القطاع Pharma

Timeframe: -28 days

Default Categories (88): Access Management Software, Accounting Software, Anti-Malware Software, Anti-Spam Software, Application Server Software, Atlassian Confluence Plugin, Atlassian Jira App Software, Automation Software, Backup Software, Big Data Software, Billing Software, Bug Tracking Software, Business Process Management Software, Calendar Software, Chat Software, Chip Software, Cloud Software, Communications System, Connectivity Software, Continuous Integration Software, Customer Relationship Management System, Data Loss Prevention Software, Database Administration Software, Database Software, Directory Service Software, Document Management Software, Document Processing Software, Document Reader Software, Domain Name Software, Endpoint Management Software, Enterprise Resource Planning Software, File Compression Software, File Transfer Software, Firewall Software, Firmware Software, Groupware Software, Hardware Driver Software, Health Information Software, Human Capital Management Software, Image Processing Software, Information Management Software, IP Phone Software, Log Management Software, Mail Client Software, Mail Server Software, Medical Device Software, Middleware, Multimedia Player Software, Network Attached Storage Software, Network Authentication Software, Network Encryption Software, Network Management Software, Network Routing Software, Network Utility Software, Office Suite Software, Operating System, Policy Management Software, Presentation Software, Printing Software, Product Lifecycle Management Software, Programming Language Software, Project Management Software, Remote Access Software, Reporting Software, Risk Management System, Router Operating System, SCADA Software, Security Testing Software, Server Management Software, Service Management Software, Software Library, Software Management Software, Solution Stack Software, Spreadsheet Software, SSH Server Software, Supplier Relationship Management Software, Supply Chain Management Software, Testing Software, Ticket Tracking Software, Unified Communication Software, Video Surveillance Software, Virtualization Software, Warehouse Management System Software, Web Browser, Web Server, Windowing System Software, Wireless LAN Software, Word Processing Software

التسلسل الزمني

المجهز

منتج

Microsoft Windows56
Cups Easy38
Linux Kernel32
Intel Thunderbolt DCH Drivers16
QNAP QTS16

معالجة

Official Fix452
Temporary Fix0
Workaround6
Unavailable0
Not Defined212

قابلية الاستغلال

High0
Functional0
Proof-of-Concept32
Unproven60
Not Defined578

متجه الوصول

Not Defined0
Physical0
Local134
Adjacent140
Network396

توثيق

Not Defined0
High84
Low298
None288

تفاعل المستخدم

Not Defined0
Required212
None458

C3BM Index

CVSSv3 Base

≤10
≤20
≤310
≤478
≤5152
≤6164
≤7118
≤896
≤942
≤1010

CVSSv3 Temp

≤10
≤20
≤314
≤494
≤5150
≤6184
≤7108
≤894
≤916
≤1010

VulDB

≤10
≤20
≤326
≤4142
≤5156
≤6116
≤798
≤896
≤926
≤1010

NVD

≤1628
≤20
≤30
≤40
≤52
≤62
≤710
≤816
≤96
≤106

CNA

≤1330
≤20
≤30
≤418
≤542
≤658
≤766
≤8106
≤922
≤1028

المجهز

≤1608
≤20
≤30
≤40
≤52
≤66
≤76
≤826
≤920
≤102

إكسبلويت ذات هجوم فوري

<1k56
<2k256
<5k74
<10k114
<25k100
<50k46
<100k24
≥100k0

إكسبلويت اليوم

<1k322
<2k126
<5k108
<10k56
<25k58
<50k0
<100k0
≥100k0

حجم سوق الإكسبلويت

IOB - Indicator of Behavior (1000)

التسلسل الزمني

اللغة

en742
ja80
fr78
de30
ko16

البلد

us188
jp114
fr84
de48
il30

الفاعلين

النشاطات

الاهتمام

التسلسل الزمني

النوع

المجهز

منتج

Microsoft Windows24
Adobe Acrobat 202016
Adobe Acrobat Reader 202016
Adobe Acrobat DC16
Adobe Acrobat Reader DC16

