部门 Finance

Timeframe: -28 days

Default Categories (81): Access Management Software, Accounting Software, Anti-Malware Software, Anti-Spam Software, Application Server Software, Appointment Software, Asset Management Software, Atlassian Confluence Plugin, Atlassian Jira App Software, Backup Software, Banking Software, Big Data Software, Billing Software, Bug Tracking Software, Business Process Management Software, Calendar Software, Cloud Software, Communications System, Connectivity Software, Continuous Integration Software, Customer Relationship Management System, Data Loss Prevention Software, Database Administration Software, Database Software, Directory Service Software, Document Management Software, Document Processing Software, Document Reader Software, Domain Name Software, Endpoint Management Software, Enterprise Resource Planning Software, File Compression Software, File Transfer Software, Financial Software, Firewall Software, Firmware Software, Groupware Software, Hardware Driver Software, Human Capital Management Software, Information Management Software, IP Phone Software, JavaScript Library, Knowledge Base Software, Log Management Software, Mail Client Software, Mail Server Software, Middleware, Network Attached Storage Software, Network Authentication Software, Network Encryption Software, Network Management Software, Network Routing Software, Office Suite Software, Operating System, Policy Management Software, Presentation Software, Printing Software, Programming Language Software, Project Management Software, Remote Access Software, Reporting Software, Risk Management System, Router Operating System, Security Testing Software, Server Management Software, Service Management Software, Smartphone Operating System, Software Library, Software Management Software, Solution Stack Software, Spreadsheet Software, SSH Server Software, Ticket Tracking Software, Unified Communication Software, Video Surveillance Software, Virtualization Software, Web Browser, Web Server, Windowing System Software, Wireless LAN Software, Word Processing Software

时间轴

供应商

产品

Linux Kernel302
Microsoft Windows86
Foxit PDF Reader46
Juniper Junos OS30
Google Chrome26

修正

Official Fix740
Temporary Fix0
Workaround2
Unavailable0
Not Defined144

易受攻击性

High2
Functional0
Proof-of-Concept42
Unproven106
Not Defined736

访问向量

Not Defined0
Physical10
Local152
Adjacent334
Network390

身份验证

Not Defined0
High76
Low508
None302

用户交互

Not Defined0
Required202
None684

C3BM Index

CVSSv3 Base

≤10
≤20
≤322
≤456
≤5198
≤6270
≤7168
≤8130
≤938
≤104

CVSSv3 Temp

≤10
≤20
≤322
≤470
≤5192
≤6380
≤7118
≤892
≤98
≤104

VulDB

≤10
≤22
≤328
≤484
≤5178
≤6266
≤7170
≤8120
≤936
≤102

NVD

≤1886
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

CNA

≤1680
≤20
≤34
≤44
≤526
≤644
≤734
≤872
≤916
≤106

供应商

≤1778
≤20
≤30
≤40
≤50
≤612
≤730
≤842
≤924
≤100

零日攻击

<1k32
<2k212
<5k24
<10k342
<25k154
<50k106
<100k16
≥100k0

本日攻击

<1k316
<2k200
<5k180
<10k80
<25k108
<50k2
<100k0
≥100k0

攻击市场容量

IOB - Indicator of Behavior (1000)

时间轴

语言

en640
de282
ja22
zh14
it12

国家/地区

de252
us160
cn32
gb26
jp20

演员

活动

利益

时间轴

类型

供应商

产品

Microsoft Windows24
Juniper Junos OS12
SourceCodester Online Library System10
Linux Kernel8
Juniper Junos OS Evolved6

