According to the latest study by Orange Security, 13 percent of the vulnerabilities found in today’s corporate networks were already known in 2012, and almost half of all gaps are more than five years old – and the trend is increasing. Professional vulnerability management such as the Greenbone product family can provide a remedy.

The Orange Security Navigator takes a look at the current threat situation on many pages every year. In the latest edition, the security software manufacturer comes to astonishing insights regarding the age of vulnerabilities in companies. The oldest risks have existed for 20 years or more, writes Orange, and patching is also taking longer and longer.

Even recently, problems that were actually fixed long ago filled the headlines: A security hole in VMWare’s ESXi server, which had been closed for years, was actively exploited by attackers. According to the German Federal Office for Information Security (BSI), thousands of servers were infected with ransomware and encrypted – details here in the Greenbone blog.

Orange Security can also sing from the same song: “Our pentesters find vulnerabilities that were first identified in 2010 (…) [and] problems whose causes go back to 1999. (…) This is a very worrying result.” In the case of the ESXi incident, the vulnerability had already been closed by the manufacturer in February 2021, but not all users had applied the necessary updates – which is exactly where Greenbone’s products help by actively scanning your systems for known, open vulnerabilities.

This is becoming increasingly important because, even according to Orange, more and more critical gaps are sometimes open for six months or longer, In recent years, the average time to a fix has increased by 241 percent. While patching of serious vulnerabilities is on average one-third faster than for less critical threats, the maximum time required to apply a patch is a concern: “Whether critical or not, some patches take years to apply.

Only one-fifth of all vulnerabilities found are fixed in less than 30 days, the study explains, while 80% remain open for more than a month. On average, it takes a full 215 days for gaps to be closed. Of the vulnerabilities waiting 1000 days for a patch, 16% were classified as severe, with three-quarters of medium threat, it said. In the case of the ESXi vulnerability, there has been an alert for two years, a high-risk classification and also a patch to fix it. Despite this, a large number of organizations have been successfully attacked by exploiting the vulnerability.

The problem is well known: Calls for vulnerability and patch management from data protection regulators, for example, are a regular occurrence. “I look at the topic of information security with concern. On the one hand, many organizations still haven’t done their homework to eliminate known vulnerabilities in IT systems – the data breach reports show us how such vulnerabilities are exploited again and again, and often data can be leaked.” Marit Hansen, Schleswig-Holstein State Commissioner for Data Protection, February 2022.

When it comes to cybersecurity, companies face major challenges, she said: More than 22 vulnerabilities with CVE are published every day, with an average CVSS score of 7 or more, she said. Without professional vulnerability management, this can no longer be handled, Orange also explains.

This makes the early detection and recording of vulnerabilities in the company all the more important. Greenbone products can take a lot of the work out of this and provide security – as a hardware or virtual appliance or as a cloud service. The Greenbone Enterprise Feed, from which all Greenbone security products are fed, receives daily updates and thus covers a high percentage of risks. Our security experts have been researching the topic for over 10 years, so we can detect risks even in grown structures.

Vulnerability management is an indispensable part of IT security. It can find risks and provides valuable information on how to eliminate them. However, there is no such thing as one hundred percent security, and there is no single measure that is sufficient to achieve the maximum level of security – vulnerability management is an important building block. Only the totality of the systems deployed, together with comprehensive data protection and cyber security concepts, is the best possible security.


Osnabrück, March 8, 2023 – Our transformation from Greenbone Networks GmbH into the Greenbone AG was completed today by entry into the commercial register (HR B 218768) and is thus effective.

We have taken the next big step and become an AG. Why did we take this step? Our former managing director and also new CEO, Dr. Jan-Oliver Wagner, explains it like this:

“The conversion to a stock corporation is a pioneering step into the future for us. It is the result of the strong and self-financed growth of the past years into an established and industry-leading medium-sized company. With this step, we are simplifying the further development and expansion of our business relationships at home and abroad.”

Our board consists of two people, the second is Elmar Geese, who is already responsible for Greenbone’s marketing today:

“With our products for intelligent vulnerability management, we have the potential to evolve from a market leader in the open source sector to an even much stronger player. With our new positioning, and also with new products, we want to take this next big step.”

