Sektor Government

Timeframe: -28 days

Default Categories (63): Access Management Software, Anti-Malware Software, Anti-Spam Software, Application Server Software, Automation Software, Backup Software, Billing Software, Calendar Software, Cloud Software, Communications System, Connectivity Software, Customer Relationship Management System, Database Administration Software, Database Software, Directory Service Software, Document Management Software, Document Processing Software, Document Reader Software, File Compression Software, File Transfer Software, Financial Software, Firewall Software, Groupware Software, Hardware Driver Software, Information Management Software, IP Phone Software, Knowledge Base Software, Log Management Software, Mail Server Software, Middleware, Multimedia Player Software, Network Attached Storage Software, Network Authentication Software, Network Encryption Software, Network Management Software, Network Routing Software, Office Suite Software, Operating System, Policy Management Software, Presentation Software, Printing Software, Product Lifecycle Management Software, Project Management Software, Remote Access Software, Reporting Software, Router Operating System, Security Testing Software, Server Management Software, Service Management Software, Software Library, Software Management Software, Spreadsheet Software, SSH Server Software, Supply Chain Management Software, Ticket Tracking Software, Unified Communication Software, Video Surveillance Software, Virtualization Software, Web Browser, Web Server, Windowing System Software, Wireless LAN Software, Word Processing Software

Oś czasu

Sprzedawca

Oracle212
Not Defined54
Linux20
Apple20
IBM20

Produkt

Oracle MySQL Server38
Linux Kernel20
Oracle WebLogic Server18
Apple macOS18
Adobe Acrobat Reader16

Przeciwdziałanie

Official Fix426
Temporary Fix0
Workaround2
Unavailable0
Not Defined74

Wykorzystywanie

High0
Functional0
Proof-of-Concept22
Unproven0
Not Defined480

Wektor dostępu

Not Defined0
Physical2
Local28
Adjacent80
Network392

Uwierzytelnianie

Not Defined0
High70
Low162
None270

Interakcja z użytkownikiem

Not Defined0
Required126
None376

C3BM Index

CVSSv3 Base

≤10
≤22
≤314
≤446
≤590
≤682
≤796
≤8100
≤928
≤1044

CVSSv3 Temp

≤10
≤22
≤316
≤448
≤588
≤6122
≤764
≤894
≤924
≤1044

VulDB

≤10
≤22
≤322
≤452
≤590
≤678
≤778
≤8114
≤920
≤1046

NVD

≤1412
≤20
≤30
≤40
≤52
≤64
≤78
≤842
≤92
≤1032

CNA

≤1376
≤20
≤30
≤42
≤524
≤624
≤710
≤852
≤98
≤106

Sprzedawca

≤1498
≤20
≤30
≤40
≤52
≤60
≤70
≤80
≤92
≤100

Exploit 0-day

<1k30
<2k80
<5k18
<10k112
<25k198
<50k18
<100k46
≥100k0

Wykorzystaj dzisiaj

<1k126
<2k106
<5k132
<10k58
<25k66
<50k14
<100k0
≥100k0

Wykorzystaj wielkość rynku

IOB - Indicator of Behavior (1000)

Oś czasu

Język

en966
ja10
de4
zh4
pl4

Kraj

us196
hu60
it60
jp10
ch8

Aktorzy

Mustang Panda1
TrickBot1
Conti1
BazarLoader1
Carbanak1

Zajęcia

Wysiłek

Oś czasu

Rodzaj

Cloud Software110
Router Operating System12
Web Browser6
Financial Software4
Software Library4

Sprzedawca

Oracle112
D-Link12
Not Defined6
fanzila4
GNU4

Produkt

Oracle Communications Cloud Native Core Binding Su ...20
D-Link DIR-605L12
Oracle Communications Cloud Native Core Policy10
Oracle Communications Cloud Native Core Unified Da ...10
Oracle Communications Diameter Signaling Router10

