| Vulnerability ID |
Severity |
Description |
|
V-205849
|
High
|
Windows Server 2019 must be maintained at a supported servicing level
|
|
V-253263
|
High
|
Windows 11 systems must be maintained at a supported servicing level
|
|
V-220706
|
High
|
Windows 10 systems must be maintained at a supported servicing level
|
|
V-205908
|
High
|
Windows Server 2019 must prevent local accounts with blank passwords from being used from the net...
|
|
V-254446
|
High
|
Windows Server 2022 must prevent local accounts with blank passwords from being used from the net...
|
|
V-254250
|
High
|
Windows Server 2022 local volumes must use a format that supports NTFS attributes
|
|
V-205663
|
High
|
Windows Server 2019 local volumes must use a format that supports NTFS attributes
|
|
V-253265
|
High
|
Local volumes must be formatted using NTFS
|
|
V-220708
|
High
|
Local volumes must be formatted using NTFS
|
|
V-260469
|
High
|
Ubuntu 22.04 LTS must disable the x86 Ctrl-Alt-Delete key sequence
|
|
V-260650
|
High
|
Ubuntu 22.04 LTS must implement NIST FIPS-validated cryptography to protect classified informatio...
|
|
V-254293
|
High
|
Windows Server 2022 reversible password encryption must be disabled
|
|
V-205653
|
High
|
Windows Server 2019 reversible password encryption must be disabled
|
|
V-253305
|
High
|
Reversible password encryption must be disabled
|
|
V-220747
|
High
|
Reversible password encryption must be disabled
|
|
V-254352
|
High
|
Windows Server 2022 Autoplay must be turned off for nonvolume devices
|
|
V-205804
|
High
|
Windows Server 2019 Autoplay must be turned off for non-volume devices
|
|
V-253386
|
High
|
Autoplay must be turned off for non-volume devices
|
|
V-220827
|
High
|
Autoplay must be turned off for non-volume devices
|
|
V-254354
|
High
|
Windows Server 2022 AutoPlay must be disabled for all drives
|
|
V-205806
|
High
|
Windows Server 2019 AutoPlay must be disabled for all drives
|
|
V-253388
|
High
|
Autoplay must be disabled for all drives
|
|
V-220829
|
High
|
Autoplay must be disabled for all drives
|
|
V-254353
|
High
|
Windows Server 2022 default AutoRun behavior must be configured to prevent AutoRun commands
|
|
V-205805
|
High
|
Windows Server 2019 default AutoRun behavior must be configured to prevent AutoRun commands
|
|
V-253387
|
High
|
The default autorun behavior must be configured to prevent autorun commands
|
|
V-254500
|
High
|
Windows Server 2022 debug programs user right must only be assigned to the Administrators group
|
|
V-205757
|
High
|
Windows Server 2019 Debug programs: user right must only be assigned to the Administrators group
|
|
V-253490
|
High
|
The "Debug programs" user right must only be assigned to the Administrators group
|
|
V-220967
|
High
|
The Debug programs user right must only be assigned to the Administrators group
|
|
V-254391
|
High
|
Windows Server 2022 permissions on the Active Directory data files must only allow System and Adm...
|
|
V-254392
|
High
|
Windows Server 2022 Active Directory SYSVOL directory must have the proper access control permiss...
|
|
V-205740
|
High
|
Windows Server 2019 Active Directory SYSVOL directory must have the proper access control permiss...
