Cloud Software Vulnerabilities
The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.
Identifying all affected vendors is a good starting point for an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.
|Oracle Communications Diameter Signaling Router||44|
|Oracle Communications Policy Management||40|
Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.
Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.
Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.
The approach a vulnerability it becomes important to use the expected access vector. This is typically via the network, local, or physically even.
To exploit a vulnerability a certail level of authentication might be required. Vulnerabilities without such a requirement are much more popular.
Some attack scenarios require some user interaction by a victim. This is typical for phishing, social engineering and cross site scripting attacks.
Our unique C3BM Index (CVSSv3 Base Meta Index) cumulates the CVSSv3 Meta Base Scores of all entries over time. Comparing this index to the amount of disclosed vulnerabilities helps to pinpoint the most important events.
The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.
The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.
The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.
The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.
A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.
Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.
There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.
The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.
The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.
Our unique calculation of exploit prices makes it possible to forecast the expected exploit market volume. The calculated prices for all possible 0-day expoits are cumulated for this task. Comparing the volume to the amount of disclosed vulnerabilities helps to pinpoint the most important events.
Our unique Cyber Threat Intelligence aims to determine the ongoing research of actors to anticipiate their acitivities. Observing exploit markets on the Darknet, discussions of vulnerabilities on mailinglists, and exchanges on social media makes it possible to identify planned attacks. Monitored actors and activities are classified whether they are offensive or defensive. They are also weighted as some actors are well-known for certain products and technologies. And some of their disclosures might contain more or less details about technical aspects and personal context. The world map highlights active actors in real-time.
Affected Products (593): A-Member, A-Member for MT Cloud, A-Reserve, A-Reserve for MT Cloud, Adobe Creative Cloud, Adobe Creative Cloud Desktop, Adobe Creative Cloud Desktop Application, Akamai CloudTest, Alcatel-Lucent 8008 Cloud Edition Deskphone, Amazon AWS CloudFormation Bootstrap Tools, Amazon AWS CloudFront, Annex Cloud Loyalty Experience Platform, AnyShare Cloud, Apache CloudStack, Apache libcloud, Apache Libcloud, Apple iCloud, Apple iClouds, Arista CloudEOS, Arista CloudVision eXchange Server, Arista CloudVision Portal, Arista Cloud EOS VM vEOS, Arista EOS, asyncapi java-spring-cloud-stream-template, Axios Italia Axioscloud Sissiweb Registro Elettronico, Big Switch Big Cloud Fabric, Big Switch Big Monitoring Fabric, Big Switch Multi-Cloud Director, CA Cloud Service Management, CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP, Cdsincdesign Simple Dropbox Upload Form, Cisco Application Policy Infrastructure Controller, Cisco CloudCenter Orchestrator, Cisco Cloud Application Policy Infrastructure Controller, Cisco Cloud Portal, Cisco Cloud Services Platform 2100, Cisco Intercloud Fabric, Cisco Intercloud Fabric for Business, Cisco Intercloud Fabric for Providers, Cisco Nexus 1000V InterCloud for VMware, cloud-init, Cloud4Wi, cloudacl Safe Browser - The Web Filter, CloudAvid PParam, CloudBees Directory, CloudBees