Dr. Jan-Oliver Wagner, CEO und Mitbegründer von Greenbone

Dr. Jan-Oliver Wagner, CEO

Elmar Geese, CIO und CMO

Elmar Geese, CMO/CIO


About Greenbone AG

Greenbone products identify security gaps, assess their risk potential and recommend measures for remediation. In this way, vulnerabilities are uncovered before they can cause damage.
Further information about Greenbone, its products, the topic of cyber security, and current vulnerabilities can be found here.

Media Contact
Britta Zurborn
britta.zurborn@greenbone.net


Contact Free Trial Buy Here Back to Overview

A new wave of ransomware attacks has been threatening numerous servers in Europe. The attacks focus on the hypervisors in VMware’s virtualization server ESXi.
Patches are available, Greenbone’s products can protect and help to find the vulnerability.

The German BSI explicitly warns of the vulnerability and in its latest information on the security situation speaks of thousands of servers and a worldwide threat with a focus on Europe, the U.S. and Canada, using a vulnerability that the manufacturer already patched almost two years ago: (CVE-2021-21974).

Not only VMWare servers themselves at risk

According to IT security portal Hackernews, French provider OVHcloud has confirmed the open source implementation of the IETF Service Location Protocol (OpenSLP) as an entry point.

The threat to IT systems in this case is classified as business-critical – a successful attack with ransomware can therefore cause massive disruptions to regular operations. What is particularly serious about attacks of this type is that under certain circumstances not only institutions that use VMware ESXi themselves are affected, but also third parties – for example, via the server systems hosted in VMware virtualization.

France, Italy, Finland, Canada and the U.S.

Suspicions that European organizations and institutions were the main focus of attackers in the latest wave of attacks were also confirmed a few days later, when the Italian National Cybersecurity Agency ACN warned of the vulnerabilities and a “large-scale wave of attacks.” A Reuters report also speaks of attacks in Finland and the United States.

Users can protect themselves, however: The manufacturer VMware advises upgrading to the latest version of its software – and installing the patch. In general, systems like Greenbone Vulnerability Management help prevent such intrusions by finding the unpatched gaps and proactively warning administrators in reports.

Checking with the Greenbone Cloud

Installation of the VMware patch is free, as is an audit of their systems with the Greenbone Cloud Service Trial. In general, administrators should always ensure that all backups are secured against ransomware and examine log files for suspicious system access – the BSI lists six questions on the checklist in its warning that every administrator should ask themselves now.


Contact Free Trial Buy Here Back to Overview

For almost two years, Greenbone has been adding more and more tests from the recommendations of the Center for Internet Security (CIS) in its security feed. Among the newest ones are benchmarks for the container management solution Docker.

Docker is one of the most common container technologies in enterprise environments. Its increasing popularity within DevOps circles, ease-of-use and flexibility made it popular among developers and DevOPS. Therefore, the CIS is providing benchmark tests for configuration compliance in Docker environments which are „intended for system and application administrators, security specialists, auditors, help desk, and platform deployment personnel who plan to develop, deploy, assess, or secure solutions that incorporate Docker“ – and Greenbone is happy to integrate these tests in its vulnerability management products.

Testing Docker environments for Vulnerabilities

The CIS benchmarks (more than 140 as of 2023) contain guidance on best practices for configuring IT systems, networks, and software. They are created together with developers, subject matter experts and companies in enterprise Docker environments and have become the reference for compliance testing regarding cybersecurity. The CIS benchmarks come in seven groups, (Operating System, Server Software, Cloud Provider Benchmarks, Mobile Device, Network Device, Desktop Software, Multi-Function Print Device), of which the Docker tests reside in the Server section. Greenbone has been supporting Docker for a while, continuously updating the tests.

Greenbone has been supporting CIS benchmarks for years

Since 2021, Greenbone has been integrating and continuously expanding CIS benchmarks in its products – now integrating the docker compliance benchmarks for Docker systems newer than Docker 1.4. All tests are combined by Greenbone into scan configurations and added to the Greenbone Enterprise Feed. The Greenbone product will run the set of tests on a target system, checking configuration and other settings, for example file permissions. Having done so, it returns a report with mitigation strategies to the administrator who can then adapt his systems to the recommendations for security compliance.