|
|
V-254441
|
High
|
Windows Server 2022 must be running Credential Guard on domain-joined member servers
|
|
V-205907
|
High
|
Windows Server 2019 must be running Credential Guard on domain-joined member servers
|
|
V-253370
|
High
|
Credential Guard must be running on Windows 11 domain-joined systems
|
|
V-220812
|
High
|
Credential Guard must be running on Windows 10 domain-joined systems
|
|
V-253284
|
High
|
Structured Exception Handling Overwrite Protection (SEHOP) must be enabled
|
|
V-220727
|
High
|
Structured Exception Handling Overwrite Protection (SEHOP) must be enabled
|
|
V-205850
|
High
|
Windows Server 2019 must use an anti-virus program
|
|
V-253264
|
High
|
The Windows 11 system must use an antivirus program
|
|
V-220707
|
High
|
The Windows 10 system must use an anti-virus program
|
|
V-253275
|
High
|
Internet Information System (IIS) or its subcomponents must not be installed on a workstation
|
|
V-220718
|
High
|
Internet Information System (IIS) or its subcomponents must not be installed on a workstation
|
|
V-253382
|
High
|
Solicited Remote Assistance must not be allowed
|
|
V-220823
|
High
|
Solicited Remote Assistance must not be allowed
|
|
V-254466
|
High
|
Windows Server 2022 must not allow anonymous enumeration of Security Account Manager (SAM) accounts
|
|
V-205914
|
High
|
Windows Server 2019 must not allow anonymous enumeration of Security Account Manager (SAM) accounts
|
|
V-253453
|
High
|
Anonymous enumeration of SAM accounts must not be allowed
|
|
V-220929
|
High
|
Anonymous enumeration of SAM accounts must not be allowed
|
|
V-254467
|
High
|
Windows Server 2022 must not allow anonymous enumeration of shares
|
|
V-205724
|
High
|
Windows Server 2019 must not allow anonymous enumeration of shares
|
|
V-253454
|
High
|
Anonymous enumeration of shares must be restricted
|
|
V-220930
|
High
|
Anonymous enumeration of shares must be restricted
|
|
V-254475
|
High
|
Windows Server 2022 LAN Manager authentication level must be configured to send NTLMv2 response o...
|
|
V-205919
|
High
|
Windows Server 2019 LAN Manager authentication level must be configured to send NTLMv2 response o...
|
|
V-253462
|
High
|
The LanMan authentication level must be set to send NTLMv2 response only, and to refuse LM and NTLM
|
|
V-220938
|
High
|
The LanMan authentication level must be set to send NTLMv2 response only, and to refuse LM and NTLM
|
|
V-220937
|
High
|
The system must be configured to prevent the storage of the LAN Manager hash of passwords
|
|
V-254469
|
High
|
Windows Server 2022 must restrict anonymous access to Named Pipes and Shares
|
|
V-205725
|
High
|
Windows Server 2019 must restrict anonymous access to Named Pipes and Shares
|
|
V-253456
|
High
|
Anonymous access to Named Pipes and Shares must be restricted
|
|
V-220932
|
High
|
Anonymous access to Named Pipes and Shares must be restricted
|
|
V-254474
|
High
|
Windows Server 2022 must be configured to prevent the storage of the LAN Manager hash of passwords
|
|
V-205654
|
High
|
Windows Server 2019 must be configured to prevent the storage of the LAN Manager hash of passwords
|
|
V-253461
|
High
|
The system must be configured to prevent the storage of the LAN Manager hash of passwords
|
|
V-260470
|
High
|
Ubuntu 22.04 LTS, when booted, must require authentication upon booting into single-user and main...
|
|
V-260482
|
High
|
Ubuntu 22.04 LTS must not have the "rsh-server" package installed
|
|
V-260483
|
High
|
Ubuntu 22.04 LTS must not have the "telnet" package installed
|
|
V-260523
|
High
|
Ubuntu 22.04 LTS must have SSH installed
|
|
V-260524
|
High
|
Ubuntu 22.04 LTS must use SSH to protect the confidentiality and integrity of transmitted informa...
|
|
V-260539
|
High
|
Ubuntu 22.04 LTS must disable the x86 Ctrl-Alt-Delete key sequence if a graphical user interface ...
|
|
V-260559
|
High
|
Ubuntu 22.04 LTS must ensure only users who need access to security functions are part of sudo group
|
|
V-260570
|
High
|
Ubuntu 22.04 LTS must not allow accounts configured with blank or null passwords
|
|
V-260571
|
High
|
Ubuntu 22.04 LTS must not have accounts configured with blank or null passwords
|
|
V-260579
|
High
|
Ubuntu 22.04 LTS must map the authenticated identity to the user or group account for PKI-based a...
|
|
V-260650
|
High
|
Ubuntu 22.04 LTS must implement NIST FIPS-validated cryptography to protect classified informatio...
|
|
V-224819
|
High
|
Users with Administrative privileges must have separate accounts for administrative duties and no...
|
|
V-224821
|
High
|
Administrative accounts must not be used with applications that access the Internet, such as web ...
|
|
V-224828
|
High
|
Systems must be maintained at a supported servicing level
|
|
V-224829
|
High
|
The Windows Server 2016 system must use an anti-virus program
|
|
V-224831
|
High
|
Local volumes must use a format that supports NTFS attributes
|
|
V-224843
|
High
|
Systems requiring data at rest protections must employ cryptographic mechanisms to prevent unauth...