漏洞

#漏洞BaseTemp0day今天修正EPSSCTICVE
1PHP proc_open 权限升级7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.0000010.00CVE-2024-1874
2cym1102 nginxWebUI reload exec 权限升级6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000004.96CVE-2024-3740
3PHP mb_encode_mimeheader 拒绝服务5.34.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000005.16CVE-2024-2757
4Palo Alto Networks PAN-OS GlobalProtect 权限升级8.98.7$0-$5k$0-$5kHighOfficial Fix0.027344.27CVE-2024-3400
5cym1102 nginxWebUI saveCmd handlePath 弱身份验证7.36.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.000004.82CVE-2024-3738
6cym1102 nginxWebUI upload 权限升级4.33.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000004.20CVE-2024-3736
7cym1102 nginxWebUI upload 权限升级6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000003.79CVE-2024-3739
8PHP Cookie 权限升级5.65.1$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000003.19CVE-2024-2756
9PHP password_verify 未知漏洞3.73.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000002.90CVE-2024-3096
10cym1102 nginxWebUI addOver findCountByQuery 目录遍历6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000002.96CVE-2024-3737
11iboss Secure Web Gateway Login Portal login 跨网站脚本4.33.9$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000452.63CVE-2024-3378
12PHPGurukul Small CRM Registration Page SQL注入7.36.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.000451.80CVE-2024-3691
13PHPGurukul Small CRM Change Password SQL注入6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000451.32CVE-2024-3690
14Xiamen Four-Faith RMP Router Management Platform SQL注入6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000451.39CVE-2024-3688
15Linux Kernel amdkfd kzalloc 内存损坏5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000000.69CVE-2024-26817
16Linux Kernel pci1xxxx_spi_probe 拒绝服务5.04.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.69CVE-2024-24862
17Linux Kernel malidp_mw_connector_reset 拒绝服务4.74.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.69CVE-2024-24863
18GLPI Shell Commands Plugin 权限升级6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.000000.69CVE-2024-31705
19mysql2 readCodeFor 权限升级8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.34CVE-2024-21508
20Node.js child_process.spawn 权限升级5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.35CVE-2024-27980

IOC - Indicator of Compromise (35)

These indicators of compromise highlight associated network ranges which are known to be part of research and attack activities.

IDIP range参与者类型可信度
12.57.122.0/24Miraipredictive
223.154.177.0/24B1txor20predictive
331.10.128.0/24Miraipredictive
445.9.150.0/24TeamTNTpredictive
5XX.XXX.XXX.X/XXXxxxxpredictive
6XX.XXX.XX.X/XXXxxxxxxxpredictive
7XX.XXX.XXX.X/XXXxxxxxxpredictive
8XX.XXX.XXX.X/XXXxxxxxx Xxxxxxxpredictive
9XX.XXX.XX.X/XXXxxxxpredictive
10XX.XXX.XX.X/XXXxxxxpredictive
11XX.XXX.XX.X/XXXxxxpredictive
12XX.XX.XX.X/XXXxxxxxpredictive
13XX.XXX.XX.X/XXXxxxxxxxpredictive
14XXX.XXX.XX.X/XXXxxxxxpredictive
15XXX.XX.XXX.X/XXXxxxxpredictive
16XXX.XX.XXX.X/XXXxxxxxxxpredictive
17XXX.XX.XX.X/XXXxxxx Xxxpredictive
18XXX.XXX.XX.X/XXXxxxxxpredictive
19XXX.XX.XXX.X/XXXxxxxx Xxxxxxpredictive
20XXX.XXX.XX.X/XXXxxxxpredictive
21XXX.XXX.XXX.X/XXXxxxxxxxxxxxpredictive
22XXX.XX.XXX.X/XXXxxxxpredictive
23XXX.XXX.XX.X/XXXxxxx Xxxpredictive
24XXX.XX.XXX.X/XXXxxxxx Xxxxxxpredictive
25XXX.XXX.XXX.X/XXXxxxpredictive
26XXX.XXX.XXX.X/XXXxxxx Xxxxxxxpredictive
27XXX.XXX.XXX.X/XXXxxxxxxxpredictive
28XXX.XX.XXX.X/XXXxxxxxpredictive
29XXX.XX.XX.X/XXXxxxxxxxxx Xxxxxxxpredictive
30XXX.XX.XX.X/XXXxxxxpredictive
31XXX.XXX.XXX.X/XXXxxxpredictive
32XXX.XX.XXX.X/XXXxxxxx Xxxxxxpredictive
33XXX.XXX.XX.X/XXXxxxxpredictive
34XXX.XXX.XXX.X/XXXxxxxpredictive
35XXX.XXX.XX.X/XXXxxxxxpredictive