Certified by CIS

As a member CIS consortium Greenbone is continuously expanding its CIS Benchmark scan configurations – right now, for example, Greenbone is working on Kubernetes integration. Like all compliance policies developed by Greenbone on the basis of CIS Benchmarks, the latest ones are certified by CIS – this means maximum security when it comes to auditing a system according to CIS hardening recommendations. This not only simplifies the preparation of audits, important criteria can be checked in advance with a scan by a Greenbone product and, if necessary, any weaknesses found can be remedied before problems arise.


Contact Free Trial Buy Here Back to Overview

In the 10th edition of its ENISA Threat Landscape (ETL), the EU’s cybersecurity agency explicitly warns of increasing threats from hacking attacks on public sector entities.

Around a quarter of all security related incidents target administrative or government entities, the ENISA study reports – making the public sector nearly twice as much at risk as hosters and providers, who come in second at 13 %. More than ever, users should protect their networks – for example, with products from Greenbone.

The number one threat still are extortionate ransomware attacks, followed by malware and social engineering, e.g. where attackers try to obtain passwords from employees via telephone.

Geopolitics doesn’t stop at the public data center

However, things have changed in the last two years – not only the war in Ukraine ensured that “geopolitical aspects have a significantly greater influence” on threat scenarios, the ENISA authors write. Attacks are becoming more destructive, motivated by the armed conflict and are being flanked by targeted disinformation campaigns – which are increasingly directed against public institutions.

Businesses and government agencies, however, are worried by the fact that attackers have gained in skill level, aggressiveness and agility since 2021. The better organizations have adapted their cybersecurity programs and thus their defenses to the threat environment, the more they have forced attackers to adopt newer attack vectors, to the point of developing new, unknown zeroday exploits and more. At the same time, hacker groups are constantly becoming more agile, renaming themselves and continuously regrouping, further complicating attribution (matching an attack to individuals).

Progressive professionalization of attackers

As if that weren’t enough, the hacker-as-a-service model continues to gain traction; people are becoming more professionalized. Attacks are also increasingly targeting the supply chain, managed service providers and are becoming more and more, as they have been doing every year, especially in the upcoming reporting period – the phase at the end of a fiscal year when reports relevant to the stock exchange may have to be prepared.

What is new, however, according to ENISA, is the increase in hybrid threats, which are also fueled by state actors and software. The study specifically cites the spyware “Pegasus” developed by the Israeli government, as well as phishing and attacks on data infrastructures.

Machine learning and artificial intelligence

The professionalization of attacks has had a particularly fatal effect, because they have become much more sophisticated through the use of machine learning and artificial intelligence. For example, there are already bots that act as deep fakes, disrupt chains of command, and are also capable of disabling government institutions with masses of fake comments.

ENISA groups the typical attackers into four categories: State-sponsored, organized crime (cybercrime), commercial hackers (“hackers for hire”), and activists. The goal of all these attackers is usually unauthorized access to data and disruption of the availability of services (and in many cases the associated extortion of ransom money), they said.

Vulnerability Management protects

The only safe option that government agencies and companies have to counter these attacks is Vulnerability Management, which allows them to look at their own IT infrastructure from the outside, from the perspective of a potential attacker. This is the only way to identify and close security gaps before an attacker succeeds.

This is exactly where our Vulnerability Management products come in – as a hardware or virtual appliance or in the Greenbone Cloud Service. Greenbone develops an Open Source Vulnerability Management and allows users to detect vulnerabilities in their own network infrastructure within a few steps. Our products generate reports with concrete action instructions that you can implement immediately.

We work strictly according to German/European law and offer an Open Source solution. This means best data protection compliance and is thus guaranteed free of backdoors.

Greenbone: Many years of experience in the public sector

For many years, Greenbone has been offering customized products for the public sector, e.g. for requirements of higher security levels (classified, VS-NFD and higher).

Even networks that are physically separated from other networks can be scanned for vulnerabilities with Greenbone. Such areas separated by an “air gap” often occur in public authorities when network segments must be operated separately from the Internet and the rest of the public authority network due to a special need for protection. Greenbone’s products support strict airgap via special USB sticks, but also data diodes that allow traffic in one direction only.

No matter if you already have a frame contract with us or if you contact us for the first time, e.g. via the form on our website: We are happy to help you. Greenbone can look back on many years of experience with public authorities and is always ready to help you with words and deeds. Contact us!