Luki w zabezpieczeniach

#Słaby punktBaseTemp0dayDzisiajWykPrzCTIEPSSCVE
1Microsoft Edge nieznana luka4.33.9$25k-$100k$5k-$25kProof-of-ConceptOfficial Fix3.140.00000CVE-2023-21794
2Calendar Event Management System sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined1.630.00890CVE-2023-0675
3NREL api-umbrella-web Flash Message cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix1.220.00950CVE-2015-10072
4SiteFusion Application Server Extension getextension.php directory traversal3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix1.280.01018CVE-2016-15023
5Calendar Event Management System Login Page sql injection7.36.6$0-$5k$0-$5kProof-of-ConceptNot Defined1.110.00954CVE-2023-0663
6GNU C Library Call Graph Monitor gmon.c __monstartup memory corruption4.64.4$0-$5k$0-$5kNot DefinedOfficial Fix1.050.00950CVE-2023-0687
7fanzila WebFinance save_roles.php sql injection5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.990.00890CVE-2013-10017
8fanzila WebFinance save_taxes.php sql injection5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix1.000.00954CVE-2013-10016
9Oracle Communications Cloud Native Core Binding Support Function Install/Upgrade information disclosure5.55.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.760.00950CVE-2022-24823
10fanzila WebFinance save_contact.php sql injection5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.840.01412CVE-2013-10018
11fanzila WebFinance save_Contract_Signer_Role.php sql injection5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix1.060.00954CVE-2013-10015
12Oracle Communications Cloud Native Core Network Function Cloud Native Environment Oracle Linux 8 denial of service7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.760.01108CVE-2022-0934
13Oracle Communications Cloud Native Core Console Configuration denial of service7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.700.00885CVE-2022-2053
14Oracle Communications Cloud Native Core Binding Support Function Policy privilege escalation7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.670.00885CVE-2022-42252
15Oracle Communications Cloud Native Core Network Repository Function Installation denial of service6.56.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.580.00885CVE-2022-38752
16Oracle Communications Diameter Signaling Router Virtual Network Function Manager race condition7.06.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.580.03090CVE-2022-3028
17Horner Automation Cscape Envision RV HMI File Parser memory corruption6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix1.46-0.00000CVE-2023-0622
18Horner Automation Cscape Envision RV HMI File memory corruption6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix1.46-0.00000CVE-2023-0623
19Oracle Communications Cloud Native Core Console Configuration denial of service6.46.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.620.00954CVE-2022-3171
20Oracle Communications Cloud Native Core Binding Support Function Install/Upgrade denial of service7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.670.01537CVE-2022-31129

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ranges which are known to be part of research and attack activities.

IDIP rangeAktorRodzajPewność siebie
165.19.141.0/24CarbanakpredictiveWysoki
2XX.XXX.XXX.X/XXXxxxxxxxpredictiveWysoki
3XXX.XX.XX.X/XXXxxxxxx XxxxxpredictiveWysoki
4XXX.XXX.XXX.X/XXXxxxxxxxxxpredictiveWysoki

TTP - Tactics, Techniques, Procedures (20)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueLuki w zabezpieczeniachWektor dostępuRodzajPewność siebie
1T1006CWE-22, CWE-23Pathname TraversalpredictiveWysoki
2T1040CWE-319Authentication Bypass by Capture-replaypredictiveWysoki
3T1059CWE-88, CWE-94, CWE-1321Cross Site ScriptingpredictiveWysoki
4T1059.007CWE-79Cross Site ScriptingpredictiveWysoki
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveWysoki
6TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveWysoki
7TXXXXCWE-XX, CWE-XXXxxxxxx XxxxxxxxxpredictiveWysoki
8TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveWysoki
9TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveWysoki
10TXXXXCWE-XX, CWE-XXXxx XxxxxxxxxpredictiveWysoki
11TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveWysoki
12TXXXXCWE-XXXXxx.xxx Xxxxxxxxxxxxxxxx: Xxxxxxxx Xx Xxxxxxxxxxxxx XxxxpredictiveWysoki
13TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveWysoki
14TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxx Xx X Xxxxxxxxxxx'x Xxxxx Xx XxxxxpredictiveWysoki
15TXXXX.XXXCWE-XXXXxxxxxxxxxxxpredictiveWysoki
16TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveWysoki
17TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveWysoki
18TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxxpredictiveWysoki
19TXXXXCWE-XXX, CWE-XXX, CWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxxxxxxxx Xxxxxxx XxxxxxxxxxpredictiveWysoki
20TXXXX.XXXCWE-XXXXxxxxxxxxxxx XxxxxxpredictiveWysoki