Enterprise, CloudBoot, CloudCTI HIP Integrator Recognition Configuration Tool, Cloudera CDH, Cloudera Data Engineering, Cloudera Data Science Workbench, Cloudera Hue, Cloudera HUE, Cloudera Key Trustee Server, Cloudera Manager, Cloudera Manager UI, Cloudera Navigator, Cloudera Navigator Key Trustee KMS, Cloudera Search, cloudflare-scrape, Cloudflare OctoRPKI, Cloudflare WARP, cloudflared, CloudForms, Cloudforms, CloudForms Management Engine, CloudMe, CloudNine Interactive Links Manager, Cloudron, Cloudtoken, CloudView NMS, CloudVision Portal, Cloudwords for Multilingual Module, cloudwu cstring, cloudwu PBC, Cloud Foundry, Cloud Foundry BOSH, Cloud Foundry BOSH Azure CPI, Cloud Foundry BOSH System Metrics Server, Cloud Foundry CAPI, Cloud Foundry CF Networking Release, Cloud Foundry Cloud Controller, Cloud Foundry Cloud Controller API, Cloud Foundry CredHub CLI, Cloud Foundry Diego, Cloud Foundry Foundation UAA, Cloud Foundry Garden-runC, Cloud Foundry Loggregator, Cloud Foundry Log Cache, Cloud Foundry NFS Volume Service, Cloud Foundry Runtime, Cloud Foundry SMB Volume, Cloud Foundry UAA, Cloud Foundry UAA Server, Cloud Foundry Bits Service, Cloud Foundry BOSH, Cloud Foundry BOSH CLI, Cloud Foundry cf-deployment, Cloud Foundry CLI, Cloud Foundry Cloud Controller, Cloud Foundry CredHub, Cloud Foundry Garden-runC, Cloud Foundry NFS Volume, Cloud Foundry Plugin, Cloud Foundry Routing, Cloud Foundry Silk CNI Plugin, Cloud Foundry Stratos, Cloud Foundry UAA, Cloud Media Popcorn A-200, Cloud Native Computing Foundation Harbor, Cloud Server, Cloud Statistics Plugin, CodeLathe FileCloud, Cool Tag Cloud Plugin, Creative Cloud Desktop Application, CTERA Cloud Storage OS, Cubettechnologies Cloud Manager, Daumcorp Daum Cloud, Dell EMC CloudLink, Dell EMC Integrated System for Microsoft Azure Stack Hub, Deskpro Cloud, Deskpro Cloud Platform, Deskpro On-Premise, DigitalCloudToken, Directory Cloud Station, Documentcloud karteek-docsplit, dropbox, Dropbox App, Dropbox Desktop App, Dropbox SDK, Dropbox Lepton, Elastic Cloud Enterprise, Elasticsearch Elastic Cloud Enterprise, Elastic Cloud Enterprise, Elastic Runtime, Electric Cloud ElectricCommander, EMC Cloud Tiering Appliance Software, EMC Cloud Tiering Appliance Virtual Edition, EMC Elastic Cloud Storage, Enghouse Cloud Contact Center Platform, F-Secure Cloud Protection For Salesforce, F-Secure Email, F-Secure Internet GateKeeper, F-Secure Server Security, F5 BIG-IQ Cloud, F5 Security, Fabasoft Cloud, Firebase Cloud Messaging + Advance Admin Panel, FusionSphere OpenStack, geniuscloud Smart Browser, Gocloud ISP3000, Gocloud S2A, Gocloud S2A_WL, Gocloud S3A, Gocloud S3A K2P MTK, Google Cloud Platform guest-oslogin, Google Cloud Messaging Notification Plugin, granita Cloud Browser, GroupSession byCloud, GroupSession Free Edition, GroupSession ZION, GroupSession byCloud, GroupSession Free Edition, GroupSession ZION, H3C H3Cloud OS, Hangzhou Xiongmai XMeye P2P Cloud Server, HP Helion Cloud Development Platform, HP MagCloud, HPE Cloudline CL3100 Gen10 Server, HPE Cloudline CL4100 Gen10 Server, HPE Cloudline CL5200 Gen9 Server, HPE Cloudline CL5800 Gen9 Server, HPE Cloudline CL5800 Gen10 Server, HPE Cloud Optimizer, HPE Helion OpenStack Glance, Huawei AC6005, Huawei AC6605, Huawei AR200, Huawei AR1200, Huawei AR3200, Huawei CloudEngine, Huawei CloudEngine8800, Huawei CloudEngine 1800V, Huawei CloudEngine 5800, Huawei CloudEngine 6800, Huawei CloudEngine 7800, Huawei CloudEngine 8800, Huawei CloudEngine 12800, Huawei CloudLink Phone 7900, Huawei CloudUSM-EUA, Huawei E600, Huawei FusionSphere OpenStack, Huawei MyCloud APP, Huawei Public Cloud Solution, Huawei S1700, Huawei S2300, Huawei S2700, Huawei S5300, Huawei S5700, Huawei S6300, Huawei S6700, Huawei S7700, Huawei S9300, Huawei S9700, Huawei S12700, Huawei Secospace USG6600, Huawei CloudEngine 7800, Ian Bezanson DropBox, IBM Aspera Cloud, IBM Cloudscape, IBM Cloud APM, IBM Cloud Application