Exploit Prices 05/07/2022

Type

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Remediation

Official Fix44
Temporary Fix0
Workaround0
Unavailable0
Not Defined11

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High0
Functional0
Proof-of-Concept0
Unproven0
Not Defined55

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Lang

The automatization and the exploitation of a security vulnerability is called an exploit. It is possible to determine the popularity and availability of programming languages used for creating such exploits.

CVSSv3 Base

≤10
≤20
≤34
≤45
≤512
≤68
≤721
≤84
≤91
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤34
≤45
≤512
≤610
≤719
≤84
≤91
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day

<1k13
<2k18
<5k8
<10k15
<25k1
<50k0
<100k0
≥100k0

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today

<1k35
<2k19
<5k1
<10k0
<25k0
<50k0
<100k0
≥100k0

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

Published0dayTodayTrVulnerabilityExpLangURLCTICVE
05/07/2022$5k-$25k$0-$5kIBM Guardium Data Encryption another encoding errorNot Defined
 
 
0.07CVE-2021-39027
05/07/2022$5k-$25k$0-$5kAdobe Photoshop U3D File out-of-bounds writeNot Defined
 
 
0.03CVE-2022-24105
05/07/2022$5k-$25k$0-$5kAdobe After Effects File stack-based overflowNot Defined
 
 
0.00CVE-2022-27784
05/07/2022$5k-$25k$0-$5kAdobe Photoshop PDF File use after freeNot Defined
 
 
0.07CVE-2022-28271
05/07/2022$5k-$25k$0-$5kAdobe Photoshop File out-of-bounds writeNot Defined
 
 
0.03CVE-2022-28272
05/07/2022$5k-$25k$0-$5kAdobe Photoshop out-of-bounds writeNot Defined
 
 
0.07CVE-2022-23205
05/07/2022$5k-$25k$0-$5kAdobe After Effects File stack-based overflowNot Defined
 
 
0.03CVE-2022-27783
05/07/2022$5k-$25k$0-$5kAdobe Photoshop File out-of-bounds writeNot Defined
 
 
0.03CVE-2022-28273
05/07/2022$5k-$25k$0-$5kAdobe Photoshop File out-of-bounds writeNot Defined
 
 
0.03CVE-2022-28275
05/07/2022$5k-$25k$0-$5kAdobe Photoshop File out-of-bounds writeNot Defined
 
 
0.03CVE-2022-28276
05/07/2022$5k-$25k$0-$5kAdobe Photoshop PDF File out-of-bounds writeNot Defined
 
 
0.07CVE-2022-28277
05/07/2022$5k-$25k$0-$5kAdobe Photoshop File out-of-bounds writeNot Defined
 
 
0.07CVE-2022-28278
05/07/2022$5k-$25k$0-$5kAdobe Photoshop File use after freeNot Defined
 
 
0.10CVE-2022-28279
05/07/2022$5k-$25k$0-$5kAdobe Photoshop SVG File out-of-bounds writeNot Defined
 
 
0.03CVE-2022-28270
05/07/2022$5k-$25k$0-$5kAdobe Photoshop PCX File Parser input validationNot Defined
 
 
0.03CVE-2022-24098
05/07/2022$5k-$25k$0-$5kIBM Guardium Data Encryption information exposureNot Defined
 
 
0.00CVE-2021-39023
05/07/2022$0-$5k$0-$5kAdobe Photoshop out-of-bounds readNot Defined
 
 
0.10CVE-2022-24099
05/07/2022$0-$5k$0-$5kAdobe Photoshop File Parser out-of-bounds readNot Defined
 
 
0.03CVE-2022-28274
05/07/2022$0-$5k$0-$5kSplunk Enterprise Search Parameter injectionNot Defined
 
 
0.07CVE-2022-26889
05/07/2022$0-$5k$0-$5kHCL BigFix Platform HTTP Header unknown vulnerabilityNot Defined
 
 
0.04CVE-2021-27762
05/07/2022$0-$5k$0-$5kBrocade SANNav Role-Based Access Control access controlNot Defined
 
 
0.03CVE-2022-28165
05/07/2022$0-$5k$0-$5kSplunk Enterprise Node Default Path uncontrolled search pathNot Defined
 
 
0.10CVE-2021-42743
05/07/2022$0-$5k$0-$5kcharm HTTP Request server-side request forgeryNot Defined
 
