Archive 03/10/2020

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

IDBaseTempVulnerability0dayTodayExpRemCTICVE
1513936.76.4Microsoft Dynamics NAV/Dynamics 365 Business Central code injection$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-0905
1512995.75.7WSC Plugin cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2020-9440
1512987.47.4Metasys Extended Application XML Data xml external entity reference$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2020-9044
1512975.24.9Siemens Spectrum Power cross site scriting$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2020-7579
1512964.74.7SAP Fiori Launchpad Reflected cross site scriting$5k-$25k$0-$5kNot DefinedNot Defined0.03CVE-2020-6210
1512956.76.7SAP Disclosure Management privileges management$5k-$25k$5k-$25kNot DefinedNot Defined0.04CVE-2020-6209
1512946.26.2SAP Business Intelligence Platform code injection$5k-$25k$0-$5kNot DefinedNot Defined0.02CVE-2020-6208
1512939.19.1SAP Solution Manager privileges management$5k-$25k$5k-$25kNot DefinedNot Defined0.02CVE-2020-6207
1512924.74.7SAP Cloud Platform Error Message Reflected cross site scriting$5k-$25k$0-$5kNot DefinedNot Defined0.02CVE-2020-6206
1512915.45.4SAP NetWeaver AS ABAP Reflected cross site scriting$5k-$25k$0-$5kNot DefinedNot Defined0.00CVE-2020-6205
1512905.35.3SAP Treasury/Risk Management privileges management$5k-$25k$5k-$25kNot DefinedNot Defined0.00CVE-2020-6204
1512897.87.8SAP NetWeaver UDDI Server File API path traversal$5k-$25k$5k-$25kNot DefinedNot Defined0.06CVE-2020-6203
1512885.55.5SAP NetWeaver Application Server LDAP unknown vulnerability$5k-$25k$5k-$25kNot DefinedNot Defined0.02CVE-2020-6202
1512875.45.4SAP Commerce Reflected cross site scriting$5k-$25k$0-$5kNot DefinedNot Defined0.07CVE-2020-6201
1512864.74.7SAP Commerce AngularJS Template cross site scriting$5k-$25k$0-$5kNot DefinedNot Defined0.02CVE-2020-6200
1512855.95.9SAP ERP/EAPPGLO/S-4HANA/S4CORE View privileges management$5k-$25k$5k-$25kNot DefinedNot Defined0.02CVE-2020-6199
1512848.58.5SAP Solution Manager Diagnostics Agent missing encryption$5k-$25k$5k-$25kNot DefinedNot Defined0.02CVE-2020-6198
1512833.53.4SAP Enable Now Session Token information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.02CVE-2020-6197
1512826.46.4SAP BusinessObjects Mobile denial of service$5k-$25k$0-$5kNot DefinedNot Defined0.00CVE-2020-6196
1512814.84.6SAP Enable Now Session ID Cookie information disclosure$5k-$25k$0-$5kNot DefinedOfficial Fix0.02CVE-2020-6178
1512806.66.1dojox jqMix Prototype code injection$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2020-5259
1512796.66.1Dojo deepCopy Prototype code injection$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2020-5258
1512786.55.8NetHack hilite_status memory corruption$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-5254
1512776.55.8NetHack Configuration File privileges management$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2020-5253
1512764.74.7IBM InfoSphere Information Server Web UI cross site scripting$5k-$25k$0-$5kNot DefinedNot Defined0.02CVE-2020-4162
1512754.44.3Ramp AltitudeCDN Altimeter ipmapping.jsp Stored cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.02CVE-2020-10372
1512748.58.5SK Hynix/Micron/Samsung DDR4/LPDDR4 Rowhammer Target Row Refresh/TRRespass input validation$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2020-10255
1512734.44.2Google Android ActivityManagerService.java getProcessPss information disclosure$5k-$25k$0-$5kNot DefinedOfficial Fix0.02CVE-2020-0087
1512726.56.3Google Android Permission Check PanService.java setBluetoothTethering authorization$25k-$100k$5k-$25kNot DefinedOfficial Fix0.02CVE-2020-0085
1512716.56.3Google Android Permission Check NotificationManagerService.java authorization$25k-$100k$5k-$25kNot DefinedOfficial Fix0.03CVE-2020-0084
1512706.46.1Google Android sta_network.cpp setRequirePmfInternal denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2020-0083
1512696.56.3Google Android MediaTek Command Queue Driver out-of-bounds write$25k-$100k$5k-$25kNot DefinedOfficial Fix0.02CVE-2020-0069
1512685.85.6Google Android netlink Driver out-of-bounds write$25k-$100k$5k-$25kNot DefinedOfficial Fix0.03CVE-2020-0066
1512676.36.0Google Android Surfaceflinger privileges management$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2020-0063
1512666.46.1Google Android Euicc information disclosure$25k-$100k$5k-$25kNot DefinedOfficial Fix0.02CVE-2020-0062
1512654.44.2Google Android Pixel Recorder authorization$5k-$25k$0-$5kNot DefinedOfficial Fix0.02CVE-2020-0061
1512644.94.7Google Android SmsProvider.java query sql injection$25k-$100k$5k-$25kNot DefinedOfficial Fix0.02CVE-2020-0060
1512634.44.2Google Android btm_ble_batchscan.cc btm_ble_batchscan_filter_track_adv_vse_cback out-of-bounds read$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2020-0059
1512623.83.7Google Android l2c_main.cc l2c_rcv_acl_data out-of-bounds read$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-0058
1512614.44.2Google Android btm_inq.cc btm_process_inq_results out-of-bounds read$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-0057

Want to stay up to date on a daily basis?

Enable the mail alert feature now!