Archive 09/13/2022

Type

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product

Microsoft Windows47
Siemens Parasolid20
Siemens Simcenter Femap20
Adobe InDesign17
Adobe Experience Manager12

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation

Official Fix169
Temporary Fix0
Workaround0
Unavailable0
Not Defined55

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High0
Functional0
Proof-of-Concept5
Unproven58
Not Defined161

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base

≤10
≤20
≤33
≤45
≤543
≤627
≤775
≤828
≤940
≤103

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤33
≤46
≤545
≤627
≤783
≤840
≤920
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day

<1k15
<2k67
<5k44
<10k16
<25k41
<50k11
<100k30
≥100k0

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today

<1k85
<2k45
<5k29
<10k27
<25k36
<50k2
<100k0
≥100k0

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

IDBaseTempVulnerability0dayTodayExpRemCTICVE
2085816.86.2Microsoft Windows SPNEGO Extended Negotiation information disclosure$25k-$100k$5k-$25kUnprovenOfficial Fix0.03CVE-2022-37958
2084848.17.6Microsoft Azure ARC/Azure Guest Configuration privileges management$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.00CVE-2022-38007
2084838.17.4Microsoft Windows Common Log File System Driver Privilege Escalation$25k-$100k$5k-$25kUnprovenOfficial Fix0.09CVE-2022-37969
2084825.85.3Microsoft Windows Event Tracing denial of service$5k-$25k$0-$5kUnprovenOfficial Fix0.03CVE-2022-35832
2084818.17.4Microsoft Windows Common Log File System Driver Privilege Escalation$25k-$100k$5k-$25kUnprovenOfficial Fix0.09CVE-2022-35803
2084808.17.6Microsoft Windows GDI Privilege Escalation$25k-$100k$5k-$25kProof-of-ConceptOfficial Fix0.03CVE-2022-34729
2084798.17.6Microsoft Windows Kerberos Remote Code Execution$25k-$100k$5k-$25kProof-of-ConceptOfficial Fix0.34CVE-2022-33679
2084788.17.1Microsoft Windows Kerberos Remote Code Execution$25k-$100k$5k-$25kUnprovenOfficial Fix0.12CVE-2022-33647
2084777.36.3Microsoft Windows Photo Import API race condition$25k-$100k$5k-$25kUnprovenOfficial Fix0.04CVE-2022-26928
2084765.85.3Microsoft Windows Graphics information disclosure$25k-$100k$5k-$25kUnprovenOfficial Fix0.00CVE-2022-38006
2084757.06.1Microsoft AV1 Video Extension Remote Code Execution$5k-$25k$0-$5kUnprovenOfficial Fix0.06CVE-2022-38019
2084745.14.7Microsoft Windows Remote Access Connection Manager information disclosure$25k-$100k$5k-$25kUnprovenOfficial Fix0.03CVE-2022-35831
2084738.17.4Microsoft Defender for Endpoint Privilege Escalation$5k-$25k$0-$5kUnprovenOfficial Fix0.03CVE-2022-35828
2084728.88.1Microsoft SharePoint Server Privilege Escalation$5k-$25k$0-$5kUnprovenOfficial Fix0.03CVE-2022-38008
2084718.68.0Microsoft Windows ODBC Driver Remote Code Execution$25k-$100k$5k-$25kUnprovenOfficial Fix0.03CVE-2022-34730
2084698.88.1Microsoft Windows OLE DB Provider for SQL Server Remote Code Execution$25k-$100k$5k-$25kUnprovenOfficial Fix0.00CVE-2022-35834
2084687.06.4Microsoft Visual Studio Code Remote Code Execution$5k-$25k$0-$5kUnprovenOfficial Fix0.06CVE-2022-38020
2084676.86.2Microsoft .NET Core/Visual Studio denial of service$5k-$25k$0-$5kUnprovenOfficial Fix0.04CVE-2022-38013
2084667.06.4Microsoft Windows Raw Image Extension Remote Code Execution$25k-$100k$5k-$25kUnprovenOfficial Fix0.05CVE-2022-38011
2084657.36.7Microsoft Office Visio Remote Code Execution$5k-$25k$0-$5kUnprovenOfficial Fix0.05CVE-2022-38010
2084648.88.1Microsoft SharePoint Server Privilege Escalation$5k-$25k$0-$5kUnprovenOfficial Fix0.05CVE-2022-38009
