NIS 2 Art. 21.2(a)
Risk analysis and information system security policies
UnveilScan findings mapped to this control
The scanner emits 5 distinct findings on this control. Click "Scan a domain" below to see which of them currently apply to your site, with copy-paste remediation snippets (nginx, Apache, DNS BIND, web-server config).
web.drupal_outdated_core
⏱ 4h
WEB — Drupal outdated core
Risk if ignored: Drupal majors hit End-of-Life on a fixed calendar (D7/D8/D9 all EOL). The Drupalgeddon CVE family specifically targets unpatched cores, and core SQLi / RCE bugs surface every few months in supported branches too.
security operational
web.joomla_outdated_core
⏱ 4h
WEB — Joomla outdated core
Risk if ignored: Joomla 3.x is EOL since 2023-08 (no security patches). Joomla 4.x EOL is scheduled mid-2027. Outdated cores accumulate unpatched CVEs in core + bundled extensions.
security operational
web.magento_outdated_core
⏱ 18 weeks
WEB — Magento outdated core
Risk if ignored: Magento 1 is EOL since 2020-06-30 — no Adobe patches. Several large-scale Magecart breaches (Sansec CardBleed, others) specifically targeted unpatched M1 hosts. PCI-DSS compliance is impossible on an unsupported platform.
security financial legal
web.prestashop_outdated_core
⏱ 1 day
WEB — Prestashop outdated core
Risk if ignored: PrestaShop 1.6 / 1.7 are EOL. Several SmartBlog / WeBuy SQLi + RCE CVEs from 2022-2024 specifically targeted outdated installs. Card skimmer injections are the dominant exploitation outcome.
security financial
web.wp_outdated_core
⏱ 30 min
WEB — Wp outdated core
Risk if ignored: Outdated WP core ships unpatched CVEs disclosed in subsequent releases. Most exploited WP CVEs target installs that lag a single minor version. If auto-updates are off, every fortnight increases exposure.
security operational