 
0.03CVE-2022-29180
05/07/2022$0-$5k$0-$5kGuru Extension permissionNot Defined
 
 
0.07CVE-2022-23802
05/07/2022$0-$5k$0-$5kCountdown & Clock Plugin Pro Features Lock access controlNot Defined
 
 
0.20CVE-2022-29423
05/07/2022$0-$5k$0-$5kBrocade SANnav Zone Management sql injectionNot Defined
 
 
0.04CVE-2022-28163
05/07/2022$0-$5k$0-$5kTwelveMonkeys XML Parser xml external entity referenceNot Defined
 
 
0.07CVE-2021-23792
05/07/2022$0-$5k$0-$5kKeylime Agent Registrar Data input validationNot Defined
 
 
0.10CVE-2022-1053
05/07/2022$0-$5k$0-$5ktopthink Framework Driver Class deserializationNot Defined
 
 
0.13CVE-2021-23592
05/07/2022$0-$5k$0-$5kTecson Tankspion Endpoint improper authenticationNot Defined
 
 
0.10CVE-2019-12254
05/07/2022$0-$5k$0-$5kSplunk Enterprise S2S TCP Token Authentication authentication bypassNot Defined
 
 
0.04CVE-2021-31559
05/07/2022$0-$5k$0-$5kSplunk Enterprise DUO MFA improper authenticationNot Defined
 
 
0.07CVE-2021-26253
05/07/2022$0-$5k$0-$5kHCL Commerce session expirationNot Defined
 
 
0.04CVE-2021-27751
05/07/2022$0-$5k$0-$5kSplunk Enterprise REST API information exposureNot Defined
 
 
0.06CVE-2021-33845
05/07/2022$0-$5k$0-$5kKeepKey Bootloader supervise.c svhandler_flash_* Local Privilege EscalationNot Defined
 
 
0.19CVE-2022-30330
05/07/2022$0-$5k$0-$5kBrave Browser Private Window with Tor Connectivity information disclosureNot Defined
 
 
0.03CVE-2022-30334
05/07/2022$0-$5k$0-$5kHCL BigFix Platform API Installer privileges managementNot Defined
 
 
0.03CVE-2021-27765
05/07/2022$0-$5k$0-$5kHCL BigFix Platform Console Installer privileges managementNot Defined
 
 
0.10CVE-2021-27767
05/07/2022$0-$5k$0-$5kHCL BigFix Platform Client Installer privileges managementNot Defined
 
 
0.07CVE-2021-27766
05/07/2022$0-$5k$0-$5kHCL BigFix WebUI missing secure attributeNot Defined
 
 
0.07CVE-2021-27764
05/07/2022$0-$5k$0-$5kjDownloads information disclosureNot Defined
 
 
0.26CVE-2022-27909
05/07/2022$0-$5k$0-$5kSplunk Enterprise Pre-Authentication Cookie information exposureNot Defined
 
 
0.16CVE-2022-26070
05/07/2022$0-$5k$0-$5kHCL BigFix Platform Web Transport Security inadequate encryptionNot Defined
 
 
0.00CVE-2021-27761
05/07/2022$0-$5k$0-$5kAdam Skaat Countdown & Clock Plugin cross site scriptingNot Defined
 
 
0.10CVE-2022-29421
05/07/2022$0-$5k$0-$5kHCL BigFix Inventory HTTP Request cross-site request forgeryNot Defined
 
 
0.04CVE-2021-27759
05/07/2022$0-$5k$0-$5kSplunk Enterprise Monitoring Console App cross site scriptingNot Defined
 
 
0.10CVE-2022-27183
05/07/2022$0-$5k$0-$5kHCL BigFix Inventory cross-site request forgeryNot Defined
 
 
0.16CVE-2021-27758
05/07/2022$0-$5k$0-$5kbignum v8 denial of serviceNot Defined
 
 
0.05CVE-2022-25324
05/07/2022$0-$5k$0-$5kAndrea Pernici News Sitemap for Google Plugin cross site scriptingNot Defined
 
 
0.11CVE-2021-36912
05/07/2022$0-$5k$0-$5kDragon Path Bharti Airtel Routers Hardware BDT-121 Admin Page cross site scriptingNot Defined
 
 
0.00CVE-2022-28507

5 more entries are not shown

Do you need the next level of professionalism?

Upgrade your account now!