Archive 07/20/2021

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

IDBaseTempVulnerability0dayTodayExpRemCTICVE
1792636.05.7Oracle VM VirtualBox Core denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-2442
1792627.06.7Oracle VM VirtualBox Core Local Privilege Escalation$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-2454
1792617.37.0Oracle VM VirtualBox Core Local Privilege Escalation$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-2443
1792608.27.8Oracle VM VirtualBox Core Local Privilege Escalation$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-2409
1792599.69.2Oracle Secure Global Desktop Client Remote Code Execution$100k and more$25k-$100kNot DefinedOfficial Fix0.00CVE-2021-2446
1792589.99.5Oracle Secure Global Desktop Server Privilege Escalation$100k and more$25k-$100kNot DefinedOfficial Fix0.00CVE-2021-2447
1792573.93.8Oracle Solaris Kernel unknown vulnerability$5k-$25k$0-$5kNot DefinedOfficial Fix0.02CVE-2021-2381
1792565.95.7Oracle Fujitsu M10-1 glibc denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2016-4429
1792556.56.2Oracle StorageTek Tape Analytics SW Tool BSAFE Crypto-J information disclosure$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2019-3740
1792546.56.2Oracle StorageTek Tape Analytics SW Tool Spring Framework unknown vulnerability$5k-$25k$5k-$25kNot DefinedOfficial Fix0.04CVE-2020-5421
1792536.56.2Oracle Fujitsu M10-1 OpenSSL denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2018-0739
1792527.37.0Oracle Solaris Cluster Apache Commons BeanUtils deserialization$5k-$25k$0-$5kNot DefinedOfficial Fix0.08CVE-2019-10086
1792519.89.4Oracle StorageTek Tape Analytics SW Tool dom4j xml external entity reference$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2020-10683
1792509.89.4Oracle ZFS Storage Appliance Kit Operating System Image buffer overflow$100k and more$25k-$100kNot DefinedOfficial Fix0.02CVE-2021-3177
1792499.89.4Oracle Fujitsu M10-1 NTP out-of-bounds write$100k and more$25k-$100kNot DefinedOfficial Fix0.00CVE-2018-7183
1792489.89.4Oracle Fujitsu M10-1 libxml2 memory corruption$100k and more$25k-$100kNot DefinedOfficial Fix0.03CVE-2017-16931
1792479.89.4Oracle Fujitsu M10-1 NSS out-of-bounds write$100k and more$25k-$100kNot DefinedOfficial Fix0.04CVE-2017-5461
1792466.15.8Oracle OSS Support Tools jQuery cross site scripting$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2020-11023
1792455.95.7Oracle Agile PLM Apache Tomcat information disclosure$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-24122
1792446.56.2Oracle Agile PLM CKEditor denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.02CVE-2021-26272
1792437.57.2Oracle Transportation Management Apache Xerces2 Java Parser denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.08CVE-2012-0881
1792427.57.2Oracle Agile Engineering Data Management Apache Tomcat denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2020-13935
1792417.57.2Oracle Agile Engineering Data Management Apache Ant unknown vulnerability$5k-$25k$5k-$25kNot DefinedOfficial Fix0.04CVE-2020-11979
1792404.44.2Oracle Siebel Core Loging information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-2353
1792395.95.7Oracle Siebel CRM Siebel Core - Server Infrastructure information disclosure$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-2368
1792386.15.8Oracle Siebel Apps Email Marketing Stand-Alone unknown vulnerability$5k-$25k$5k-$25kNot DefinedOfficial Fix0.04CVE-2021-2338
1792377.57.2Oracle Siebel Core Zookeeper denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2017-5637
1792367.47.1Oracle Siebel Core Eclipse Jetty Local Privilege Escalation$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2020-27216
1792358.17.7Oracle Siebel Core jackson-databind deserialization$5k-$25k$5k-$25kNot DefinedOfficial Fix0.00CVE-2020-24750
1792346.76.4Oracle Retail Order Management System Cloud Service Apache Batik input validation$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-11987
1792336.76.4Oracle Retail Order Broker Apache Batik input validation$5k-$25k$0-$5kNot DefinedOfficial Fix0.08CVE-2020-11987
1792326.05.8Oracle Retail Customer Management and Segmentation Foundation Apache PDFbox iteration$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-27807
1792316.56.2Oracle Retail Customer Engagement Spring Framework unknown vulnerability$5k-$25k$5k-$25kNot DefinedOfficial Fix0.05CVE-2020-5421
1792307.37.0Oracle Retail Price Management Apache Commons BeanUtils deserialization$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2019-10086
1792297.37.0Oracle Retail Merchandising System Apache Commons BeanUtils deserialization$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2019-10086
1792287.47.1Oracle Retail Customer Management and Segmentation Foundation Hibernate sql injection$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-25638
1792277.57.2Oracle Retail Xstore Point of Service jackson-databind xml external entity reference$5k-$25k$0-$5kNot DefinedOfficial Fix0.06CVE-2020-25649
1792267.57.2Oracle Retail Xstore Point of Service Node.js denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2020-8277
1792257.57.2Oracle Retail Xstore Point of Service Apache Tomcat information disclosure$5k-$25k$0-$5kNot DefinedOfficial Fix0.06CVE-2020-17527
1792247.57.2Oracle Retail Service Backbone jackson-databind xml external entity reference$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-25649
1792237.57.2Oracle Retail Returns Management Spring Framework code download$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2020-5398
1792227.57.2Oracle Retail Point-of-Service Spring Framework code download$5k-$25k$0-$5kNot DefinedOfficial Fix0.02CVE-2020-5398
1792217.57.2Oracle Retail Merchandising System Apache Ant unknown vulnerability$5k-$25k$5k-$25kNot DefinedOfficial Fix0.04CVE-2020-11979
1792207.57.2Oracle Retail Central Office Spring Framework code download$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-5398
1792197.57.2Oracle Retail Back Office Spring Framework code download$5k-$25k$0-$5kNot DefinedOfficial Fix0.02CVE-2020-5398
1792187.87.5Oracle Retail Order Broker Spring Framework privileges management$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-22118
1792177.87.5Oracle Retail Integration Bus Spring Framework privileges management$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-22118
1792167.87.5Oracle Retail Financial Integration Spring Framework privileges management$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-22118
1792157.77.3Oracle Retail Merchandising System Spring Framework Privilege Escalation$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2020-5421
1792147.77.3Oracle Retail Customer Management and Segmentation Foundation Spring Framework Privilege Escalation$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2020-5421

Do you know our Splunk app?

Download it now for free!