Contact Free Trial Buy Here Back to Overview

The EuGH ruling known as “Schrems-II” on secure data exchange with the US has left a lot of legal uncertainty: Companies urgently need to adapt their contracts and a new solution is not in sight. It is time to switch to modern, data protection compliant and legally secure tools – such as the Greenbone Cloud Service for Vulnerability Management.

The “EU-US Privacy Shield” agreement, which attempted to regulate data protection in data transfers between the EU and the US (and other third countries), also failed to meet Europe’s requirements, its highest court ruled. In mid-July 2020, the European Court of Justice ECJ also declared the Privacy Shield invalid, following “Safe Harbor.”

Lack of legal certainty and renewed work

For many companies, this brought not only uncertainty, but also very concrete work: New standard contractual clauses (SCC) in accordance with the requirements of the EU Commission must be created. Time is pressing here: the EU’s “guardian of the treaties” will require new SCCs for old contracts as well from December 27, 2022.

Even more annoying, however, is that the future of transatlantic data processing also remains uncertain. According to experts, a decree by the U.S. president in October 2022 is likely to be just as short-lived as the predecessor regulations overturned by the ECJ. The legal areas are too different for a permanent, binding solution to be found. The only safe solution is to rely on legally secure products that comply with the GDPR from the outset.

Greenbone Cloud Service: GDPR-compliant Vulnerability Management already today

When it comes to vulnerability management, this is already possible today, quite simply with the Greenbone Cloud Service. It enables high-quality Vulnerability Management as a Service and allows users to detect vulnerabilities in their own network infrastructure (without installing virtual or hardware appliances) within a few steps and generates instructions for their remediation in the form of reports. Scan requests from the client network reach the scan clusters via cloud management, which do the core work and return the information for the reports more information here in the datasheet).

For both centrally managed networks and distributed environments that require high scalability, the Greenbone Cloud Service is perfect. The platform is ready to use within minutes without any local components. Users can start using the results immediately.

In addition, the Greenbone Cloud Service already ensures legal security and GDPR-compliant Vulnerability Management for all cloud customers today, because data processing takes place exclusively in German data centers, i.e. in the European legal area and within the scope of the GDPR. Data transfer of any kind to the USA or other third countries that cannot guarantee adequate data protection is thus excluded.

Try Greenbone Cloud Service for free

As a “trial”, the Greenbone Cloud Service is free of charge for 14 days. Users can try it out quickly, without special know-how directly in the web browser – during this time they can scan 2 external as well as 20 internal IP addresses. A direct upgrade to a valid subscription is possible at any time. The Greenbone Cloud Service Trial uses the daily updated Greenbone Enterprise Feed.

With its help, Greenbone automatically tests your IT network and all connected devices for more than 100,000 vulnerabilities and provides you with a daily updated, accurate status of the security situation in your company. Because the vulnerability check also provides you with information on the severity level at the same time, you can prioritize the identified vulnerabilities and the measures to be taken.

Vulnerability Management that looks at your IT infrastructure from the outside is indispensable in modern companies. With the perspective of a potential attacker, so to speak, you can ideally find every existing vulnerability in your IT infrastructure and take care of its elimination. Only those who know their vulnerabilities can implement security measures in a targeted manner.


Contact Free Trial Buy Here Back to Overview

ViPNet Client integrated into Greenbone Vulnerability Management

According to a report by ZDF Magazin Royale last Friday, there are growing fears that the VPN software “VIPNET”, from the company Protelion, a subsidiary of the Russian cybersecurity company O.A.O.Infotecs, could have security vulnerabilities.

It is feared that the software, which Protelion distributes, could allow the Russian secret service FSB (KGB) access to confidential information. Even though this claim is the subject of controversial debates between security experts and politicians, customers have approached us with the request to provide a test that can detect ViPNeT, especially on Windows computers.

Users of the Greenbone Enterprise Feed and the Greenbone Community Feed can verify the registration of InfoTeCS / Protelion ViPNet on Windows machines by an authenticated test.

Our customers can simply continue to use their Greenbone product, the test is already implemented in the feed. Those who do not yet have a Greenbone product yet, please use the link (check here) above.

