Application Server Software Vulnerabilities
The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.
Identifying all affected vendors is a good starting point for an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.
|IBM WebSphere Application Server||400|
|Oracle WebLogic Server||272|
|Oracle Application Server||125|
|BEA WebLogic Server||122|
Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.
Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.
Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.
The approach a vulnerability it becomes important to use the expected access vector. This is typically via the network, local, or physically even.
To exploit a vulnerability a certail level of authentication might be required. Vulnerabilities without such a requirement are much more popular.
Some attack scenarios require some user interaction by a victim. This is typical for phishing, social engineering and cross site scripting attacks.
Our unique C3BM Index (CVSSv3 Base Meta Index) cumulates the CVSSv3 Meta Base Scores of all entries over time. Comparing this index to the amount of disclosed vulnerabilities helps to pinpoint the most important events.
The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.
The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.
The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.
The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.
A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.
Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.
There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.
The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.
The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.
Our unique calculation of exploit prices makes it possible to forecast the expected exploit market volume. The calculated prices for all possible 0-day expoits are cumulated for this task. Comparing the volume to the amount of disclosed vulnerabilities helps to pinpoint the most important events.
Our unique Cyber Threat Intelligence aims to determine the ongoing research of actors to anticipiate their acitivities. Observing exploit markets on the Darknet, discussions of vulnerabilities on mailinglists, and exchanges on social media makes it possible to identify planned attacks. Monitored actors and activities are classified whether they are offensive or defensive. They are also weighted as some actors are well-known for certain products and technologies. And some of their disclosures might contain more or less details about technical aspects and personal context. The world map highlights active actors in real-time.
Affected Products (249): Apache ActiveMQ, Apache ActiveMQ Artemis, Apache ActiveMQ Client, Apache CXF, Apache CXF Fediz, Apache Tomcat, Apache Tomcat Connectors, Apache Tomcat JK ISAPI Connector, Apache Tomcat JK Web Server Connector, Apache Tomcat Native, Apache Tomcat Native Connector, Apache Tomcat Security Manager, Apache Tomcat Servlet Engine, Avaya Aura Application Server 5300, Avaya IP Office Application Server, BEA BEA WebLogic Portal, BEA WebLogic, BEA Weblogic, BEA Weblogic Integration, BEA WebLogic Mobility Server, BEA WebLogic Portal, BEA WebLogic Server, bea WebLogic Server, BEA WebLogic Workshop, BEA Weblogic Workshop, BEA Systems WebLogic, BEA Systems WebLogic Server, Bradford CampusManager Network Control Application Server, Cisco BroadWorks Application Server, Deploy WebLogic Plugin, Digital Creations Zope, Fujitsu Interstage Application Server, Fujitsu Interstage Application Server Plus, Fujitsu Interstage Application Server Standard J, GlassFish Enterprise Server, GNU WildFly, Hitachi Application Server Help, Hitachi Cosminexus Application Server, Hitachi Ucosminexus Application Server Standard, HP Application Server, Hyland OnBase, Hyland Onbase Application Server, IBM App Connect, IBM Content Template Catalog, IBM Integration Bus, IBM Liberty, IBM Repository, IBM WebSphere, IBM WebSphere Application Liberty, IBM WebSphere Application Server, ibm WebSphere Application Server, IBM WebSphere Application Server Liberty, IBM WebSphere Application Server ND, IBM WebSphere Business Events, IBM WebSphere Business Modeler, IBM Websphere Caching Proxy Server, IBM WebSphere Cast Iron, IBM WebSphere Cast Iron Cloud Integration, IBM WebSphere Commerce, IBM WebSphere Commerce Enterprise, IBM WebSphere Commerce Suite, IBM Websphere Commerce Suite, IBM WebSphere Dashboard Framework, IBM WebSphere DataPower, IBM WebSphere DataPower Appliance, IBM Websphere Datapower Datapower Integration Appliance Xi50, IBM Websphere Datapower Soa Appliance, IBM WebSphere DataPower XC10, IBM WebSphere DataPower XC10 appliance, IBM Websphere Datapower Xc10 Appliance, IBM WebSphere DataPower XML Security Gateway XS40, IBM WebSphere Edge Server, IBM WebSphere eXtreme Scale, IBM WebSphere eXtreme Scale Client, IBM WebSphere Host On-Demand, IBM WebSphere ILOG JRules, IBM