الثغرات

#الثغرةBaseTemp0dayاليومق�معالجةCTIEPSSCVE
1Microsoft Exchange Server Remote Code Execution9.89.1$25k-$100k$5k-$25kFunctionalOfficial Fix4.210.00091CVE-2024-21410
2ESET NOD32 Antivirus تجاوز الصلاحيات7.87.8$0-$5k$0-$5kNot DefinedNot Defined1.320.00043CVE-2024-0353
3Microsoft Office Outlook Remote Code Execution8.57.4$5k-$25k$0-$5kUnprovenOfficial Fix2.110.00091CVE-2024-21413
4Fortinet FortiOS SSL-VPN تلف الذاكرة9.89.4$25k-$100k$5k-$25kHighOfficial Fix1.170.01000CVE-2024-21762
5Supabase PostgreSQL query حقن إس كيو إل5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.620.00045CVE-2024-24213
6Project Worlds Online Admission System documents.php تجاوز الصلاحيات7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.360.00069CVE-2024-0783
7IBM DB2/DB2 Connect Server Query الحرمان من الخدمة5.04.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.320.00044CVE-2023-47747
8IBM DB2/DB2 Connect Server Query الحرمان من الخدمة5.04.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.300.00044CVE-2023-47141
9NPM IP Package isPublic الكشف عن المعلومات3.53.5$0-$5k$0-$5kNot DefinedNot Defined1.120.00106CVE-2023-42282
10IBM DB2/DB2 Connect Server Query الحرمان من الخدمة5.04.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.280.00044CVE-2023-47746
11PostgreSQL Privilege Escalation8.07.8$0-$5k$0-$5kNot DefinedOfficial Fix0.490.00043CVE-2024-0985
12Linux Kernel EXT4 File System super.c __ext4_remount تلف الذاكرة6.46.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.300.00042CVE-2024-0775
13D-Link DIR-859 HTTP POST Request hedwig.cgi اجتياز الدليل7.67.5$5k-$25k$0-$5kProof-of-ConceptNot Defined0.560.00161CVE-2024-0769
14CloudLinux CageFS Authentication Token Local Privilege Escalation6.56.4$0-$5k$0-$5kNot DefinedOfficial Fix0.260.00045CVE-2020-36771
15IBM DB2/DB2 Connect Server Query الحرمان من الخدمة5.04.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.240.00044CVE-2023-47158
16darkhttpd Process Argument الكشف عن المعلومات4.44.3$0-$5k$0-$5kNot DefinedOfficial Fix0.250.00042CVE-2024-23770
17IBM DB2/DB2 Connect Server Cursor الحرمان من الخدمة5.75.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.240.00044CVE-2023-45193
18F5 NGINX Plus/NGINX Open Source QUIC Module الحرمان من الخدمة7.57.3$0-$5k$0-$5kNot DefinedOfficial Fix0.710.00043CVE-2024-24989
19GNU C Library __vsyslog_internal تلف الذاكرة7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.320.00232CVE-2023-6246
20Microsoft Windows Printing Service ثغرات غير معروفة6.45.5$25k-$100k$5k-$25kUnprovenOfficial Fix0.400.00048CVE-2024-21406

IOC - Indicator of Compromise (14)

These indicators of compromise highlight associated network ranges which are known to be part of research and attack activities.

IDIP rangeممثلالنوعالثقة
15.255.124.0/24IcedIDpredictiveعالي
213.113.172.0/24Cobalt Strikepredictiveعالي
3XX.XXX.XXX.X/XXXxxxxxxxpredictiveعالي
4XX.XXX.XXX.X/XXXxxxxxxxx (xxx Xxxx Xxxx-xxx)predictiveعالي
5XX.XXX.XXX.X/XXXxxxxxx Xxxxxxxpredictiveعالي
6XX.XX.XXX.X/XXXxxxxxxxpredictiveعالي
7XX.XXX.XXX.X/XXXxxxxx Xxxxxxpredictiveعالي
8XXX.XXX.XXX.X/XXXxxxxxx Xxxxxxxpredictiveعالي
9XXX.XXX.XX.X/XXXxxxxxpredictiveعالي
10XXX.XXX.XX.X/XXXxxxxx Xxxxxxpredictiveعالي
11XXX.XX.X.X/XXXxxxxxpredictiveعالي
12XXX.XXX.XX.X/XXXxxxxpredictiveعالي
13XXX.XXX.XXX.X/XXXxxxxxxxpredictiveعالي
14XXX.XXX.XXX.X/XXXxxxxpredictiveعالي