|
|
V-254378
|
High
|
Windows Server 2022 Windows Remote Management (WinRM) client must not use Basic authentication
|
|
V-205711
|
High
|
Windows Server 2019 Windows Remote Management (WinRM) client must not use Basic authentication
|
|
V-253416
|
High
|
The Windows Remote Management (WinRM) client must not use Basic authentication
|
|
V-220862
|
High
|
The Windows Remote Management (WinRM) client must not use Basic authentication
|
|
V-254381
|
High
|
Windows Server 2022 Windows Remote Management (WinRM) service must not use Basic authentication
|
|
V-205713
|
High
|
Windows Server 2019 Windows Remote Management (WinRM) service must not use Basic authentication
|
|
V-253418
|
High
|
The Windows Remote Management (WinRM) service must not use Basic authentication
|
|
V-220865
|
High
|
The Windows Remote Management (WinRM) service must not use Basic authentication
|
|
V-224874
|
High
|
Windows Server 2016 reversible password encryption must be disabled
|
|
V-254374
|
High
|
Windows Server 2022 must disable the Windows Installer Always install with elevated privileges op...
|
|
V-205802
|
High
|
Windows Server 2019 must disable the Windows Installer Always install with elevated privileges op...
|
|
V-253411
|
High
|
The Windows Installer feature "Always install with elevated privileges" must be disabled
|
|
V-220857
|
High
|
The Windows Installer Always install with elevated privileges must be disabled
|
|
V-224932
|
High
|
AutoPlay must be turned off for non-volume devices
|
|
V-224933
|
High
|
The default AutoRun behavior must be configured to prevent AutoRun commands
|
|
V-224934
|
High
|
AutoPlay must be disabled for all drives
|
|
V-224954
|
High
|
The Windows Installer Always install with elevated privileges option must be disabled
|
|
V-224958
|
High
|
The Windows Remote Management (WinRM) client must not use Basic authentication
|
|
V-224961
|
High
|
The Windows Remote Management (WinRM) service must not use Basic authentication
|
|
V-224964
|
High
|
Only administrators responsible for the domain controller must have Administrator rights on the s...
|
|
V-224970
|
High
|
Permissions on the Active Directory data files must only allow System and Administrators access
|
|
V-224971
|
High
|
The Active Directory SYSVOL directory must have the proper access control permissions
|
|
V-224972
|
High
|
Active Directory Group Policy objects must have proper access control permissions
|
|
V-224973
|
High
|
The Active Directory Domain Controllers Organizational Unit (OU) object must have the proper acce...
|
|
V-224974
|
High
|
Domain-created Active Directory Organizational Unit (OU) objects must have proper access control ...
|
|
V-224978
|
High
|
Directory data (outside the root DSE) of a non-public directory must be configured to prevent ano...
|
|
V-224992
|
High
|
Domain Controller PKI certificates must be issued by the DoD PKI or an approved External Certific...
|
|
V-224993
|
High
|
PKI certificates associated with user accounts must be issued by the DoD PKI or an approved Exter...
|
|
V-253283
|
High
|
Data Execution Prevention (DEP) must be configured to at least OptOut
|
|
V-220726
|
High
|
Data Execution Prevention (DEP) must be configured to at least OptOut
|
|
V-271430
|
High
|
Windows Server 2016 must be configured for name-based strong mappings for certificates
|
|
V-225007
|
High
|
Only administrators responsible for the member server or standalone or nondomain-joined system mu...
|
|
V-225012
|
High
|
Windows Server 2016 must be running Credential Guard on domain-joined member servers
|
|
V-225025
|
High
|
Local accounts with blank passwords must be restricted to prevent access from the network
|
|
V-225044
|
High
|
Anonymous SID/Name translation must not be allowed
|
|
V-225045
|
High
|
Anonymous enumeration of Security Account Manager (SAM) accounts must not be allowed
|
|
V-225046
|
High
|
Anonymous enumeration of shares must not be allowed
|
|
V-225048
|
High
|
Anonymous access to Named Pipes and Shares must be restricted
|
|
V-205844
|
High
|
Windows Server 2019 users with Administrative privileges must have separate accounts for administ...
|
|
V-254240
|
High
|
Windows Server 2022 administrative accounts must not be used with applications that access the in...
|
|
V-205845
|
High
|
Windows Server 2019 administrative accounts must not be used with applications that access the In...
|
|
V-253294
|
High
|
Administrative accounts must not be used with applications that access the internet, such as web ...
