Archive 08/09/2022

Type

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product

Microsoft Windows61
Microsoft Azure Site Recovery VMWare to Azure34
Microsoft Azure Real Time Operating System GUIX St ...8
OpenEMR6
Microsoft Exchange Server5

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation

Official Fix144
Temporary Fix0
Workaround1
Unavailable0
Not Defined32

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High0
Functional1
Proof-of-Concept57
Unproven70
Not Defined49

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base

≤10
≤20
≤31
≤415
≤516
≤616
≤744
≤840
≤942
≤103

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤32
≤417
≤518
≤618
≤751
≤864
≤97
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day

<1k24
<2k19
<5k16
<10k12
<25k48
<50k16
<100k42
≥100k0

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today

<1k46
<2k19
<5k49
<10k18
<25k45
<50k0
<100k0
≥100k0

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

IDBaseTempVulnerability0dayTodayExpRemCTICVE
2060098.07.5Microsoft Visual Studio Remote Code Execution$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.08CVE-2022-35827
2060088.07.5Microsoft Visual Studio Remote Code Execution$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.00CVE-2022-35826
2060077.56.8Microsoft Visual Studio Remote Code Execution$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.04CVE-2022-35825
2060067.26.6Microsoft Azure Site Recovery VMWare to Azure Privilege Escalation$5k-$25k$0-$5kUnprovenOfficial Fix0.04CVE-2022-35824
2060053.73.5Microsoft Azure Sphere information disclosure$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.09CVE-2022-35821
2060048.17.4Microsoft Windows Bluetooth Driver Privilege Escalation$25k-$100k$5k-$25kUnprovenOfficial Fix0.04CVE-2022-35820
2060036.96.2Microsoft Azure Site Recovery VMWare to Azure Privilege Escalation$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.00CVE-2022-35819
2060026.76.3Microsoft Azure Site Recovery VMWare to Azure Privilege Escalation$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.00CVE-2022-35818
2060016.76.3Microsoft Azure Site Recovery VMWare to Azure Privilege Escalation$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.00CVE-2022-35817
2060006.76.3Microsoft Azure Site Recovery VMWare to Azure Privilege Escalation$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.00CVE-2022-35816
2059996.76.3Microsoft Azure Site Recovery VMWare to Azure Privilege Escalation$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.00CVE-2022-35815
2059986.76.3Microsoft Azure Site Recovery VMWare to Azure Privilege Escalation$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.00CVE-2022-35814
2059976.76.3Microsoft Azure Site Recovery VMWare to Azure Privilege Escalation$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.00CVE-2022-35813
2059963.33.0Microsoft Azure Site Recovery VMWare to Azure information disclosure$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.08CVE-2022-35812
2059956.76.3Microsoft Azure Site Recovery VMWare to Azure Privilege Escalation$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.08CVE-2022-35811
2059946.76.3Microsoft Azure Site Recovery VMWare to Azure Privilege Escalation$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.08CVE-2022-35810
2059936.76.3Microsoft Azure Site Recovery VMWare to Azure Privilege Escalation$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.00CVE-2022-35809
2059926.96.2Microsoft Azure Site Recovery VMWare to Azure Privilege Escalation$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.08CVE-2022-35808
2059916.76.3Microsoft Azure Site Recovery VMWare to Azure Privilege Escalation$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.00CVE-2022-35807
2059907.87.3Microsoft Azure Real Time Operating System GUIX Studio Local Privilege Escalation$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.00CVE-2022-35806
2059898.88.1Microsoft Windows SMB Remote Code Execution$25k-$100k$5k-$25kUnprovenOfficial Fix0.09CVE-2022-35804
2059888.37.6Microsoft Azure Site Recovery VMWare to Azure Privilege Escalation$5k-$25k$0-$5kUnprovenOfficial Fix0.00CVE-2022-35802
