| Vulnerability ID |
Severity |
Description |
|
V-254247
|
Medium
|
Windows Server 2022 must be maintained at a supported servicing level
|
|
V-253263
|
High
|
Windows 11 systems must be maintained at a supported servicing level
|
|
V-220911
|
Medium
|
The built-in administrator account must be renamed
|
|
V-254448
|
Medium
|
Windows Server 2022 built-in guest account must be renamed
|
|
V-205910
|
Medium
|
Windows Server 2019 built-in guest account must be renamed
|
|
V-220912
|
Medium
|
The built-in guest account must be renamed
|
|
V-253436
|
Medium
|
The built-in guest account must be renamed
|
|
V-205908
|
High
|
Windows Server 2019 must prevent local accounts with blank passwords from being used from the net...
|
|
V-254446
|
High
|
Windows Server 2022 must prevent local accounts with blank passwords from being used from the net...
|
|
V-220910
|
Medium
|
Local accounts with blank passwords must be restricted to prevent access from the network
|
|
V-253434
|
Medium
|
Local accounts with blank passwords must be restricted to prevent access from the network
|
|
V-254342
|
Medium
|
Windows Server 2022 must be configured to enable Remote host allows delegation of nonexportable c...
|
|
V-205863
|
Medium
|
Windows Server 2019 must be configured to enable Remote host allows delegation of non-exportable ...
|
|
V-253368
|
Medium
|
Windows 11 must be configured to enable Remote host allows delegation of non-exportable credentials
|
|
V-220810
|
Medium
|
Windows 10 must be configured to enable Remote host allows delegation of non-exportable credentials
|
|
V-254376
|
Medium
|
Windows Server 2022 must disable automatically signing in the last interactive user after a syste...
|
|
V-205925
|
Medium
|
Windows Server 2019 must disable automatically signing in the last interactive user after a syste...
|
|
V-253413
|
Medium
|
Automatically signing in the last interactive user after a system-initiated restart must be disabled
|
|
V-220859
|
Medium
|
Automatically signing in the last interactive user after a system-initiated restart must be disabled
|
|
V-260469
|
High
|
Ubuntu 22.04 LTS must disable the x86 Ctrl-Alt-Delete key sequence
|
|
V-253441
|
Low
|
The computer account password must not be prevented from being reset
|
|
V-220917
|
Low
|
The computer account password must not be prevented from being reset
|
|
V-254349
|
Medium
|
Windows Server 2022 users must be prompted to authenticate when the system wakes from sleep (on b...
|
|
V-205867
|
Medium
|
Windows Server 2019 users must be prompted to authenticate when the system wakes from sleep (on b...
|
|
V-254350
|
Medium
|
Windows Server 2022 users must be prompted to authenticate when the system wakes from sleep (plug...
|
|
V-205868
|
Medium
|
Windows Server 2019 users must be prompted to authenticate when the system wakes from sleep (plug...
|
|
V-254417
|
Medium
|
Windows Server 2022 domain controllers must be configured to allow reset of machine account passw...
|
|
V-205876
|
Medium
|
Windows Server 2019 domain controllers must be configured to allow reset of machine account passw...
|
|
V-254427
|
Medium
|
The password for the krbtgt account on a domain must be reset at least every 180 days
|
|
V-205877
|
Medium
|
The password for the krbtgt account on a domain must be reset at least every 180 days
|
|
V-254441
|
High
|
Windows Server 2022 must be running Credential Guard on domain-joined member servers
|
|
V-205907
|
High
|
Windows Server 2019 must be running Credential Guard on domain-joined member servers
|
|
V-253370
|
High
|
Credential Guard must be running on Windows 11 domain-joined systems
|
|
V-220812
|
High
|
Credential Guard must be running on Windows 10 domain-joined systems
|
|
V-253447
|
Low
|
Caching of logon credentials must be limited
|
|
V-220923
|
Low
|
Caching of logon credentials must be limited
|
|
V-254432
|
Medium
|
Windows Server 2022 must limit the caching of logon credentials to four or less on domain-joined ...
|
|
V-205906
|
Medium
|
Windows Server 2019 must limit the caching of logon credentials to four or less on domain-joined ...