Performance Management, IBM Cloud App Management, IBM Cloud CLI, IBM Cloud Orchestrator, IBM Cloud Orchestrator Enterprise, IBM Cloud Pak for Applications, IBM Cloud Pak for Data, IBM Cloud Pak for Multicloud Management, IBM Cloud Pak for Multicloud Management Monitoring, IBM Cloud Pak for Security, IBM Cloud Pak System, IBM Cloud Private, IBM Kenexa LCMS Premier on Cloud, IBM Kenexa LMS on Cloud, IBM MQ Advanced Cloud Pak, IBM Multi-Cloud Data Encryption, IBM Multicloud Manager, IBM SmartCloud Analytics, IBM SmartCloud Analytics Log Analysis, IBM SmartCloud Control Desk, IBM SmartCloud Provisioning, IBM Watson Developer Cloud, IBM Application Security on Cloud Plugin, ICloudCenter ICJobSite, ICloudCenter ICTimeAttendance, Intel Expressway Cloud Access 360, Intel Security CloudAV, Intel Unite Cloud Service Client, Intelbras NCLOUD 300, Ivanti EPM Cloud Services Appliance, Juniper Mist Cloud UI, Juniper Networks Contrail Cloud, Kaspersky Internet Security, Kaspersky Secure Connection, Kaspersky Security Cloud, Kaspersky Total Security, Lenovo Cloud Networking Operating System, LiveCRM SaaS Cloud Component, Maxthon Cloud Browser, McAfee Cloud Single Sign On, McAfee ePO Cloud, metago ASTRO File Manager with Cloud, Microsoft Azure Active Directory, Microsoft Azure Active Directory Connect, Microsoft Azure Active Directory Passport, Microsoft Azure AD Connect, Microsoft Azure App Service, Microsoft Azure Automation, Microsoft Azure Container Instance, Microsoft Azure CycleCloud, Microsoft Azure DevOps Server, Microsoft Azure Functions, Microsoft Azure IoT CLI Extension, Microsoft Azure IoT Edge, Microsoft Azure IoT SDK, Microsoft Azure Kubernetes Service, Microsoft Azure Linux Guest Agent, Microsoft Azure Migrate, Microsoft Azure Open Management Infrastructure, Microsoft Azure Pack Rollup, Microsoft Azure RTOS, Microsoft Azure SDK for Java, Microsoft Azure Service Fabric, Microsoft Azure Site Recovery, Microsoft Azure Sphere, Microsoft Azure Spring Cloud, Microsoft Azure SSH Keypairs, Microsoft Azure Stack, Microsoft Hub Device Client SDK for Azure IoT, Microsoft OneDrive, Mightymess SoundCloud Is Gold, Mitel MiCloud Management Portal, Musicloud, NAVER Cloud Explorer, NetApp Cloud Manager, NetEase NetEase CloudAlbum, Netgear Insight Cloud, Netsparker Cloud Scan Plugin, Nextcloud, NextCloud, Nextcloud App Extract, Nextcloud Circle, Nextcloud Circles, Nextcloud Contacts, Nextcloud Deck, Nextcloud Desktop Client, Nextcloud End-to-End Encryption, Nextcloud Lookup-Server, Nextcloud Mail, Nextcloud Mail Application, Nextcloud OfficeOnline, Nextcloud Preferred Providers App, Nextcloud Richdocuments, Nextcloud Server, Nextcloud Social, Nextcloud Social App, Nextcloud Talk, Nextcloud Text, NextCloud Mail, NextCloud Preferred Providers App, Nextcloud Server, NoMachine Cloud Server, Novell Cloud Manager, Novell SUSE Cloud, No Magic TeamworkCloud, Okacloud Domain Name Search , Okacloud Web Host, OnCommand Cloud Manager, OpenStack, openstack-cinder, openstack-ironic-inspector, openstack-mistral, openstack-neutron, openstack-tripleo-heat-templates, openstack-tripleo-image-elements, openstack-utils, OpenStack blazar-dashboard, OpenStack Ceilometer, OpenStack Cinder, OpenStack Compute, OpenStack Compute (Nova), OpenStack Dashboard, OpenStack Delivery Service, OpenStack Designate, OpenStack devstack, OpenStack Diablo, OpenStack Essex, OpenStack Folsom, OpenStack Glance, OpenStack Grizzly, OpenStack Havana, OpenStack Heat, OpenStack Horizon, OpenStack horizon, OpenStack icehouse, OpenStack Identity, OpenStack Image Registry, OpenStack Image Registry And Delivery Service, OpenStack Image Registry And Delivery Service (glance), OpenStack Image Service, OpenStack Ironic, OpenStack Ironic Inspector, OpenStack Keystone, OpenStack keystonemiddleware, OpenStack Keystone Folsom, OpenStack Manila, OpenStack Murano, openstack neutron, OpenStack Neutron, OpenStack Newton, OpenStack Nova, Openstack