2059876.76.3Microsoft Azure Site Recovery VMWare to Azure Privilege Escalation$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.09CVE-2022-35801
2059863.83.4Microsoft Azure Site Recovery VMWare to Azure information disclosure$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.96CVE-2022-35800
2059856.76.3Microsoft Azure Site Recovery VMWare to Azure Privilege Escalation$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.90CVE-2022-35799
2059846.55.6Microsoft Windows Hello Security Local Privilege Escalation$5k-$25k$5k-$25kUnprovenOfficial Fix0.00CVE-2022-35797
2059838.17.4Microsoft Windows Error Reporting Service Privilege Escalation$25k-$100k$5k-$25kUnprovenOfficial Fix0.03CVE-2022-35795
2059828.17.1Microsoft Windows Secure Socket Tunneling Protocol Remote Code Execution$25k-$100k$5k-$25kUnprovenOfficial Fix0.03CVE-2022-35794
2059817.87.1Microsoft Windows Print Spooler Privilege Escalation$25k-$100k$5k-$25kUnprovenOfficial Fix0.03CVE-2022-35793
2059808.17.4Microsoft Windows Storage Spaces Privilege Escalation$25k-$100k$5k-$25kUnprovenOfficial Fix0.03CVE-2022-35792
2059796.76.3Microsoft Azure Site Recovery VMWare to Azure Privilege Escalation$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.09CVE-2022-35791
2059786.76.3Microsoft Azure Site Recovery VMWare to Azure Privilege Escalation$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.00CVE-2022-35790
2059776.76.3Microsoft Azure Site Recovery VMWare to Azure Privilege Escalation$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.08CVE-2022-35789
2059766.76.3Microsoft Azure Site Recovery VMWare to Azure Privilege Escalation$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.08CVE-2022-35788
2059754.23.9Microsoft Azure Site Recovery VMWare to Azure information disclosure$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.04CVE-2022-35787
2059746.76.3Microsoft Azure Site Recovery VMWare to Azure Privilege Escalation$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.76CVE-2022-35786
2059736.76.3Microsoft Azure Site Recovery VMWare to Azure Privilege Escalation$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.00CVE-2022-35785
2059726.96.2Microsoft Azure Site Recovery VMWare to Azure Privilege Escalation$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.48CVE-2022-35784
2059713.73.5Microsoft Azure Site Recovery VMWare to Azure information disclosure$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.43CVE-2022-35783
2059706.76.3Microsoft Azure Site Recovery VMWare to Azure Privilege Escalation$5k-$25k$0-$5kProof-of-ConceptOfficial Fix1.47CVE-2022-35782
2059696.76.3Microsoft Azure Site Recovery VMWare to Azure Privilege Escalation$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.44CVE-2022-35781
2059686.76.3Microsoft Azure Site Recovery VMWare to Azure Privilege Escalation$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.08CVE-2022-35780
2059677.87.3Microsoft Azure Real Time Operating System GUIX Studio code injection$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.20CVE-2022-35779
2059667.56.8Microsoft Visual Studio Remote Code Execution$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.00CVE-2022-35777
2059656.46.0Microsoft Azure Site Recovery VMWare to Azure denial of service$0-$5k$0-$5kProof-of-ConceptOfficial Fix1.55CVE-2022-35776
2059646.76.3Microsoft Azure Site Recovery VMWare to Azure Privilege Escalation$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.08CVE-2022-35775
2059634.23.9Microsoft Azure Site Recovery VMWare to Azure information disclosure$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.04CVE-2022-35774
2059627.87.3Microsoft Azure Real Time Operating System GUIX Studio code injection$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.03CVE-2022-35773
2059617.26.6Microsoft Azure Site Recovery VMWare to Azure code injection$5k-$25k$0-$5kUnprovenOfficial Fix0.05CVE-2022-35772
2059608.37.3Microsoft Windows Defender Credential Guard Privilege Escalation$25k-$100k$5k-$25kUnprovenOfficial Fix0.08CVE-2022-35771

127 more entries are not shown

Might our Artificial Intelligence support you?

Check our Alexa App!