TTP - Tactics, Techniques, Procedures (26)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueالثغراتمتجه الوصولالنوعالثقة
1T1006CWE-22, CWE-23, CWE-24, CWE-25Pathname Traversalpredictiveعالي
2T1040CWE-319Authentication Bypass by Capture-replaypredictiveعالي
3T1055CWE-74Injectionpredictiveعالي
4T1059CWE-94Cross Site Scriptingpredictiveعالي
5T1059.007CWE-79, CWE-80Cross Site Scriptingpredictiveعالي
6T1068CWE-264, CWE-266, CWE-269, CWE-271, CWE-284J2EE Misconfiguration: Weak Access Permissions for EJB Methodspredictiveعالي
7TXXXX.XXXCWE-XXX, CWE-XXXXxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx Xxxxxxxxpredictiveعالي
8TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxxxxxxpredictiveعالي
9TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictiveعالي
10TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxpredictiveعالي
11TXXXX.XXXCWE-XXXXXxxxxxxxxxx Xxxxxxx Xxxxxxxxxx Xxxxxxxxxxpredictiveعالي
12TXXXXCWE-XXXxx Xxxxxxxxxpredictiveعالي
13TXXXXCWE-XXXXxx Xx Xxxxxxxxxx Xxxxxxx Xxxxxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictiveعالي
14TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictiveعالي
15TXXXXCWE-XXX, CWE-XXXXxx.xxx Xxxxxxxxxxxxxxxx: Xxxxxxxx Xx Xxxxxxxxxxxxx Xxxxpredictiveعالي
16TXXXX.XXXCWE-XXXXxx.xxx Xxxxxxxxxxxxxxxx: Xxxxxxxx Xx Xxxxxxxxxxxxx Xxxxpredictiveعالي
17TXXXXCWE-XXXXxxxxxxx Xxxxxxxxx Xx X Xxxxxxxxxxx'x Xxxxx Xx Xxxxxpredictiveعالي
18TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxx Xx X Xxxxxxxxxxx'x Xxxxx Xx Xxxxxpredictiveعالي
19TXXXX.XXXCWE-XXXXxxxxxxxxxxxpredictiveعالي
20TXXXXCWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictiveعالي
21TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxx Xxxxpredictiveعالي
22TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
23TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxxpredictiveعالي
24TXXXXCWE-XXX, CWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxxxxxxxx Xxxxxxx Xxxxxxxxxxpredictiveعالي
25TXXXX.XXXCWE-XXXXxxxxxxxxxxx Xxxxxxpredictiveعالي
26TXXXXCWE-XXXXxxxxxxxxxx Xxxxxxpredictiveعالي