Nova, OpenStack Nova-LXD, OpenStack Object Storage, OpenStack Ocata, OpenStack OpenStack Keystone, OpenStack Orchestration, OpenStack os-vif, OpenStack Puppet Module for Gerrit, OpenStack PyCADF, OpenStack python-keystoneclient, OpenStack rabbitmq, OpenStack Swauth, OpenStack swift, OpenStack Swift, OpenStack Swift-on-File, OpenStack Trove, OpenStack Workflow, Openstack Cloud Plugin, OpenStack Compute, OpenStack Dashboard Package, Openstack Deployment, OpenStack Horizon, OpenStack Identity, OpenStack Keystone, OpenStack Magnum, OpenStack Mistral, OpenStack Neutron, OpenStack Nova, OpenStack Octavia, Oracle CloudForms Management Engine, Oracle Cloud Infrastructure Data Science Notebook Sessions, Oracle Cloud Infrastructure Storage Gateway, Oracle Cloud Services, Oracle Communications, Oracle Communications Analytics, Oracle Communications Application Session Controller, Oracle Communications ASAP, Oracle Communications ASAP Cartridges, Oracle Communications Billing, Oracle Communications Billing and Revenue Management, Oracle Communications BRM, Oracle Communications BRM - Elastic Charging Engine, Oracle Communications BRM Elastic Charging Engine, Oracle Communications Calendar Server, Oracle Communications Cloud Native Core Console, Oracle Communications Cloud Native Core Network Function Cloud Native Environment, Oracle Communications Cloud Native Core Network Repository Function, Oracle Communications Cloud Native Core Network Slice Selection Function, Oracle Communications Cloud Native Core Policy, Oracle Communications Cloud Native Core Security Edge Protection Proxy, Oracle Communications Cloud Native Core Service Communication Proxy, Oracle Communications Cloud Native Core Unified Data Repository, Oracle Communications Contacts Server, Oracle Communications Control Plane Monitor, Oracle Communications Converged Application Server, Oracle Communications Converged Application Server - Service Controller, Oracle Communications Converged Application Server Service Controller, Oracle Communications Convergence, Oracle Communications Convergent Charging Controller, Oracle Communications Core Session Manager, Oracle Communications Design Studio, Oracle Communications Diameter Signaling Router, Oracle Communications Diameter Signaling Router (DSR), Oracle Communications EAGLE Application Processor, Oracle Communications EAGLE FTP Table Base Retrieval, Oracle Communications EAGLE LNP Application Processor, Oracle Communications EAGLE Software, Oracle Communications Element Manager, Oracle Communications Evolved Communications Application Server, Oracle Communications Fraud Monitor, Oracle Communications Instant Messaging Server, Oracle Communications Interactive Session Recorder, Oracle Communications IP Service Activator, Oracle Communications LSMS, Oracle Communications Messaging Server, Oracle Communications MetaSolv Solution, Oracle Communications Network Charging, Oracle Communications Network Charging and Control, Oracle Communications Network Integrity, Oracle Communications Network Intelligence, Oracle Communications Offline Mediation Controller, Oracle Communications Online Mediation Controller, Oracle Communications Operations Monitor, Oracle Communications Order, Oracle Communications Performance Intelligence Center (PIC) Software, Oracle Communications Performance Intelligence Center Software, Oracle Communications Policy Management, Oracle Communications Pricing Design Center, Oracle Communications Security Gateway, Oracle Communications Services Gatekeeper, Oracle Communications Service Broker, Oracle Communications Service Broker Engineered System Edition, Oracle Communications Session Border Controller, Oracle Communications Session Report Manager, Oracle Communications Session Router, Oracle Communications Session Route Manager, Oracle Communications Subscriber-Aware Load Balancer, Oracle Communications Tekelec HLR Router, Oracle Communications