|
|
V-254345
|
Medium
|
Windows Server 2022 group policy objects must be reprocessed even if they have not changed
|
|
V-205866
|
Medium
|
Windows Server 2019 group policy objects must be reprocessed even if they have not changed
|
|
V-253373
|
Medium
|
Group Policy objects must be reprocessed even if they have not changed
|
|
V-220814
|
Medium
|
Group Policy objects must be reprocessed even if they have not changed
|
|
V-254340
|
Medium
|
Windows Server 2022 hardened Universal Naming Convention (UNC) paths must be defined to require m...
|
|
V-205862
|
Medium
|
Windows Server 2019 hardened Universal Naming Convention (UNC) paths must be defined to require m...
|
|
V-253362
|
Medium
|
Hardened UNC Paths must be defined to require mutual authentication and integrity for at least th...
|
|
V-250319
|
Medium
|
Hardened UNC paths must be defined to require mutual authentication and integrity for at least th...
|
|
V-254454
|
Medium
|
Windows Server 2022 maximum age for machine account passwords must be configured to 30 days or less
|
|
V-205911
|
Medium
|
Windows Server 2019 maximum age for machine account passwords must be configured to 30 days or less
|
|
V-253442
|
Low
|
The maximum age for machine account passwords must be configured to 30 days or less
|
|
V-220918
|
Low
|
The maximum age for machine account passwords must be configured to 30 days or less
|
|
V-254476
|
Medium
|
Windows Server 2022 must be configured to at least negotiate signing for LDAP client signing
|
|
V-205920
|
Medium
|
Windows Server 2019 must be configured to at least negotiate signing for LDAP client signing
|
|
V-253463
|
Medium
|
The system must be configured to the required LDAP client signing level
|
|
V-220939
|
Medium
|
The system must be configured to the required LDAP client signing level
|
|
V-254364
|
Medium
|
Windows Server 2022 File Explorer shell protocol must run in protected mode
|
|
V-205872
|
Medium
|
Windows Server 2019 File Explorer shell protocol must run in protected mode
|
|
V-253398
|
Medium
|
File Explorer shell protocol must run in protected mode
|
|
V-220839
|
Medium
|
File Explorer shell protocol must run in protected mode
|
|
V-254248
|
Medium
|
Windows Server 2022 must use an antivirus program
|
|
V-205850
|
High
|
Windows Server 2019 must use an anti-virus program
|
|
V-253264
|
High
|
The Windows 11 system must use an antivirus program
|
|
V-220707
|
High
|
The Windows 10 system must use an anti-virus program
|
|
V-254344
|
Medium
|
Windows Server 2022 Early Launch Antimalware, Boot-Start Driver Initialization Policy must preven...
|
|
V-205865
|
Medium
|
Windows Server 2019 Early Launch Antimalware, Boot-Start Driver Initialization Policy must preven...
|
|
V-253372
|
Medium
|
Early Launch Antimalware, Boot-Start Driver Initialization Policy must prevent boot drivers
|
|
V-220813
|
Medium
|
Early Launch Antimalware, Boot-Start Driver Initialization Policy must prevent boot drivers
|
|
V-253281
|
Medium
|
A host-based firewall must be installed and enabled on the system
|
|
V-220724
|
Medium
|
A host-based firewall must be installed and enabled on the system
|
|
V-254370
|
Medium
|
Windows Server 2022 must prevent attachments from being downloaded from RSS feeds
|
|
V-205873
|
Medium
|
Windows Server 2019 must prevent attachments from being downloaded from RSS feeds
|
|
V-253407
|
Medium
|
Attachments must be prevented from being downloaded from RSS feeds
|
|
V-220853
|
Medium
|
Attachments must be prevented from being downloaded from RSS feeds
|
|
V-220844
|
Medium
|
The Windows Defender SmartScreen filter for Microsoft Edge must be enabled
|
|
V-220841
|
Medium
|
Users must not be allowed to ignore Windows Defender SmartScreen filter warnings for unverified f...
|
|
V-220840
|
Medium
|
Users must not be allowed to ignore Windows Defender SmartScreen filter warnings for malicious we...