|
|
V-220737
|
High
|
Administrative accounts must not be used with applications that access the Internet, such as web ...
|
|
V-205215
|
High
|
The DNS server implementation must utilize cryptographic mechanisms to prevent unauthorized discl...
|
|
V-205214
|
High
|
The DNS server implementation must utilize cryptographic mechanisms to prevent unauthorized modif...
|
|
V-205216
|
High
|
The DNS server implementation must protect the integrity of transmitted information.
|
|
V-218795
|
High
|
All IIS 10.0 web server sample code, example applications, and tutorials must be removed from a p...
|
|
V-218802
|
High
|
IIS 10.0 Web server accounts accessing the directory tree, the shell, or other operating system f...
|
|
V-218821
|
High
|
An IIS 10.0 web server must maintain the confidentiality of controlled information during transmi...
|
|
V-218823
|
High
|
All accounts installed with the IIS 10.0 web server software and tools must have passwords assign...
|
|
V-268438
|
High
|
The macOS system must limit SSHD to FIPS-compliant connections
|
|
V-268439
|
High
|
The macOS system must limit SSH to FIPS-compliant connections
|
|
V-268477
|
High
|
The macOS system must disable password authentication for SSH
|
|
V-268499
|
High
|
The macOS system must disable Trivial File Transfer Protocol (TFTP) service
|
|
V-268508
|
High
|
The macOS system must apply gatekeeper settings to block applications from unidentified developers
|
|
V-268509
|
High
|
The macOS system must disable Bluetooth when no approved device is connected
|
|
V-268511
|
High
|
The macOS system must enable gatekeeper
|
|
V-268512
|
High
|
The macOS system must disable unattended or automatic login to the system
|
|
V-268514
|
High
|
The macOS system must require an administrator password to modify systemwide preferences
|
|
V-268555
|
High
|
The macOS system must ensure System Integrity Protection is enabled
|
|
V-268556
|
High
|
The macOS system must enforce FileVault
|
|
V-254465
|
High
|
Windows Server 2022 must not allow anonymous SID/Name translation
|
|
V-205913
|
High
|
Windows Server 2019 must not allow anonymous SID/Name translation
|
|
V-253452
|
High
|
Anonymous SID/Name translation must not be allowed
|
|
V-220928
|
High
|
Anonymous SID/Name translation must not be allowed
|
|
V-254492
|
High
|
Windows Server 2022 Act as part of the operating system user right must not be assigned to any gr...
|
|
V-205750
|
High
|
Windows Server 2019 Act as part of the operating system user right must not be assigned to any gr...
|
|
V-253481
|
High
|
The "Act as part of the operating system" user right must not be assigned to any groups or accounts
|
|
V-220958
|
High
|
The Act as part of the operating system user right must not be assigned to any groups or accounts
|
|
V-225071
|
High
|
The Act as part of the operating system user right must not be assigned to any groups or accounts
|
|
V-254496
|
High
|
Windows Server 2022 create a token object user right must not be assigned to any groups or accounts
|
|
V-205753
|
High
|
Windows Server 2019 Create a token object user right must not be assigned to any groups or accounts
|
|
V-253486
|
High
|
The "Create a token object" user right must not be assigned to any groups or accounts
|
|
V-220963
|
High
|
The Create a token object user right must not be assigned to any groups or accounts
|
|
V-225091
|
High
|
The Create a token object user right must not be assigned to any groups or accounts
|
|
V-225053
|
High
|
Windows Server 2016 must be configured to prevent the storage of the LAN Manager hash of passwords
|
|
V-225054
|
High
|
The LAN Manager authentication level must be set to send NTLMv2 response only and to refuse LM an...
|
|
V-225079
|
High
|
The Debug programs user right must only be assigned to the Administrators group
|
|
V-277987
|
High
|
Windows Server 2025 administrative accounts must not be used with applications that access the in...
|
|
V-277997
|
High
|
Windows Server 2025 local volumes must use a format that supports New Technology File System (NTF...
|
|
V-278040
|
High
|
Windows Server 2025 reversible password encryption must be disabled
|
|
V-278099
|
High
|
Windows Server 2025 AutoPlay must be turned off for nonvolume devices
|
|
V-278100
|
High
|
Windows Server 2025 default AutoRun behavior must be configured to prevent AutoRun commands
|
|
V-278101
|
High
|
Windows Server 2025 AutoPlay must be disabled for all drives
|
|
V-278121
|
High
|
Windows Server 2025 must disable the Windows Installer Always install with elevated privileges op...