Unified, Oracle Communications Unified Inventory Management, Oracle Communications Unified Session Manager, Oracle Communications User Data Repository, Oracle Communications WebRTC Session Controller, Oracle Control, Oracle Retail Insights Cloud Service Suite, Oracle Retail Order Broker Cloud Service, Oracle Retail Order Management System Cloud Service, Oracle Revenue Management, Oracle Right Now Service Cloud, Oracle Service Management, Oracle Storage Cloud Software Appliance, Oracle Cloud Infrastructure Compute Classic Plugin, OSIsoft PI Integrator for Business Analytics, OSIsoft PI Integrator for Microsoft Azure, OSIsoft PI Integrator for SAP HANA, ownCloud, ownCloud Desktop Client, ownCloud Server, ownCloud user_ldap, ownCloud Windows Client, ownCloud Client, ownCloud Desktop, ownCloud Server, Palo Alto Prisma Cloud Compute, Palo Alto VM Series Firewall for Microsoft Azure, pivotal-cf Spring Cloud SSO Connector, Pivotal Cloud Cache, Pivotal Cloud Foundry, Pivotal Cloud Foundry Elastic Runtime, Pivotal Cloud Foundry Ops Manager, Pivotal Cloud Foundry Runtime, Pivotal Cloud Foundry On Demand Services SDK, Polycom RealPresence CloudAXIS Suite, QNAP myQNAPcloud Connect, Quali CloudShell, Red Hat Cloudforms, Red Hat CloudForms, Red Hat CloudForms 2 Management Engine, Red Hat Cloudforms 3.0 Management Engine, Red Hat CloudForms 3.0 Management Engine, Red Hat CloudForms 3.1 Management Engine, Red Hat CloudForms Cloud Engine, Red Hat CloudForms Management Engine, Red Hat openstack, Red Hat OpenStack, Red Hat Openstack, Red Hat openstack-neutron, Red Hat openstack-octavia, Red Hat Openstack Enterprise, Red Hat Openstack Folsom, Red Hat OpenStack Platform, Red Hat OpenStack Platform Director, Red Hat QuickStart Cloud Installer, RiyaLab CloudISO, Samsung Cloud, SAP Cloud Connector, SAP Cloud Platform, SAP Commerce Cloud, SAP sap-cloud-sdk, SCORM Cloud Plugin, Seagate Personal Cloud, Skytap Cloud CI Plugin, SoftNAS Cloud, somcloud Somnote - Journal-Memo, Spring Cloud Netflix, Spring Cloud Config, Supra Smart Cloud TV, SuSE Openstack Cloud, SuSE OpenStack Cloud Crowbar, Synology Cloud Station, Synology Cloud Station Drive, Synology QTS, Synology QuTScloud, Synology QuTS Hero, Telekom Open Cloud SSO, Teradici Cloud Access Connector, Teradici Cloud Access Connector Legacy, TP-LINK Cloud Camera, Trove Barclamp, Umbraco Cloud, UniFi Cloud Key, VeloCloud Orchestrator, Veritas CloudPoint, VMware Carbon Black Cloud Workload Appliance, VMware Cloud Director, Vmware macOS Sensor for VMware Carbon Black Cloud, Vmware Spring Cloud Data Flow, VMware Spring Cloud Gateway, VMware Spring Cloud Netflix Zuul, VMware Spring Cloud OpenFeign, Vmware Spring Cloud Task, VMware vCloud Director, VMware vCloud Director for Service Providers, VMware vRealize Business for Cloud, wdc WD My Cloud, Webroot BrightCloud SDK, Western Digital DL2100, Western Digital DL4100, Western Digital EX2 Ultra, Western Digital EX2100, Western Digital EX4100, Western Digital ibi, Western Digital Mirror Gen2, Western Digital mycloud.com, Western Digital MyCloud NAS, Western Digital MyCloud PR4100, Western Digital My Cloud, Western Digital My Cloud Cloud, Western Digital My Cloud DL2100, Western Digital My Cloud DL4100, Western Digital My Cloud EX2 Ultra, Western Digital My Cloud EX2100, Western Digital My Cloud EX4100, Western Digital My Cloud Home, Western Digital My Cloud Mirror Gen2, Western Digital My Cloud NAS, Western Digital My Cloud OS, Western Digital My Cloud PR2100, Western Digital My Cloud PR4100, Western Digital PR2100, Western Digital PR4100, Western Digital WD My Cloud, Western Digital WD My Cloud Mirror, Ypsomed mylife Cloud, Ypsomed mylife Mobile Application, Zoho ManageEngine Cloud Security Plus, ZOOM Cloud Meetings, ZTE ZXCLOUD GoldenData VAP, ZTE ZXCLOUD iRAI, ZXCLOUD iRAI, ZyXEL CloudCNM SecuManager
2418 more entries are not shown
Interested in the pricing of exploits?
See the underground prices here!