|
|
V-254466
|
High
|
Windows Server 2022 must not allow anonymous enumeration of Security Account Manager (SAM) accounts
|
|
V-205914
|
High
|
Windows Server 2019 must not allow anonymous enumeration of Security Account Manager (SAM) accounts
|
|
V-253453
|
High
|
Anonymous enumeration of SAM accounts must not be allowed
|
|
V-220929
|
High
|
Anonymous enumeration of SAM accounts must not be allowed
|
|
V-254339
|
Medium
|
Windows Server 2022 insecure logons to an SMB server must be disabled
|
|
V-205861
|
Medium
|
Windows Server 2019 insecure logons to an SMB server must be disabled
|
|
V-253360
|
Medium
|
Insecure logons to an SMB server must be disabled
|
|
V-220802
|
Medium
|
Insecure logons to an SMB server must be disabled
|
|
V-254475
|
High
|
Windows Server 2022 LAN Manager authentication level must be configured to send NTLMv2 response o...
|
|
V-205919
|
High
|
Windows Server 2019 LAN Manager authentication level must be configured to send NTLMv2 response o...
|
|
V-253462
|
High
|
The LanMan authentication level must be set to send NTLMv2 response only, and to refuse LM and NTLM
|
|
V-220938
|
High
|
The LanMan authentication level must be set to send NTLMv2 response only, and to refuse LM and NTLM
|
|
V-254468
|
Medium
|
Windows Server 2022 must be configured to prevent anonymous users from having the same permission...
|
|
V-205915
|
Medium
|
Windows Server 2019 must be configured to prevent anonymous users from having the same permission...
|
|
V-253455
|
Medium
|
The system must be configured to prevent anonymous users from having the same rights as the Every...
|
|
V-254471
|
Medium
|
Windows Server 2022 must prevent NTLM from falling back to a Null session
|
|
V-205917
|
Medium
|
Windows Server 2019 must prevent NTLM from falling back to a Null session
|
|
V-253458
|
Medium
|
NTLM must be prevented from falling back to a Null session
|
|
V-220934
|
Medium
|
NTLM must be prevented from falling back to a Null session
|
|
V-254470
|
Medium
|
Windows Server 2022 services using Local System that use Negotiate when reverting to NTLM authent...
|
|
V-205916
|
Medium
|
Windows Server 2019 services using Local System that use Negotiate when reverting to NTLM authent...
|
|
V-254477
|
Medium
|
Windows Server 2022 session security for NTLM SSP-based clients must be configured to require NTL...
|
|
V-205921
|
Medium
|
Windows Server 2019 session security for NTLM SSP-based clients must be configured to require NTL...
|
|
V-254478
|
Medium
|
Windows Server 2022 session security for NTLM SSP-based servers must be configured to require NTL...
|
|
V-205922
|
Medium
|
Windows Server 2019 session security for NTLM SSP-based servers must be configured to require NTL...
|
|
V-254335
|
Low
|
Windows Server 2022 Internet Protocol version 6 (IPv6) source routing must be configured to the h...
|
|
V-205858
|
Low
|
Windows Server 2019 Internet Protocol version 6 (IPv6) source routing must be configured to the h...
|
|
V-253353
|
Medium
|
IPv6 source routing must be configured to highest protection
|
|
V-220795
|
Medium
|
IPv6 source routing must be configured to highest protection
|
|
V-254336
|
Low
|
Windows Server 2022 source routing must be configured to the highest protection level to prevent ...
|
|
V-205859
|
Low
|
Windows Server 2019 source routing must be configured to the highest protection level to prevent ...
|
|
V-205869
|
Medium
|
Windows Server 2019 Telemetry must be configured to Security or Basic
|
|
V-220834
|
Medium
|
Windows Telemetry must not be configured to Full
|
|
V-260469
|
High
|
Ubuntu 22.04 LTS must disable the x86 Ctrl-Alt-Delete key sequence
|
|
V-260478
|
Medium
|
Ubuntu 22.04 LTS must have the "libpam-pwquality" package installed
|
|
V-260479
|
Low
|
Ubuntu 22.04 LTS must have the "chrony" package installed
|
|
V-260480
|
Low
|
Ubuntu 22.04 LTS must not have the "systemd-timesyncd" package installed
|
|
V-260481
|
Low
|
Ubuntu 22.04 LTS must not have the "ntp" package installed
|
|
V-260516
|
Medium
|
Ubuntu 22.04 LTS must have an application firewall enabled
|
|
V-260539
|
High
|
Ubuntu 22.04 LTS must disable the x86 Ctrl-Alt-Delete key sequence if a graphical user interface ...
|
|
V-260550
|
Low
|
Ubuntu 22.04 LTS must enforce a delay of at least four seconds between logon prompts following a ...