WebSphere ILOG Rule Team Server, IBM WebSphere Message, IBM WebSphere Message Broker, IBM WebSphere Message Broker SOAP FLOWS, IBM WebSphere Message Broker Toolkit, IBM WebSphere MQ, IBM WebSphere MQIPT, IBM Websphere MQ Explorer, IBM WebSphere MQ Internet Pass-Thru, IBM Websphere Mq Internet Pass Thru, IBM WebSphere MQ Light, IBM WebSphere Partner Gateway, IBM WebSphere Plugin, IBM WebSphere Portal, IBM WebSphere Process Server, IBM WebSphere Real Time, IBM WebSphere Service Registry, IBM WebSphere Transformation Extender, IBM WebSphere Virtual Enterprise, Invensys Wonderware Application Server, JBoss, JBOSS, jboss-remoting, JBoss AeroGear, JBoss BRMS, JBoss Enterprise Application Platform, JBoss Expressions, JBoss IronJacamar, JBoss jbossas, JBoss JBoss Application Server, JBoss JBoss Enterprise, JBoss jBPM, JBoss KeyCloak, JBoss Management Console, JBoss RichFaces, jboss seam, JBoss Web Console, JBossWeb Bayeux, JBoss AS 7 Community Release, JBoss KeyCloak, JBoss Operations Network, Jenkins Deploy WebLogic Plugin, Jens Vagelpohl zope-ldapuserfolder, Macromedia Application Server, Metasys Data Server, Metasys Extended Application, Metasys LonWorks Control Server, Metasys Network Automation Engine, Metasys Network Integration Engine, Metasys Open Application Server, Metasys Open Data Server, Metasys Smoke Control Network Automation Engine, Metasys System Configuration Tool, Mozilla Durian Web Application Server, MultiXTpm Application Server, Netweblogic Events Manager, Netweblogic Login With Ajax, Oracle 9i Application Server, Oracle Application Server, Oracle Application Server 9i, Oracle Application Server 10g, Oracle Application Server Discussion Forum Portlet, Oracle Application Server Portal, Oracle Application Server Web Cache, Oracle BEA Product Suite, Oracle Bea Product Suite, Oracle BEA WebLogic, Oracle BEA WebLogic Portal, Oracle Converged Application Server, Oracle Converged Application Server - Service Controller, Oracle Database Server, Oracle GlassFish Communications Server, Oracle GlassFish Enterprise Server, Oracle GlassFish Open Source Edition, Oracle GlassFish Server, Oracle GlassFish Server Open Source Edition, Oracle Glassfish Web Space Server10.0, Oracle Internet Application Server, Oracle Java System Application Server, Oracle Oracle9i Application Server, Oracle Oracle Application Server, Oracle Retail Predictive Application Server, Oracle WebLogic, Oracle WebLogic Portal, Oracle WebLogic Server, Oracle Weblogic Server Component, Oracle Weblogic Server Proxy Plug-in, Oracle WebLogic Server Proxy Plug-In, Oracle WebLogic Workshop, Orion Application Server, Orion%02 Application Server, Parallels Remote Application Server, Plone, Red Hat Application Platforms, Red Hat JBoss, Red Hat Jboss, Red Hat jboss-client, Red Hat jboss-remoting, Red Hat JBossWeb, Red Hat JBoss A-MQ, Red Hat JBoss Application Server, Red Hat JBoss BPMS, Red Hat JBoss BPM Suite, Red Hat JBoss BRMS, Red Hat JBoss Core Services httpd, Red Hat JBoss Data Grid, Red Hat JBoss EAP, Red Hat JBoss Enterprise, Red Hat JBoss Enterprise Application Platform, Red Hat JBoss Enterprise BRMS Platform, Red Hat JBoss Enterprise Portal Platform, Red Hat Jboss Enterprise Soa Platform, Red Hat JBoss Enterprise SOA Platform, Red Hat Jboss Enterprise Web, Red Hat JBoss Fuse, Red Hat Jboss Fuse Esb Enterprise, Red Hat JBoss Operations Network, Red Hat JBoss Portal, Red Hat JBoss Remoting, Red Hat JBoss Web Framework Kit, Red Hat JBoss WildFly Application Server, Red Hat WildFly, Red Hat Wildfly Elytron, SAP ABAP Application Server, SAP ABAP Platform, SAP Application Server ABAP, SAP Application Server Java, SAP ENGINEAPI, SAP HANA Database, SAP Internet Graphics Server, SAP Netweaver ABAP Application Server, SAP NetWeaver Application Server, SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server for ABAP, SAP NetWeaver Application Server for Java, SAP NetWeaver Application Server Java, SAP NetWeaver Application Server Java Web Container, SAP NetWeaver for Java Application Server, SAP Netweaver Java Application Server, SAP SAP-JEECOR, SAP SAP Content Server, SAP Web Application Server, SAP Web Dispatcher, SAP Web Dynpro for ABAP, SAP Web Dynpro for BSP, Seagull J Walk Application Server, Siemens SPPA-T3000 Application Server, Sun Application Server, Sun Java System Application Server, Sun Java System Web, Sun One Application Server, Sun ONE Application Server, Tmax Soft JEUS Web Application Server, Weblogicnet, WebLogic Server, Wildfly, WildFly, wildfly-core, WildFly Elytron, Wildfly Elytron, WildFly OpenSSL, Wildfly Security Manager, WildFly Deployer Plugin, Wildfly Elytron, WiTango Application Server, Xerces JBoss, Zope, Zope AccessControl, Zope Products.CMFCore, Zope Products.PluggableAuthService, Zope Web Application Server, Zope ZODB, Zulip Chat Application Server
2255 more entries are not shown
Do you know our Splunk app?
Download it now for free!