|
|
V-278125
|
High
|
Windows Server 2025 Windows Remote Management (WinRM) client must not use Basic authentication
|
|
V-278128
|
High
|
Windows Server 2025 Windows Remote Management (WinRM) service must not use Basic authentication
|
|
V-278132
|
High
|
Windows Server 2025 must only allow administrators responsible for the domain controller to have ...
|
|
V-278138
|
High
|
Windows Server 2025 permissions on the Active Directory data files must only allow system adminis...
|
|
V-278139
|
High
|
Windows Server 2025 Active Directory SYSVOL directory must have the proper access control permiss...
|
|
V-278140
|
High
|
Windows Server 2025 Active Directory (AD) Group Policy Objects (GPOs) must have proper access con...
|
|
V-278141
|
High
|
Windows Server 2025 Active Directory Domain Controllers Organizational Unit (OU) object must have...
|
|
V-278142
|
High
|
Windows Server 2025 organization created Active Directory Organizational Unit (OU) objects must h...
|
|
V-278146
|
High
|
Windows Server 2025 directory data (outside the root DSE) of a nonpublic directory must be config...
|
|
V-278160
|
High
|
Windows Server 2025 domain Controller PKI certificates must be issued by the DOD PKI or an approv...
|
|
V-278161
|
High
|
Windows Server 2025 PKI certificates associated with user accounts must be issued by a DOD PKI or...
|
|
V-278177
|
High
|
Windows Server 2025 must only allow administrators responsible for the member server or stand-alo...
|
|
V-278190
|
High
|
Windows Server 2025 must be running Credential Guard on domain-joined member servers
|
|
V-278196
|
High
|
Windows Server 2025 must prevent local accounts with blank passwords from being used from the net...
|
|
V-278215
|
High
|
Windows Server 2025 must not allow anonymous SID/Name translation
|
|
V-278216
|
High
|
Windows Server 2025 must not allow anonymous enumeration of Security Account Manager (SAM) accounts
|
|
V-278217
|
High
|
Windows Server 2025 must not allow anonymous enumeration of shares
|
|
V-278219
|
High
|
Windows Server 2025 must restrict anonymous access to Named Pipes and Shares
|
|
V-278225
|
High
|
Windows Server 2025 LAN Manager authentication level must be configured to send NTLMv2 response o...
|
|
V-278242
|
High
|
The Windows Server 2025 "Act as part of the operating system" user right must not be assigned to ...
|
|
V-278246
|
High
|
The Windows Server 2025 "Create a token object" user right must not be assigned to any groups or ...
|
|
V-278250
|
High
|
The Windows Server 2025 "Debug programs" user right must only be assigned to the Administrators g...
|
|
V-243466
|
High
|
Membership to the Enterprise Admins group must be restricted to accounts used only to manage the ...
|
|
V-243467
|
High
|
Membership to the Domain Admins group must be restricted to accounts used only to manage the Acti...
|
|
V-243470
|
High
|
Delegation of privileged accounts must be prohibited
|
|
V-243482
|
High
|
Interconnections between DoD directory services of different classification levels must use a cro...
|
|
V-243483
|
High
|
A controlled interface must have interconnections among DoD information systems operating between...
|
|
V-277046
|
High
|
The macOS system must limit SSHD to FIPS-compliant connections
|
|
V-277047
|
High
|
The macOS system must limit SSH to FIPS-compliant connections
|
|
V-277084
|
High
|
The macOS system must disable password authentication for SSH
|
|
V-277108
|
High
|
The macOS system must disable Trivial File Transfer Protocol (TFTP) service
|
|
V-277117
|
High
|
The macOS system must apply gatekeeper settings to block applications from unidentified developers
|
|
V-277118
|
High
|
The macOS system must disable Bluetooth when no approved device is connected
|
|
V-277120
|
High
|
The macOS system must enable gatekeeper
|
|
V-277121
|
High
|
The macOS system must disable unattended or automatic login to the system
|
|
V-277123
|
High
|
The macOS system must require an administrator password to modify systemwide preferences
|
|
V-277165
|
High
|
The macOS system must ensure System Integrity Protection (SIP) is enabled
|
|
V-277166
|
High
|
The macOS system must enforce FileVault
|
|
V-277185
|
High
|
The macOS system must install security-relevant software updates within 30 days unless the time p...
|
|
V-282964
|
High
|
The macOS system must be a version supported by the vendor
|