|
|
V-260555
|
Medium
|
Ubuntu 22.04 LTS default filesystem permissions must be defined in such a way that all authentica...
|
|
V-260564
|
Medium
|
Ubuntu 22.04 LTS must prevent the use of dictionary words for passwords
|
|
V-260567
|
Medium
|
Ubuntu 22.04 LTS must be configured so that when passwords are changed or new passwords are estab...
|
|
V-260570
|
High
|
Ubuntu 22.04 LTS must not allow accounts configured with blank or null passwords
|
|
V-260571
|
High
|
Ubuntu 22.04 LTS must not have accounts configured with blank or null passwords
|
|
V-260640
|
Medium
|
Ubuntu 22.04 LTS must generate audit records for all events that affect the systemd journal files
|
|
V-224819
|
High
|
Users with Administrative privileges must have separate accounts for administrative duties and no...
|
|
V-224821
|
High
|
Administrative accounts must not be used with applications that access the Internet, such as web ...
|
|
V-224822
|
Medium
|
Members of the Backup Operators group must have separate accounts for backup duties and normal op...
|
|
V-224824
|
Medium
|
Manually managed application account passwords must be changed at least annually or when a system...
|
|
V-224827
|
Medium
|
Windows Server 2016 domain-joined systems must have a Trusted Platform Module (TPM) enabled and r...
|
|
V-224828
|
High
|
Systems must be maintained at a supported servicing level
|
|
V-224829
|
High
|
The Windows Server 2016 system must use an anti-virus program
|
|
V-224830
|
Medium
|
Servers must have a host-based intrusion detection or prevention system
|
|
V-224842
|
Medium
|
Software certificate installation files must be removed from Windows Server 2016
|
|
V-224860
|
Medium
|
FTP servers must be configured to prevent anonymous logons
|
|
V-224861
|
Medium
|
FTP servers must be configured to prevent access to the system drive
|
|
V-224863
|
Medium
|
Orphaned security identifiers (SIDs) must be removed from user rights on Windows 2016
|
|
V-224864
|
Low
|
Secure Boot must be enabled on Windows Server 2016 systems
|
|
V-224865
|
Low
|
Windows 2016 systems must have Unified Extensible Firmware Interface (UEFI) firmware and be confi...
|
|
V-254343
|
Medium
|
Windows Server 2022 virtualization-based security must be enabled with the platform security leve...
|
|
V-205864
|
Medium
|
Windows Server 2019 virtualization-based security must be enabled with the platform security leve...
|
|
V-253369
|
Medium
|
Virtualization-based Security must be enabled on Windows 11 with the platform security level conf...
Compliance
|
|
V-220811
|
Medium
|
Virtualization Based Security must be enabled on Windows 10 with the platform security level conf...
|
|
V-224916
|
Low
|
Internet Protocol version 6 (IPv6) source routing must be configured to the highest protection le...
|
|
V-224917
|
Low
|
Source routing must be configured to the highest protection level to prevent Internet Protocol (I...
|
|
V-224918
|
Low
|
Windows Server 2016 must be configured to prevent Internet Control Message Protocol (ICMP) redire...
|
|
V-224920
|
Medium
|
Insecure logons to an SMB server must be disabled
|
|
V-224921
|
Medium
|
Hardened UNC paths must be defined to require mutual authentication and integrity for at least th...
|
|
V-224923
|
Medium
|
Windows Server 2016 virtualization-based security must be enabled with the platform security leve...
|
|
V-224924
|
Medium
|
Early Launch Antimalware, Boot-Start Driver Initialization Policy must prevent boot drivers ident...
|
|
V-224925
|
Medium
|
Group Policy objects must be reprocessed even if they have not changed
|
|
V-224929
|
Medium
|
Users must be prompted to authenticate when the system wakes from sleep (on battery)
|
|
V-224930
|
Medium
|
Users must be prompted to authenticate when the system wakes from sleep (plugged in)
|
|
V-224936
|
Medium
|
Windows Telemetry must be configured to Security or Basic
|
|
V-224942
|
Low
|
Turning off File Explorer heap termination on corruption must be disabled
|
|
V-224943
|
Medium
|
File Explorer shell protocol must run in protected mode
|
|
V-224949
|
Medium
|
Attachments must be prevented from being downloaded from RSS feeds
|
|
V-236000
|
Medium
|
The Windows Explorer Preview pane must be disabled for Windows Server 2016
|
|
V-224955
|
Medium
|
Users must be notified if a web-based program attempts to install software
|
|
V-224956
|
Medium
|
Automatically signing in the last interactive user after a system-initiated restart must be disabled
|
|
V-224978
|
High
|
Directory data (outside the root DSE) of a non-public directory must be configured to prevent ano...
