Exploit Prices 10/19/2021

Type

Not Defined135
Cloud Software82
Database Software75
Banking Software34
Enterprise Resource Planning Software27

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Remediation

Official Fix451
Temporary Fix0
Workaround0
Unavailable0
Not Defined18

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High0
Functional0
Proof-of-Concept3
Unproven0
Not Defined466

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Lang

The automatization and the exploitation of a security vulnerability is called an exploit. It is possible to determine the popularity and availability of programming languages used for creating such exploits.

CVSSv3 Base

≤10
≤21
≤37
≤418
≤553
≤6125
≤753
≤8114
≤964
≤1034

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤21
≤38
≤417
≤554
≤6133
≤758
≤8131
≤934
≤1033

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day

<1k20
<2k19
<5k95
<10k122
<25k152
<50k23
<100k19
≥100k19

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today

<1k130
<2k117
<5k123
<10k60
<25k10
<50k29
<100k0
≥100k0

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

Published0dayTodayTrVulnerabilityExpLangURLCTICVE
10/19/2021$100k and more$25k-$100kOracle Essbase Administration Services Remote Code ExecutionNot Defined
 
 
0.08CVE-2021-35652
10/19/2021$100k and more$25k-$100kOracle Communications Pricing Design Center Python buffer overflowNot Defined
 
 
0.03CVE-2021-3177
10/19/2021$100k and more$25k-$100kOracle Communications Diameter Signaling Router gSOAP integer overflowNot Defined
 
 
0.00CVE-2021-21783
10/19/2021$100k and more$25k-$100kOracle Communications EAGLE LNP Application Processor gSOAP integer overflowNot Defined
 
 
0.07CVE-2021-21783
10/19/2021$100k and more$25k-$100kOracle Communications Element Manager Apache ActiveMQ Remote Code ExecutionNot Defined
 
 
0.06CVE-2020-11998
10/19/2021$100k and more$25k-$100kOracle Communications Policy Management Apache Struts2 Remote Code ExecutionNot Defined
 
 
0.05CVE-2020-17530
10/19/2021$100k and more$25k-$100kOracle Tekelec Virtual Operating Environment gSOAP integer overflowNot Defined
 
 
0.04CVE-2021-21783
10/19/2021$100k and more$25k-$100kOracle Enterprise Manager Ops Center Apache HTTP Server out-of-bounds writeNot Defined
 
 
0.05CVE-2021-26691
10/19/2021$100k and more$25k-$100kOracle ZFS Storage Appliance Kit Operating System Image out-of-bounds writeNot Defined
 
 
0.04CVE-2021-26691
10/19/2021$100k and more$25k-$100kOracle MySQL Server OpenSSL buffer overflowNot Defined
 
 
0.00CVE-2021-3711
10/19/2021$100k and more$25k-$100kOracle Communications Session Route Manager Apache ActiveMQ Remote Code ExecutionNot Defined
 
 
0.00CVE-2020-11998
10/19/2021$100k and more$25k-$100kOracle Instantis EnterpriseTrack Apache HTTP Server out-of-bounds writeNot Defined
 
 
0.05CVE-2021-26691
10/19/2021$100k and more$25k-$100kOracle WebLogic Server Coherence Container Remote Code ExecutionNot Defined
 
 
0.00CVE-2021-35617
10/19/2021$100k and more$25k-$100kOracle Communications LSMS gSOAP integer overflowNot Defined
 
 
0.00CVE-2021-21783
10/19/2021$100k and more$25k-$100kOracle Communications Session Report Manager Apache ActiveMQ Remote Code ExecutionNot Defined
 
 
0.00CVE-2020-11998
10/19/2021$100k and more$25k-$100kOracle Communications Control Plane Monitor nginx off-by-oneNot Defined
 
 
0.06CVE-2021-23017
10/19/2021$100k and more$25k-$100kOracle Communications Fraud Monitor nginx off-by-oneNot Defined
 