Sustainable protection of your IT Networks

If you want to know which systems in your network are (still) vulnerable to vulnerabilities – including the ProxyNotShell vulnerability – our vulnerability management helps you. It is used in systems that must be patched or otherwise protected in any case. Depending on the type of systems and vulnerabilities, they can be found better or worse. The detection is also constantly improving and being updated. New gaps are found. Therefore, there may always be more systems with vulnerabilities in the network. Therefore, it is worthwhile to regularly update and scan all systems. The Greenbone vulnerability management offers corresponding automation functions for this.

Our vulnerability management offers the best protection

Vulnerability management is an indispensable part of IT security. It can find risks and provides valuable information on how to eliminate them. However, no single measure offers 100% security, not even vulnerability management. To make a system secure, many systems are used, which in their entirety should provide the best possible security.


We have developed a remote test for the Microsoft Exchange Server ProxyNotShell vulnerability GTSC2022.


Update from 2022-10-13: The vulnerability still exists after the October patchday on Tuesday. The blog post of Microsoft’s Security Response Center is continuously updated by the company, the last entry is from October 08.


The mentioned zero-day exploit in Microsoft Exchange Servers [GTSC2022] was published on September 28th by the cyber security company GTSC. After investigating a security incident, the security researchers discovered evidence of active exploitation of two vulnerabilities that can be used to compromise even fully patched systems.

The test (check here) extends our current vulnerability detection for Outlook Web Access (OWA) by checking whether Microsoft’s suggested remedies are in place. So far (beginning of October 2022), Microsoft only recommends workarounds. Microsoft Exchange users can use our test to ensure that the workaround instructions are implemented and active. Our customers can simply continue to use their Greenbone product, the test is already implemented in the feed. Those who do not yet have a Greenbone product yet, please use the link (check here) above.

Information on the technical background

Microsoft has published a post on its website [MSRC2022] describing that the vulnerabilities allow server-side request forgery (CVE-2022-41040) and remote code execution (CVE-2022-41082) if the attacker has access to PowerShell. However, this requires authenticated access to the vulnerable server (according to Microsoft, the Microsoft Exchange Servers 2013, 2016 and 2019).

The migration measures listed in the Microsoft blog (for example, disabling access to Powershell for unprivileged users) should be implemented as soon as possible by customers with on-premise solutions, as there is currently no known security update that fixes the vulnerability. According to Microsoft, users of Microsoft Exchange Online are not affected.

The severity of the vulnerability

In the Common Vulnerability Scoring System (CVSS), the vulnerabilities were rated as “high” and “medium” with a severity score of 8.8 and 6.3 out of 10, respectively. Since the vulnerabilities are already being actively exploited by attackers, there is also an increased risk of compromise for German institutions.

Sustainable protection of your IT Networks

If you want to know which systems in your network are (still) vulnerable to vulnerabilities – including the ProxyNotShell vulnerability – our vulnerability management helps you. It is used in systems that must be patched or otherwise protected in any case. Depending on the type of systems and vulnerabilities, they can be found better or worse. The detection is also constantly improving and being updated. New gaps are found. Therefore, there may always be more systems with vulnerabilities in the network. Therefore, it is worthwhile to regularly update and scan all systems. The Greenbone vulnerability management offers corresponding automation functions for this.

Our vulnerability management offers the best protection

Vulnerability management is an indispensable part of IT security. It can find risks and provides valuable information on how to eliminate them. However, no single measure offers 100% security, not even vulnerability management. To make a system secure, many systems are used, which in their entirety should provide the best possible security.


Contact Free Trial Buy Here Back to Overview

Greenbone is stepping up its commitment to open source and the community edition of its vulnerability management software. In addition to the open source code on Github, Greenbone now also provides pre-configured and tested Docker containers.

Official containers from the manufacturer itself

The Greenbone Community Containers are regularly built automatically and are also available for ARM and Raspberry Pi.

Björn Ricks, Senior Software Developer at Greenbone, sees this as a “big improvement for admins who just want to give Greenbone a try. Our official containers replace the many different Docker images that exist on the web with an official, always up-to-date, always-maintained version of Greenbone.”

Official Docker Container for Greenbone Community Edition

Hi Björn, what is your role at Greenbone?

