cve-2020-1954
Vulnerability from cvelistv5
Published
2020-04-01 20:07
Modified
2024-08-04 06:54
Severity ?
Summary
Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the ‘createMBServerConnectorFactory‘ property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and received over JMX.
References
security@apache.orghttp://cxf.apache.org/security-advisories.data/CVE-2020-1954.txt.asc?version=1&modificationDate=1585730169000&api=v2Vendor Advisory
security@apache.orghttps://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E
security@apache.orghttps://security.netapp.com/advisory/ntap-20220210-0001/Patch, Third Party Advisory
security@apache.orghttps://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://cxf.apache.org/security-advisories.data/CVE-2020-1954.txt.asc?version=1&modificationDate=1585730169000&api=v2Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20220210-0001/Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T06:54:00.267Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://cxf.apache.org/security-advisories.data/CVE-2020-1954.txt.asc?version=1\u0026modificationDate=1585730169000\u0026api=v2"
          },
          {
            "name": "[cxf-commits] 20201112 svn commit: r1067927 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2020-13954.txt.asc security-advisories.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E"
          },
          {
            "name": "[cxf-commits] 20210402 svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E"
          },
          {
            "name": "[cxf-commits] 20210616 svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220210-0001/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache CXF",
          "vendor": "Apache",
          "versions": [
            {
              "status": "affected",
              "version": "affects all versions prior to 3.3.6 and 3.2.13"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the \u2018createMBServerConnectorFactory\u2018 property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and received over JMX."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-02-10T09:06:50",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://cxf.apache.org/security-advisories.data/CVE-2020-1954.txt.asc?version=1\u0026modificationDate=1585730169000\u0026api=v2"
        },
        {
          "name": "[cxf-commits] 20201112 svn commit: r1067927 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2020-13954.txt.asc security-advisories.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E"
        },
        {
          "name": "[cxf-commits] 20210402 svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E"
        },
        {
          "name": "[cxf-commits] 20210616 svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20220210-0001/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2020-1954",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache CXF",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "affects all versions prior to 3.3.6 and 3.2.13"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apache"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the \u2018createMBServerConnectorFactory\u2018 property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and received over JMX."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information Disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "http://cxf.apache.org/security-advisories.data/CVE-2020-1954.txt.asc?version=1\u0026modificationDate=1585730169000\u0026api=v2",
              "refsource": "MISC",
              "url": "http://cxf.apache.org/security-advisories.data/CVE-2020-1954.txt.asc?version=1\u0026modificationDate=1585730169000\u0026api=v2"
            },
            {
              "name": "[cxf-commits] 20201112 svn commit: r1067927 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2020-13954.txt.asc security-advisories.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E"
            },
            {
              "name": "[cxf-commits] 20210402 svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E"
            },
            {
              "name": "[cxf-commits] 20210616 svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20220210-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20220210-0001/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2020-1954",
    "datePublished": "2020-04-01T20:07:29",
    "dateReserved": "2019-12-02T00:00:00",
    "dateUpdated": "2024-08-04T06:54:00.267Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-1954\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2020-04-01T21:15:14.597\",\"lastModified\":\"2024-11-21T05:11:43.723\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the \u2018createMBServerConnectorFactory\u2018 property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and received over JMX.\"},{\"lang\":\"es\",\"value\":\"Apache CXF posee la capacidad de integrarse con JMX mediante el registro de una extensi\u00f3n InstrumentationManager con el bus CXF. Si la propiedad \\\"createMBServerConnectorFactory\\\" del InstrumentationManagerImpl predeterminado no est\u00e1 deshabilitada, entonces es vulnerable a un ataque de estilo man-in-the-middle (MITM). Un atacante en el mismo host puede conectar con el registro y volver a vincular la entrada a otro servidor, y as\u00ed actuar como un proxy del original. Pueden luego obtener acceso a toda la informaci\u00f3n que es enviada y recibida a trav\u00e9s de JMX.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.6,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:A/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":2.9,\"accessVector\":\"ADJACENT_NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":5.5,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.2.13\",\"matchCriteriaId\":\"DFD0BC46-24B2-493D-8FF3-BF4D49A5F215\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.3.0\",\"versionEndExcluding\":\"3.3.6\",\"matchCriteriaId\":\"18E7E391-B755-4F71-934A-B16CA8351D78\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.0\",\"versionEndIncluding\":\"8.2.2\",\"matchCriteriaId\":\"526E2FE5-263F-416F-8628-6CD40B865780\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.2.0\",\"versionEndIncluding\":\"8.2.2\",\"matchCriteriaId\":\"B51F78F4-8D7E-48C2-86D1-D53A6EB348A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.2.0\",\"versionEndIncluding\":\"8.2.2\",\"matchCriteriaId\":\"3E5416A1-EE58-415D-9645-B6A875EBAED2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"66916DEB-ACE1-44E0-9535-10B3E03347AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0A735B4-4F3C-416B-8C08-9CB21BAD2889\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5735E553-9731-4AAC-BCFF-989377F817B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*\",\"matchCriteriaId\":\"64DE38C8-94F1-4860-B045-F33928F676A8\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_diameter_signaling_router_idih\\\\::*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.0\",\"versionEndIncluding\":\"8.2.2\",\"matchCriteriaId\":\"FAFED7F5-03FA-43B5-AD13-1130F0324448\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.2.0\",\"versionEndIncluding\":\"8.2.2\",\"matchCriteriaId\":\"B51F78F4-8D7E-48C2-86D1-D53A6EB348A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.2.0\",\"versionEndIncluding\":\"8.2.2\",\"matchCriteriaId\":\"3E5416A1-EE58-415D-9645-B6A875EBAED2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.2.0\",\"versionEndIncluding\":\"8.2.2\",\"matchCriteriaId\":\"11B0C37E-D7C7-45F2-A8D8-5A3B1B191430\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"66916DEB-ACE1-44E0-9535-10B3E03347AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0A735B4-4F3C-416B-8C08-9CB21BAD2889\"}]}]}],\"references\":[{\"url\":\"http://cxf.apache.org/security-advisories.data/CVE-2020-1954.txt.asc?version=1\u0026modificationDate=1585730169000\u0026api=v2\",\"source\":\"security@apache.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20220210-0001/\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2020.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://cxf.apache.org/security-advisories.data/CVE-2020-1954.txt.asc?version=1\u0026modificationDate=1585730169000\u0026api=v2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20220210-0001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.