGIC CISA KEV
    CVE-2020-0638 — Microsoft Update Notification Manager Privilege Escalation Vulnerability

    Microsoft Update Notification Manager: Microsoft Update Notification Manager Privilege Escalation Vulnerability. Required Action: Apply updates per vendor instructions.. Due: 2022-06-13.

    → Directly affects Microsoft Windows Server environments, which are core to the company's tech stack.

  • STRATEGIC CISA KEV
    CVE-2019-1322 — Microsoft Windows Privilege Escalation Vulnerability

    Microsoft Windows: Microsoft Windows Privilege Escalation Vulnerability. Required Action: Apply updates per vendor instructions.. Due: 2022-04-05.

    → The company's tech stack includes multiple Microsoft Windows Server versions, making this privilege escalation vulnerability directly relevant.

  • STRATEGIC CISA KEV
    CVE-2016-2386 — SAP NetWeaver SQL Injection Vulnerability

    SAP NetWeaver: SAP NetWeaver SQL Injection Vulnerability. Required Action: Apply updates per vendor instructions.. Due: 2022-06-30.

    → The company uses SAP S/4HANA, which is built on the SAP NetWeaver platform directly affected by this vulnerability.

  • STRATEGIC CISA KEV
    CVE-2020-1464 — Microsoft Windows Spoofing Vulnerability

    Microsoft Windows: Microsoft Windows Spoofing Vulnerability. Required Action: Apply updates per vendor instructions.. Due: 2022-05-03.

    → The company's tech stack heavily relies on Microsoft Windows Server, making this spoofing vulnerability directly relevant.

  • STRATEGIC CISA KEV
    CVE-2016-9563 — SAP NetWeaver XML External Entity (XXE) Vulnerability

    SAP NetWeaver: SAP NetWeaver XML External Entity (XXE) Vulnerability. Required Action: Apply updates per vendor instructions.. Due: 2022-05-03.

    → The company uses SAP S/4HANA, which is built on the SAP NetWeaver platform directly affected by this vulnerability.

  • STRATEGIC CISA KEV
    CVE-2022-21882 — Microsoft Win32k Privilege Escalation Vulnerability

    Microsoft Win32k: Microsoft Win32k Privilege Escalation Vulnerability. Required Action: Apply updates per vendor instructions.. Due: 2022-02-18.

    → The vulnerability affects Microsoft Windows systems, which are a core part of the company's tech stack.

  • STRATEGIC CISA KEV
    CVE-2023-22518 — Atlassian Confluence Data Center and Server Improper Authorization Vulnerability

    Atlassian Confluence Data Center and Server: Atlassian Confluence Data Center and Server Improper Authorization Vulnerability. Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.. Due: 2023-11-28.

    → The company uses Atlassian Confluence, making this vulnerability directly relevant to its tech stack.

Research Deep Dives

Alle ansehen →

Top-Vendors

  • Microsoft 286
  • Fortinet 46
  • Ivanti 41
  • Cisco 27
  • VMware 26
  • Palo Alto Networks 17

Top-CVEs

  • CVE-2024-3400 CVE-2024-3400 — Palo Alto Networks PAN-OS Command Injection 10.0
  • CVE-2026-22769 vSphere and BRICKSTORM Malware: A Defender's Guide 10.0
  • CVE-2019-11510 CVE-2019-11510 — Ivanti Pulse Connect Secure Arbitrary File 10.0
  • CVE-2025-20393 CVE-2025-20393 — Cisco Multiple Products Improper Input Vali 10.0
  • CVE-2010-5326 CVE-2010-5326 — SAP NetWeaver Remote Code Execution Vulnerab 10.0
  • CVE-2021-22205 CVE-2021-22205 — GitLab Community and Enterprise Editions Re 10.0
ESC