IOA - Indicator of Attack (55)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasaIndicatorRodzajPewność siebie
1File/api/v1/registration/validateEmailpredictiveWysoki
2File/CPEpredictiveNiski
3File/goform/formEasySetupWizard3predictiveWysoki
4File/goform/formLoginpredictiveWysoki
5File/goform/formSchedulepredictiveWysoki
6File/goform/formSetACLFilterpredictiveWysoki
7File/goform/formSetEmailpredictiveWysoki
8File/xxxxxx/xxxxxxxxxxxxpredictiveWysoki
9File/xxxxxx/xxxxxxxxxxxxxxxxxxpredictiveWysoki
10File/xxxxxx/xxxxxxxxxxxxxxxxxxpredictiveWysoki
11File/xxxxxx/xxxxxxxpredictiveWysoki
12File/xxx/xxxxxx/xxxxxxxxx/xxxx/xxxxxxxxxxxxpredictiveWysoki
13File/xxxxxxxx/xxxx.xxxx/xxxxxxxxxpredictiveWysoki
14File/xxxxxxxxxxxxxxxxxx/xxxxxxxxxpredictiveWysoki
15File/xxxxxxxxxxxxxxxxxx/xxxxxxxxxxpredictiveWysoki
16File/xxxx/xxx/xxxxxxxxxxxpredictiveWysoki
17Filexxxx.xpredictiveNiski
18Filexxxxxx.xpredictiveMedium
19Filexxxxxxx/xxx/xxx-xxxxxxxx.xpredictiveWysoki
20Filexxxxxxx/xxx/xxxx/xxxx.xpredictiveWysoki
21Filexxxxxxxxxxxx.xxxpredictiveWysoki
22Filexxxx.xpredictiveNiski
23Filexxx_xxx.xpredictiveMedium
24Filexxxxxx/xxxxx/xxxx_xxxxxxxx_xxxxxx_xxxx.xxxpredictiveWysoki
25Filexxxxxx/xxxxx/xxxx_xxxxx.xxxpredictiveWysoki
26Filexxxxxx/xxxxx/xxxx_xxxxx.xxxpredictiveWysoki
27Filexxxxxx/xxxxxxxxxxx/xxxx_xxxxxxx.xxxpredictiveWysoki
28Filexx_xxxxx/xxxxxxxxx.xpredictiveWysoki
29Filexx_xxxxx/xxxx.xpredictiveWysoki
30Filexxx/xxxx/xxx.xpredictiveWysoki
31Filexxx/xxxxx/xxx_xxx.xpredictiveWysoki
32Filexxx_xxxxxxx.xpredictiveWysoki
33Filexxxxxx/xxxx.xxpredictiveWysoki
34Library/xxxx/xxxxx/xxx/xxxxxxx_xxx.xpredictiveWysoki
35Argumentxxxxxx.xxxx_xxxxx_xxxxxxxpredictiveWysoki
36ArgumentxxxxxxxpredictiveNiski
37ArgumentxxxxxxpredictiveNiski
38ArgumentxxxxxxxxpredictiveMedium
39ArgumentxxxxpredictiveNiski
40ArgumentxxpredictiveNiski
41Argumentxxxx_xxxxx_xxxxxxxxxxpredictiveWysoki
42Argumentx/xpredictiveNiski
43ArgumentxxxxpredictiveNiski
44Argumentxxxx/xxxpredictiveMedium
45Argumentxxx/xxxxxx/xxxxx/xxx/xxxxxx/xxxxxx/xxxxxxxx/xxxxpredictiveWysoki
46Argumentxx_xxxpredictiveNiski
47Argumentxxxxxxx.xxx_xxxxxxxxxxpredictiveWysoki
48ArgumentxxxxxxxpredictiveNiski
49Argumentxxxxx/xxxpredictiveMedium
50ArgumentxxxxxxxpredictiveNiski
51ArgumentxxxxpredictiveNiski
52ArgumentxxxxxxxxpredictiveMedium
53Argumentxxxxxxxx/xxxxxxxxpredictiveWysoki
54Argumentxxx_xxxxxxxxxpredictiveWysoki
55ArgumentxxxxxxxpredictiveNiski
PoprzedniPrzeglądKolejny

Want to stay up to date on a daily basis?

Enable the mail alert feature now!