 
0.04CVE-2021-23017
10/19/2021$100k and more$25k-$100kOracle Communications Operations Monitor nginx off-by-oneNot Defined
 
 
0.05CVE-2021-23017
10/19/2021$100k and more$25k-$100kOracle Enterprise Telephony Fraud Monitor nginx off-by-oneNot Defined
 
 
0.05CVE-2021-23017
10/19/2021$25k-$100k$25k-$100kOracle Banking Virtual Account Management Spring Integration deserializationNot Defined
 
 
0.06CVE-2020-5413
10/19/2021$25k-$100k$25k-$100kOracle Healthcare Data Repository Nimbus JOSE+JWT exceptional conditionNot Defined
 
 
0.00CVE-2019-17195
10/19/2021$25k-$100k$25k-$100kOracle Insurance Policy Administration Nimbus JOSE+JWT exceptional conditionNot Defined
 
 
0.00CVE-2019-17195
10/19/2021$25k-$100k$25k-$100kOracle Banking Corporate Lending Process Management Spring Integration deserializationNot Defined
 
 
0.07CVE-2020-5413
10/19/2021$25k-$100k$25k-$100kOracle Banking Supply Chain Finance Spring Integration deserializationNot Defined
 
 
0.09CVE-2020-5413
10/19/2021$25k-$100k$25k-$100kOracle Communications Diameter Signaling Router PHP code injectionNot Defined
 
 
0.05CVE-2017-9841
10/19/2021$25k-$100k$25k-$100kOracle WebLogic Server slf4j-ext deserializationNot Defined
 
 
0.07CVE-2018-8088
10/19/2021$25k-$100k$25k-$100kOracle Banking Credit Facilities Process Management Spring Integration deserializationNot Defined
 
 
0.08CVE-2020-5413
10/19/2021$25k-$100k$25k-$100kOracle Documaker Apache Commons FileUpload access controlNot Defined
 
 
0.00CVE-2016-1000031
10/19/2021$25k-$100k$25k-$100kOracle MySQL Cluster Node.js input validationNot Defined
 
 
0.05CVE-2021-22931
10/19/2021$25k-$100k$5k-$25kOracle Communications Policy Management XStream code injectionNot Defined
 
 
0.05CVE-2021-21345
10/19/2021$25k-$100k$5k-$25kOracle Banking Virtual Account Management XStream code injectionNot Defined
 
 
0.05CVE-2021-21345
10/19/2021$25k-$100k$5k-$25kOracle PeopleSoft Enterprise PeopleTools XMLBeans xml entity expansionNot Defined
 
 
0.03CVE-2021-23926
10/19/2021$25k-$100k$5k-$25kApple iOS/iPadOS state issueNot Defined
 
 
0.00CVE-2021-30820
10/19/2021$25k-$100k$5k-$25kOracle FLEXCUBE Core Banking dom4j xml external entity referenceNot Defined
 
 
0.00CVE-2020-10683
10/19/2021$25k-$100k$5k-$25kOracle WebCenter Sites Terracotta Quartz Scheduler xml external entity referenceNot Defined
 
 
0.08CVE-2019-13990
10/19/2021$25k-$100k$5k-$25kOracle Documaker Terracotta Quartz Scheduler xml external entity referenceNot Defined
 
 
0.06CVE-2019-13990
10/19/2021$25k-$100k$5k-$25kOracle Documaker dom4j xml external entity referenceNot Defined
 
 
0.07CVE-2020-10683
10/19/2021$25k-$100k$5k-$25kOracle Java SE Deployment Remote Code ExecutionNot Defined
 
 
0.08CVE-2021-35560
10/19/2021$25k-$100k$5k-$25kOracle Java SE libxml out-of-bounds writeNot Defined
 
 
0.11CVE-2021-3517
10/19/2021$25k-$100k$5k-$25kOracle Java SE Keytool unknown vulnerabilityNot Defined
 
 
0.04CVE-2021-35564

429 more entries are not shown

Do you know our Splunk app?

Download it now for free!