Exploit Prices 09/16/2021

Type

Not Defined42
Content Management System18
Cloud Software4
Web Server4
Asset Management Software4

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Remediation

Official Fix45
Temporary Fix0
Workaround1
Unavailable0
Not Defined50

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High0
Functional0
Proof-of-Concept1
Unproven0
Not Defined95

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Lang

The automatization and the exploitation of a security vulnerability is called an exploit. It is possible to determine the popularity and availability of programming languages used for creating such exploits.

CVSSv3 Base

≤10
≤20
≤32
≤419
≤522
≤625
≤719
≤84
≤93
≤102

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤33
≤418
≤522
≤627
≤717
≤86
≤91
≤102

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day

<1k18
<2k28
<5k27
<10k9
<25k11
<50k2
<100k1
≥100k0

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today

<1k45
<2k28
<5k18
<10k2
<25k1
<50k2
<100k0
≥100k0

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

Published0dayTodayTrVulnerabilityExpLangURLCTICVE
09/16/2021$25k-$100k$0-$5kMicrosoft Windows Command Line cmd.exe stack-based overflowProof-of-Concept
 
Link0.05
09/16/2021$25k-$100k$25k-$100kApache HTTP Server ap_escape_quotes buffer overflowNot Defined
 
 
0.37CVE-2021-39275
09/16/2021$25k-$100k$25k-$100kApache HTTP Server mod_proxy server-side request forgeryNot Defined
 
 
1.06CVE-2021-40438
09/16/2021$5k-$25k$0-$5kSAP BusinessObjects Business Intelligence Platform unknown vulnerabilityNot Defined
 
 
0.06CVE-2021-33697
09/16/2021$5k-$25k$0-$5kSAP NetWeaver Portal Iviews Editor server-side request forgeryNot Defined
 
 
0.00CVE-2021-33705
09/16/2021$5k-$25k$5k-$25kApache HTTP Server mod_proxy_uwsgi out-of-bounds readNot Defined
 
 
0.05CVE-2021-36160
09/16/2021$5k-$25k$0-$5kIBM WebSphere Application Server/Liberty information exposureNot Defined
 
 
0.05CVE-2021-29842
09/16/2021$5k-$25k$0-$5kOpenSSH Login Session information exposureNot Defined
 
 
0.18CVE-2016-20012
09/16/2021$5k-$25k$0-$5kIBM Security Guardium resource injectionNot Defined
 
 
0.00CVE-2021-29773
09/16/2021$5k-$25k$0-$5kSAP Business One unrestricted uploadNot Defined
 
 
0.08CVE-2021-33698
09/16/2021$5k-$25k$0-$5kSAP Business One Service Layer authorizationNot Defined
 
 
0.00CVE-2021-33704
09/16/2021$5k-$25k$0-$5kSAP NetWeaver Development Infrastructure Query server-side request forgeryNot Defined
 
 
0.00CVE-2021-33690
09/16/2021$5k-$25k$0-$5kSAP Cloud Connector Configuration File os command injectionNot Defined
 
 
0.05CVE-2021-33693
09/16/2021$5k-$25k$5k-$25kApache HTTP Server null pointer dereferenceNot Defined
 
 
0.18CVE-2021-34798
09/16/2021$5k-$25k$0-$5kSAP DMIS Mobile Plug-In/SHANA NDZT Tool sql injectionNot Defined
 
 
0.07CVE-2021-33701
09/16/2021$5k-$25k$5k-$25kApache Jena XML xml external entity referenceNot Defined
 
 
0.00CVE-2021-39239
09/16/2021$5k-$25k$0-$5kSAP Cloud Connector Backend Communication certificate validationNot Defined
 
 
0.00CVE-2021-33695
09/16/2021$5k-$25k$0-$5kIBM DB2 information disclosureNot Defined
 
 
0.05CVE-2021-29825
09/16/2021$5k-$25k$0-$5kIBM Security Guardium information disclosureNot Defined
 
 
0.05CVE-2021-20433
09/16/2021$5k-$25k$0-$5kSAP Cloud Connector Backup ZIP File path traversalNot Defined
 
 
0.05CVE-2021-33692
09/16/2021$5k-$25k$0-$5kIBM QRadar SIEM inadequate encryptionNot Defined
 
 
0.05CVE-2021-29750
09/16/2021$5k-$25k$0-$5kSAP NetWeaver Development Infrastructure NWDI Notification Service cross site scriptingNot Defined
 