TTP - Tactics, Techniques, Procedures (24)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique漏洞访问向量类型可信度
1T1006CWE-22, CWE-23, CWE-25, CWE-35Path Traversalpredictive
2T1040CWE-319Authentication Bypass by Capture-replaypredictive
3T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictive
4T1059CWE-94, CWE-1321Argument Injectionpredictive
5T1059.007CWE-79, CWE-80Cross Site Scriptingpredictive
6TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
7TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx Xxxxxxxxpredictive
8TXXXX.XXXCWE-XXX, CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
9TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
10TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictive
11TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxpredictive
12TXXXXCWE-XX, CWE-XXXxx Xxxxxxxxxpredictive
13TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
14TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
15TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxpredictive
16TXXXX.XXXCWE-XXXXxxxxxx Xxxxxxxxxx Xxx Xxxxxxxx Xxxxxxx Xx Xx-xxxx Xxxxxx Xxxxxxxxpredictive
17TXXXX.XXXCWE-XXXXxxxxxxxxxxxpredictive
18TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
19TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
20TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
21TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
22TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive
23TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive
24TXXXXCWE-XXXXxxxxxxxxxx Xxxxxxpredictive

IOA - Indicator of Attack (133)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1File/adminPage/conf/reloadpredictive
2File/adminPage/conf/saveCmdpredictive
3File/adminPage/main/uploadpredictive
4File/adminPage/www/addOverpredictive
5File/cart.phppredictive
6File/description.phppredictive
7File/Device/Device/GetDeviceInfoList?deviceCode=&searchField=&deviceState=predictive
8File/etc/passwdpredictive
9File/index.phppredictive
10File/loginpredictive
11File/Product.phppredictive
12File/sys/kernel/notespredictive
13Fileactivate_jet_details_form_handler.phppredictive
14Fileadd-vehicle.phppredictive
15Fileadmin-manage-user.phppredictive
16Fileadmin-password-change.phppredictive
17Fileadmin/books/controller.phppredictive
18Fileadmin/books/deweydecimal.phppredictive
19Filexxxxx/xxxxx/xxxxx.xxxpredictive
20Filexxxxx/xxxxxxxx/xxxxx.xxxpredictive
21Filexxxxx/xxxxx.xxxpredictive
22Filexxxxx/xxxxx/xxxxxxxxxx.xxxpredictive
23Filexxxxxxx/xxx/xxxx/xxxx/xx/xxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxx.xxpredictive
24Filexxxx/xxx/xxxxxx/xxx/xxxx.xpredictive
25Filexxxx_xxxxxx.xpredictive
26Filexxxxxxxxxx-xxxx.xxxpredictive
27Filexxxxx/xxx-xxxxxx.xpredictive
28Filexxxxx/xxx-xx-xxx.xpredictive
29Filexxx_xxx.xxxxpredictive
30Filexxxx_xxxxxxx.xxpredictive
31Filexxxxxxx/xxxxx/xxxxxxxx.xxxpredictive
32Filexxxxxxxxxxxxxx.xxxpredictive
33Filexxxxxxxxx.xxxpredictive
34Filexxxxxxx.xxxpredictive
35Filexxxxxxx/xxxxx/xxxxxxx/xx_xxxxxxxxx.xpredictive
36Filexxxxxxx/xxxx/xxx/xxxxxx.xpredictive
37Filexxxx.xpredictive
38Filexxxx-xxxx.xxxpredictive
39Filexx/xxxxx/xxxx-xx.xpredictive