Björn Ricks: One of my current tasks is to provide community container builds at Greenbone. Taking care of the community has always been a big concern of mine and for a long time I wanted to make sure that we also provide “official” Docker images of Greenbone. I’m very pleased that this has now worked out.

What is the benefit of the images for the community?

Björn Ricks: We make it much easier for administrators and users who want to test Greenbone. The installation now works completely independent of the operating system used: just download and run the Docker compose file that describes the services, open the browser and scan the local network. I think that’s a much lower barrier to entry, ideal even for anyone who doesn’t yet know the details and capabilities of our products.

Why does Greenbone now provide containers itself? There were already some on the net, weren’t there?

Björn Ricks: Yes, that’s right, but we found out that some people were unsure about the content, legitimacy and maintenance of these images. That’s why we decided to offer Docker images signed by us with verified and secured content.
All the container images existing on the network have different version status and even more so different quality grade. It is often impossible to tell from the outside whether an image is “any good” or not. Of course, you also have to trust the external authors and maintainers that they know what they are doing and that their images do not contain any additional security vulnerabilities. Only we, as producers of our own software, can guarantee that the published container images have the current version status and the desired quality grade.

Does Greenbone also plan to provide Docker images for its commercial product line, Greenbone Enterprise Appliances?

Björn Ricks: That depends on requests from our commercial customers. The Greenbone Community Edition includes access to the community feed with around 100,000 vulnerability tests. Our commercial feed contains even more tests, including those for many proprietary products that our customers use.

We have found that our customers are happy with our appliances, our virtual appliances, and our cloud solution – all of which qualify for use of the commercial feed subscription. However, this could change, and if it does, we will consider offering Docker containers to commercial customers.

How often are the images updated and what feed is included?

Björn Ricks: The images are built and published directly from the source code repositories. So they are always up to date and contain all patches. At the moment only the community feed is available for the images, but this might change in the future.

Where can I get the images and the documentation?

Björn Ricks: The Docker compose file for orchestrating the services is linked in the documentation, The Dockerfiles for building the Docker images can also be found on Github in the corresponding repositories, and are quite easy to download, for example: here.


Contact Free Trial Buy Here Back to Overview

Greenbone, the global leader in open source vulnerability management solutions, has launched a community portal for its user and developer community, making the extensive information available for community editions clearer and easier to access.

Who is the portal for?

At community.greenbone.net, vulnerability management experts invite users, developers and all IT professionals who are professionally involved in security and protection against hackers to browse forums, blogs, news and documentation and help shape the pages.

Central point of contact
“Our new Community Portal is the central place where users, experts, Greenbone employees and anyone else interested can meet and get up-to-the-minute information about the products, the company or new features,” explains Greenbone’s Community Manager DeeAnn Little: “We want the portal to be a home for the large, worldwide Greenbone community, with all the links and information anyone who works with our vulnerability management tools needs.”

What the new portal offers
For both Greenbone OpenVAS and the Greenbone Community Edition, you can find (under “Getting started“) numerous instructions on how to install and configure the community versions. In addition, there are news and updates, for example about the recently released Docker container releases of the Community Edition but also current figures about Greenbone installations on a world map and a completely revised forum with new categories and Blog.

For the community, with the community
“All this would not be possible without the numerous contributions from the Greenbone community, but at the same time this is only the first step,” explains Little: “In the future, we will also have our experts explain technical details and present new features here.

Greenbone invites the large community to give input and suggestions which topics are of relevance and interest for them Little explains:

“We welcome all input and all suggestions, ideas and ideas for improvement, which is exactly what the portal is here for. Send us your questions, any questions! What have we missed? What would you like to see? How can we make the portal, the forum and the new pages even better? What topics would you like to see – what should we report on?” You can leave your statement here, we will be glad to reveive it.

Greenbone Community Forum in a new look

Greenbone has also integrated the popular User Forum into the Community Portal. With the new look, it will continue to provide users of Greenbone’s software – regardless of their technical background – with a platform for ideas, mutual help, but also feedback.

“The forum is a place where users can meet and help each other as equals – it’s a place of exchange where we can always learn, too,” Little explains. “Whether it’s a beginner’s question, more in-depth howtos, or getting started guides, many a user will find help from experienced users in the forum, even in exotic setups.”


Contact Free Trial Buy Here Back to Overview