IOA - Indicator of Attack (145)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDالفئةIndicatorالنوعالثقة
1File/cachepredictiveواطئ
2File/cgi-bin/GetJsonValue.cgipredictiveعالي
3File/Cinema-Reservation/booking.phppredictiveعالي
4File/cupseasylive/companymodify.phppredictiveعالي
5File/cupseasylive/costcentercreate.phppredictiveعالي
6File/cupseasylive/costcentermodify.phppredictiveعالي
7File/cupseasylive/countrycreate.phppredictiveعالي
8File/cupseasylive/countrylist.phppredictiveعالي
9File/cupseasylive/countrymodify.phppredictiveعالي
10File/cupseasylive/currencycreate.phppredictiveعالي
11File/cupseasylive/currencylist.phppredictiveعالي
12File/cupseasylive/currencymodify.phppredictiveعالي
13File/cupseasylive/grncreate.phppredictiveعالي
14File/cupseasylive/grndisplay.phppredictiveعالي
15File/cupseasylive/grnlinecreate.phppredictiveعالي
16File/cupseasylive/grnlist.phppredictiveعالي
17File/cupseasylive/grnmodify.phppredictiveعالي
18File/cupseasylive/grnprint.phppredictiveعالي
19File/xxxxxxxxxxxx/xxxxxxxxxx.xxxpredictiveعالي
20File/xxxxxxxxxxxx/xxxxxxxxxxxxxxx.xxxpredictiveعالي
21File/xxxxxxxxxxxx/xxxxxxxx.xxxpredictiveعالي
22File/xxxxxxxxxxxx/xxxxxxxxxx.xxxpredictiveعالي
23File/xxxxxxxxxxxx/xxxxxxxxx.xxxpredictiveعالي
24File/xxxxxxxxxxxx/xxxxxxxxxxxxxx.xxxpredictiveعالي
25File/xxxxxxxxxxxx/xxxxxxxxxxxxxx.xxxpredictiveعالي
26File/xxxxxxxxxxxx/xxxxxxxxxxx.xxxpredictiveعالي
27File/xxxxxxxxxxxx/xxxxxxxxx.xxxpredictiveعالي
28File/xxxxxxxxxxxx/xxxxxxxxxxx.xxxpredictiveعالي
29File/xxxxxxxxxxxx/xxxxx.xxxpredictiveعالي
30File/xxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxx.xxxpredictiveعالي
31File/xxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxx.xxxpredictiveعالي
32File/xxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveعالي
33File/xxxxxxxxxxxx/xxxxxxxxxxxxxxxxx.xxxpredictiveعالي
34File/xxxxxxxxxxxx/xxxxxxxxxxxxxxxxxx.xxxpredictiveعالي
35File/xxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxpredictiveعالي
36File/xxxxxxxxxxxx/xxxxxxxxxxxxx.xxxpredictiveعالي
37File/xxxxxxxxxxxx/xxxxxxxxxxx.xxxpredictiveعالي
38File/xxxxxxxxxxxx/xxxxxxxxxxxxxxxxxx.xxxpredictiveعالي
39File/xxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxx.xxxpredictiveعالي
40File/xxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveعالي
41File/xxxxxxxxxxxx/xxxxxxxxxxxxxxxx.xxxpredictiveعالي
42File/xxxxxxxxxxxx/xxxxxxxxxxxxxxxxxx.xxxpredictiveعالي
43File/xxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveعالي
44File/xxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveعالي
45File/xxxxxxxxxxxxxx.xxxpredictiveعالي
46File/xxxxxxxxx.xxxpredictiveعالي
47File/xxxxxx/xxxxxxxxxxxxxxxxxpredictiveعالي
48File/xxxxxx.xxxpredictiveمتوسط
49File/xxxxx.xxx?xxxx=xxxxxxxx_xxxpredictiveعالي
50File/xxxxxxxxxx-xxx/xxxxxx/xxxxxxxx/xxxxxxxxpredictiveعالي
51File/xxxxx/xxx/xxxxxxxx.xpredictiveعالي
52File/xxx/xxxxxxxxx/xxxxxx/xxxx.xpredictiveعالي
53File/xxxxx-xxxxxx/xxxxxxxx/xxxxxxxxxxxxxxxxxxxxpredictiveعالي
54File/xx_xxxx/xxxxxxx/xxxxxpredictiveعالي
55File/xxxxxxx.xxxpredictiveمتوسط
56File/xxxxxxxx.xxxpredictiveعالي
57File/xxxxxxxxxxxxxxxxxxxxx/xxxx_xxxxx.xxxpredictiveعالي
58File/xxxxxxxx.xxxpredictiveعالي
59Filexxxx/xxx/xxxx/xxx/xxx.xpredictiveعالي
60Filexxxxx.xxxxpredictiveمتوسط
61Filexxxxxx_xxxx.xxxpredictiveعالي
62Filexxxxxxx/xxxxxx/xxxxxxxx.xpredictiveعالي
63Filexxxxxxxxx.xxxpredictiveعالي