40Filexx/xxxxx/xxxxxxxxxxx.xpredictive
41Filexx/xxxxx/xxxx-xxx.xpredictive
42Filexx/xxxx/xxxx.xpredictive
43Filexxxxxpredictive
44Filexxxxx_xxxxxxpredictive
45Filexx/xxx/xxx_xx_xxx.xpredictive
46Filexxxxxxx/xxxxx/xxxxxx.xpredictive
47Filexxxxx.xpredictive
48Filexxxxxx/xxx/xxxxxxx.xpredictive
49Filexxxxxx/xxx/xxxxx.xpredictive
50Filexxxxxx/xxx/xxxx.x:predictive
51Filexxx.xpredictive
52Filexxxxxxxxx.xxpredictive
53Filexxx.xpredictive
54Filexxxxxxx/xxxxxx.xxxpredictive
55Filexx/xxxx_xxxxx.xpredictive
56Filexx/xxxxxxxx.xpredictive
57Filexxx/xxxx/xxx.xpredictive
58Filexxx/xxxx/xxxxxx.xpredictive
59Filexxx/xxx/xxx_xxxxxx.xpredictive
60Filexxx/xxxxxxxxxxx/xxxx.xpredictive
61Filexxx/xxxxxx/xxxxxxxxxxxxx.xpredictive
62Filexxxxx.xpredictive
63Filexxxxx.xpredictive
64Filexxxxxxxxx.xxxpredictive
65Filexxxxx/xxx/xxxx/xxxxx-xxx-xxx.xpredictive
66Filexxxx-xxxxxxx.xxxpredictive
67Filexxxx_xxxxxx.xxpredictive
68Filexxx.xpredictive
69Filexxxxxx-xxxxx.xxxpredictive
70Filexxxxxx-xxxxxxxx.xxxpredictive
71Filexxxxxxx/xx/xxxx/xxx/xxxxxx/xxxxxxxxx.xxpredictive
72File_xxxxxxxxxx.xpredictive
73Libraryxxxx/xxx/xxxxxxx/xxx/xxxx.xpredictive
74Libraryxxxx.xxxpredictive
75Libraryxxxxxxx/xxxxx/xxxx.xpredictive
76Libraryxxxxxxx/xxx/xxxx_xxx.xpredictive
77Libraryxxx/xxx_xxxx.xpredictive
78Libraryxxx/xxxxxxxxxxxx.xpredictive
79Libraryxxx/xxxx_xxxxx.xpredictive
80Libraryxxx/xxx_xxxx.xpredictive
81Libraryxxx/xxxpredictive
82Libraryxxx/xxxxxxxxxxx.xpredictive
83Libraryxxxxxxxx.xxxpredictive
84Libraryxxxx.xpredictive
85Argumentxxxxxxpredictive
86Argumentxxxxx_xxpredictive
87Argumentxxxxpredictive
88Argumentxxxxpredictive
89Argumentxxxxxxxxxxxxxxxxpredictive
90Argumentxxxxxxxxxxxxx/xxxxxxxxxpredictive
91Argumentxx-xxxxxxpredictive
92Argumentxxxxxxxxpredictive
93Argumentxxxxpredictive
94Argumentxxxxxxxxpredictive
95Argumentxx_xxxx_xxxpredictive
96Argumentxxxxxxxxxxxpredictive
97Argumentxxxpredictive
98Argumentxxxxxxx_xxxxpredictive
99Argumentxxxxpredictive
100Argumentxxxxxx_xxxxpredictive
101Argumentxxxxxxxpredictive
102Argumentx_xxxxpredictive
103Argumentxxxxpredictive
104Argumentxxpredictive
105Argumentxxpredictive
106Argumentxxxxxpredictive
107Argumentxxx_xxpredictive
108Argumentxxxxx_xxxpredictive
109Argumentxxxxxxxpredictive
110Argumentxxxxxxxxpredictive
111Argumentxxxxxxxxxpredictive
112Argumentxxx_xxxxxxpredictive
113Argumentxxx.xxpredictive
114Argumentxxxxxxpredictive
115Argumentxxx_xxxxxxpredictive
116Argumentxx_xxxxx_xxxxxxxpredictive
117Argumentxxx_xxxxpredictive
118Argumentxxxx_xxxxxx_xxxxxpredictive
119Argumentxxxxxxxpredictive
120Argumentxxxxxxxpredictive
121Argumentxxxxxxxx/xxxxxxpredictive
122Argumentxxxxxxxxxxxpredictive
123Argumentxxxx_xxxxxxx_xxxxpredictive
124Argumentxxxxpredictive
125Argumentxxxx/xxxxxxxxpredictive
126Argumentxxxx_xxpredictive
127Argumentxxxxxx xxxxxpredictive
128Argumentxxxxxxxx/xxxxxxxx/xxxxx_xxxxxxxx/xxxxx_xxxxxxxxpredictive
129Argumentxxxx_xxxxxpredictive
130Argumentxxxx_xxpredictive
131Argumentxxxx_xxxxpredictive
132Argumentxxxxxpredictive
133Argumentx-xxxxxxxxx-xxxpredictive

Do you want to use VulDB in your project?

Use the official API to access entries easily!