|
|
V-254375
|
Medium
|
Windows Server 2022 users must be notified if a web-based program attempts to install software
|
|
V-205874
|
Medium
|
Windows Server 2019 users must be notified if a web-based program attempts to install software
|
|
V-253412
|
Medium
|
Users must be notified if a web-based program attempts to install software
|
|
V-220858
|
Medium
|
Users must be notified if a web-based program attempts to install software
|
|
V-254284
|
Medium
|
Windows Server 2022 must have Secure Boot enabled
|
|
V-205857
|
Low
|
Windows Server 2019 must have Secure Boot enabled
|
|
V-220700
|
Low
|
Secure Boot must be enabled on Windows 10 systems
|
|
V-254357
|
Low
|
Windows Server 2022 Windows Update must not obtain updates from other PCs on the internet
|
|
V-205870
|
Low
|
Windows Server 2019 Windows Update must not obtain updates from other PCs on the Internet
|
|
V-253394
|
Low
|
Windows Update must not obtain updates from other PCs on the internet
|
|
V-220835
|
Low
|
Windows Update must not obtain updates from other PCs on the internet
|
|
V-224996
|
Medium
|
Domain controllers must be configured to allow reset of machine account passwords
|
|
V-225006
|
Medium
|
The password for the krbtgt account on a domain must be reset at least every 180 days
|
|
V-225011
|
Medium
|
Caching of logon credentials must be limited
|
|
V-225012
|
High
|
Windows Server 2016 must be running Credential Guard on domain-joined member servers
|
|
V-225025
|
High
|
Local accounts with blank passwords must be restricted to prevent access from the network
|
|
V-225026
|
Medium
|
Windows Server 2016 built-in administrator account must be renamed
|
|
V-225027
|
Medium
|
Windows Server 2016 built-in guest account must be renamed
|
|
V-225033
|
Medium
|
The maximum age for machine account passwords must be configured to 30 days or less
|
|
V-225038
|
Medium
|
The Smart Card removal option must be configured to Force Logoff or Lock Workstation
|
|
V-225044
|
High
|
Anonymous SID/Name translation must not be allowed
|
|
V-225045
|
High
|
Anonymous enumeration of Security Account Manager (SAM) accounts must not be allowed
|
|
V-225047
|
Medium
|
Windows Server 2016 must be configured to prevent anonymous users from having the same permission...
|
|
V-254238
|
Medium
|
Windows Server 2022 users with Administrative privileges must have separate accounts for administ...
|
|
V-205844
|
High
|
Windows Server 2019 users with Administrative privileges must have separate accounts for administ...
|
|
V-205845
|
High
|
Windows Server 2019 administrative accounts must not be used with applications that access the In...
|
|
V-253294
|
High
|
Administrative accounts must not be used with applications that access the internet, such as web ...
|
|
V-220737
|
High
|
Administrative accounts must not be used with applications that access the Internet, such as web ...
|
|
V-254241
|
Medium
|
Windows Server 2022 members of the Backup Operators group must have separate accounts for backup ...
|
|
V-205846
|
Medium
|
Windows Server 2019 members of the Backup Operators group must have separate accounts for backup ...
|
|
V-253270
|
Medium
|
Only accounts responsible for the backup operations must be members of the Backup Operators group
|
|
V-220713
|
Medium
|
Only accounts responsible for the backup operations must be members of the Backup Operators group
|
|
V-254243
|
Medium
|
Windows Server 2022 manually managed application account passwords must be changed at least annua...
|
|
V-205847
|
Medium
|
Windows Server 2019 manually managed application account passwords must be changed at least annua...
|
|
V-254246
|
Medium
|
Windows Server 2022 domain-joined systems must have a Trusted Platform Module (TPM) enabled and r...
|
|
V-205848
|
Medium
|
Windows Server 2019 domain-joined systems must have a Trusted Platform Module (TPM) enabled and r...
|
|
V-220698
|
Medium
|
Windows 10 domain-joined systems must have a Trusted Platform Module (TPM) enabled and ready for use
|