 
0.05CVE-2021-33691
09/16/2021$5k-$25k$0-$5kApache Tomcat TLS Packet infinite loopNot Defined
 
 
0.05CVE-2021-41079
09/16/2021$0-$5k$0-$5kSAP BusinessObjects Business Intelligence Platform cross site scriptingNot Defined
 
 
0.04CVE-2021-33696
09/16/2021$0-$5k$0-$5kIBM DB2 information disclosureNot Defined
 
 
0.00CVE-2021-29752
09/16/2021$0-$5k$0-$5kSAP Business One authentication bypassNot Defined
 
 
0.07CVE-2021-33700
09/16/2021$0-$5k$0-$5kPanorama TSSServiSign Registry permissionNot Defined
 
 
0.06CVE-2021-37909
09/16/2021$0-$5k$0-$5kHGiga OAKlouds Mobile Portal Network Interface Card Setting Page os command injectionNot Defined
 
 
0.07CVE-2021-37913
09/16/2021$0-$5k$0-$5kSAP Cloud Connector cross site scriptingNot Defined
 
 
0.00CVE-2021-33694
09/16/2021$0-$5k$0-$5kAutodesk Navisworks PDF File memory corruptionNot Defined
 
 
0.06CVE-2021-27046
09/16/2021$0-$5k$0-$5kAutodesk FBX Review DLL File out-of-bounds writeNot Defined
 
 
0.06CVE-2021-27044
09/16/2021$0-$5k$0-$5kHGiga OAKlouds Mobile Portal Network Interface Card Setting Page os command injectionNot Defined
 
 
0.04CVE-2021-37912
09/16/2021$0-$5k$0-$5kXiaomi AX3600 meshd command injectionNot Defined
 
 
0.05CVE-2020-14109
09/16/2021$0-$5k$0-$5kXiaomi AX3600 xqnetwork.lua command injectionNot Defined
 
 
0.07CVE-2020-14119
09/16/2021$0-$5k$0-$5kmitmproxy request smugglingNot Defined
 
 
0.04CVE-2021-39214
09/16/2021$0-$5k$0-$5ksemver-regex incorrect regexNot Defined
 
 
0.05CVE-2021-3795
09/16/2021$0-$5k$0-$5kMyLittleBackup Management Tool web.config code injectionNot Defined
 
 
0.07CVE-2021-39392
09/16/2021$0-$5k$0-$5kJfinal CMS FileManagerController.java FileManager.delete access controlNot Defined
 
 
0.05CVE-2020-19150
09/16/2021$0-$5k$0-$5kJfinal CMS HTML Template File list command injectionNot Defined
 
 
0.00CVE-2020-19151
09/16/2021$0-$5k$0-$5kJfinal CMS FileManagerController.java FileManager.rename access controlNot Defined
 
 
0.00CVE-2020-19155
09/16/2021$0-$5k$0-$5kGLPI API REST injectionNot Defined
 
 
0.00CVE-2021-39213
09/16/2021$0-$5k$0-$5kRGCMS Privilege EscalationNot Defined
 
 
0.00CVE-2020-21480
09/16/2021$0-$5k$0-$5kYouseries UReport File Creation Privilege EscalationNot Defined
 
 
0.05CVE-2020-21125
09/16/2021$0-$5k$0-$5kPublicCMS BAT File Parameter Privilege EscalationNot Defined
 
 
0.00CVE-2021-40881
09/16/2021$0-$5k$0-$5kXiaomi AX3600 Interface librsa.so getwifipwdurl buffer overflowNot Defined
 
 
0.05CVE-2020-14124
09/16/2021$0-$5k$0-$5kJfinal CMS FileManagerController.java FileManager.editFile access controlNot Defined
 
 
0.05CVE-2020-19154
09/16/2021$0-$5k$0-$5kJfinal CMS FileManager.java getFolder access controlNot Defined
 
 
0.06CVE-2020-19147
09/16/2021$0-$5k$0-$5kJfinal CMS list access controlNot Defined
 
 
0.07CVE-2020-19146
09/16/2021$0-$5k$0-$5kGLPI Autologin Cookie cookie without 'httponly' flagNot Defined
 
 
0.05CVE-2021-39210
09/16/2021$0-$5k$0-$5kAtlassian JIRA Server/Data Center Service Management Addon injectionNot Defined
 
 
0.09CVE-2021-39128

46 more entries are not shown

Interested in the pricing of exploits?

See the underground prices here!