64Filexxxxxxx/xxx/xxx/xxx/xxxxxx/xxxxxx_xx.xpredictiveعالي
65Filexxxxxxx/xxx/xxx/xxx_xxxxxx.xpredictiveعالي
66Filexxxxxxx/xx/xx-xxxxx.xpredictiveعالي
67Filexxxxxxx/xx/xx-xxxxx.xpredictiveعالي
68Filexxxxxxx/xxxxx/xxx/xxxx/xxx-xxxx.xpredictiveعالي
69Filexxxxxxx/xxx/xxx/xxxxxx.xpredictiveعالي
70Filexxxxxxx/xxx/xxx/xxxx.xpredictiveعالي
71Filexxxxxxx/xxx/xxxxxx/xxxxxxxx/x_xxxxxxx.xpredictiveعالي
72Filexx/xxxxx/xxxx-xx.xpredictiveعالي
73Filexx/xxxx/xxxxx.xpredictiveعالي
74Filexx/xxx/xxxxxx/xxxxxxxx.xpredictiveعالي
75Filexxx/xxxx/xxxxxxx.xpredictiveعالي
76Filexxx.xpredictiveواطئ
77Filexxx/xxxxxxxxx/xx_xxxxxx_xxx.xpredictiveعالي
78Filexxx/xxx/xxx/xxx.xpredictiveعالي
79Filexxx/xxx/xx_xxx.xpredictiveعالي
80Filexxxxxxxx/xxxx-xxxxxxxxxxxx/xxx/xxxxxxxxxxxxxxxx.xxpredictiveعالي
81Filexxxx/xxxxx.xxxpredictiveعالي
82Filexxxxxx/xxxxxx.xxxpredictiveعالي
83Filexxxxxx/xxxxx.xxxpredictiveعالي
84Filexxxxxx/xxx_xxxxxx.xxxpredictiveعالي
85Filexxxxxx/xxxxxxx_xxxxx.xxxpredictiveعالي
86Filexxx/xxxx_xx_xxx.xpredictiveعالي
87Filexxx/xxxxxxxxxxxx/xxxxxxxxxxxxx.xxxpredictiveعالي
88Filexxxxxxx_xxxxxxxxx.xxxpredictiveعالي
89Filexxxxx_xxxx.xxpredictiveعالي
90Libraryxxxxxx.xxxpredictiveمتوسط
91Libraryxxxxxx.xxxpredictiveمتوسط
92Libraryxxxxxxxxxxxxxx.xxxpredictiveعالي
93Libraryxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveعالي
94Libraryxxxxxxxx.xxxpredictiveمتوسط
95Argumentxxxxxx_xxxpredictiveمتوسط
96Argumentxxxxxpredictiveواطئ
97Argumentxxxxxpredictiveواطئ
98Argumentxxxxxxxxxxxpredictiveمتوسط
99Argumentxxxxxxxpredictiveواطئ
100Argumentxxxxxxxxxxxpredictiveمتوسط
101Argumentxxxxxxxx_xxxxxxx_xxxxxx[xxxxx_xxxxxx_xxx]'predictiveعالي
102Argumentxxxxxx_xxxx/xxxxxx_xxxxpredictiveعالي
103Argumentxxxxxxxpredictiveواطئ
104Argumentxxxxxxxpredictiveواطئ
105Argumentxxxxxxxxxxxpredictiveمتوسط
106Argumentxxxxxxxxxxxxpredictiveمتوسط
107Argumentxxxxxxxxxpredictiveمتوسط
108Argumentxxxxxxxpredictiveواطئ
109Argumentxxxxxxxxxxxpredictiveمتوسط
110Argumentxxx.x.xxxxxxpredictiveمتوسط
111Argumentxxxxxxxxxxpredictiveمتوسط
112Argumentxxxxxxx.x.xxxxxxpredictiveعالي
113Argumentxxxxxxxpredictiveواطئ
114Argumentxxxxxpredictiveواطئ
115Argumentxxxxpredictiveواطئ
116Argumentxxpredictiveواطئ
117Argumentxxxxxxxxxxxxpredictiveمتوسط
118Argumentxxxxxxxxxxxpredictiveمتوسط
119Argumentxxxxxxpredictiveواطئ
120Argumentxxxxxxxpredictiveواطئ
121Argumentxxxpredictiveواطئ
122Argumentxxx_xxxxpredictiveمتوسط
123Argumentxxxxxxxxxxpredictiveمتوسط
124Argumentxxxxxxxxxpredictiveمتوسط
125Argumentxxxxpredictiveواطئ
126Argumentxxxxpredictiveواطئ
127Argumentxxxxxxxxxpredictiveمتوسط
128Argumentxxxxpredictiveواطئ
129Argumentxxxxxxpredictiveواطئ
130Argumentxxxxxxxpredictiveواطئ
131Argumentxxxxxxxpredictiveواطئ
132Argumentxxxxxxxxxxxxxxxxxxxxpredictiveعالي
133Argumentxxx xxxx xxxxxxxpredictiveعالي
134Argumentxxxxxxxxxpredictiveمتوسط
135Argumentxxxx_xxxxxx_xxx/xxxxx_xxxpredictiveعالي
136Argumentxxxpredictiveواطئ
137Argumentxxxxxxxxxxxxxxxxxxxpredictiveعالي
138Argumentxxxxpredictiveواطئ
139Argumentxxxxxxxxpredictiveمتوسط
140Argumentxxxxxxxxpredictiveمتوسط
141Argumentxxxxxxxx/xxxxxxxxpredictiveعالي
142Argumentxxxxxxxxxxxxxxxxxxxpredictiveعالي
143Argumentxxxxxxxxxxx_xxxx_xpredictiveعالي
144Input Value../../../../xxxxxx/xxxxxx/xxxxxx/xxxxxx.xxxxxx-x.xxxpredictiveعالي
145Input Value/xxxxxxx/../../../../../xxx/xxxxxxpredictiveعالي

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!