2084638.37.3Microsoft Windows Print Spooler Privilege Escalation$25k-$100k$5k-$25kUnprovenOfficial Fix0.03CVE-2022-38005
2084627.36.7Microsoft Windows Fax Service Remote Code Execution$25k-$100k$5k-$25kUnprovenOfficial Fix0.04CVE-2022-38004
2084618.17.4Microsoft Windows Kernel Privilege Escalation$25k-$100k$5k-$25kUnprovenOfficial Fix0.03CVE-2022-37964
2084607.06.1Microsoft Office Visio Remote Code Execution$5k-$25k$0-$5kUnprovenOfficial Fix0.04CVE-2022-37963
2084597.36.7Microsoft Office PowerPoint Remote Code Execution$5k-$25k$0-$5kUnprovenOfficial Fix0.08CVE-2022-37962
2084588.88.1Microsoft SharePoint Server Privilege Escalation$5k-$25k$0-$5kUnprovenOfficial Fix0.03CVE-2022-37961
2084575.85.3Microsoft Windows Network Device Enrollment Service information disclosure$25k-$100k$5k-$25kUnprovenOfficial Fix0.03CVE-2022-37959
2084568.17.4Microsoft Windows Kernel Privilege Escalation$25k-$100k$5k-$25kUnprovenOfficial Fix0.03CVE-2022-37957
2084558.17.4Microsoft Windows Kernel Privilege Escalation$25k-$100k$5k-$25kUnprovenOfficial Fix0.03CVE-2022-37956
2084548.17.4Microsoft Windows Group Policy Privilege Escalation$25k-$100k$5k-$25kUnprovenOfficial Fix0.04CVE-2022-37955
2084538.17.4Microsoft Windows DirectX Graphics Kernel privileges management$25k-$100k$5k-$25kUnprovenOfficial Fix0.03CVE-2022-37954
2084528.87.8Microsoft Windows Enterprise App Management Service privileges management$25k-$100k$5k-$25kProof-of-ConceptOfficial Fix0.03CVE-2022-35841
2084518.88.1Microsoft Windows OLE DB Provider for SQL Server Remote Code Execution$25k-$100k$5k-$25kUnprovenOfficial Fix0.06CVE-2022-35840
2084507.56.8Microsoft Windows HTTP V3 denial of service$5k-$25k$5k-$25kUnprovenOfficial Fix0.03CVE-2022-35838
2084494.64.1Microsoft Windows Graphics information disclosure$25k-$100k$5k-$25kUnprovenOfficial Fix0.00CVE-2022-35837
2084488.88.1Microsoft Windows OLE DB Provider for SQL Server code injection$25k-$100k$25k-$100kUnprovenOfficial Fix0.06CVE-2022-35836
2084478.88.1Microsoft Windows OLE DB Provider for SQL Server code injection$25k-$100k$25k-$100kUnprovenOfficial Fix0.06CVE-2022-35835
2084467.56.8Microsoft Windows Secure Channel denial of service$5k-$25k$5k-$25kUnprovenOfficial Fix0.07CVE-2022-35833
2084458.17.1Microsoft Windows Remote Procedure Call Runtime Remote Code Execution$25k-$100k$5k-$25kUnprovenOfficial Fix0.06CVE-2022-35830
2084448.57.4Microsoft SharePoint Privilege Escalation$5k-$25k$0-$5kUnprovenOfficial Fix0.04CVE-2022-35823
2084438.88.1Microsoft Dynamics CRM Privilege Escalation$5k-$25k$0-$5kUnprovenOfficial Fix0.03CVE-2022-35805
2084428.87.7Microsoft Windows ODBC Driver Remote Code Execution$25k-$100k$5k-$25kUnprovenOfficial Fix0.03CVE-2022-34734
2084418.88.1Microsoft Windows OLE DB Provider for SQL Server Remote Code Execution$25k-$100k$5k-$25kUnprovenOfficial Fix0.03CVE-2022-34733
2084408.68.0Microsoft Windows ODBC Driver Remote Code Execution$25k-$100k$5k-$25kUnprovenOfficial Fix0.06CVE-2022-34732
2084398.88.1Microsoft Windows OLE DB Provider for SQL Server Remote Code Execution$25k-$100k$5k-$25kUnprovenOfficial Fix0.03CVE-2022-34731
2084385.14.7Microsoft Windows Graphics information disclosure$25k-$100k$5k-$25kUnprovenOfficial Fix0.03CVE-2022-34728
2084378.88.1Microsoft Windows ODBC Driver Remote Code Execution$25k-$100k$5k-$25kUnprovenOfficial Fix0.03CVE-2022-34727
2084368.87.7Microsoft Windows ODBC Driver Remote Code Execution$25k-$100k$5k-$25kUnprovenOfficial Fix0.05CVE-2022-34726
2084357.26.5Microsoft Windows ALPC race condition$25k-$100k$5k-$25kUnprovenOfficial Fix0.07CVE-2022-34725

174 more entries are not shown

Do you know our Splunk app?

Download it now for free!