CVE-2023-4760 (GCVE-0-2023-4760)

Vulnerability from cvelistv5 – Published: 2023-09-21 07:35 – Updated: 2024-09-24 16:26
VLAI
Title
Remote Code Execution in Eclipse RAP on Windows
Summary
In Eclipse RAP versions from 3.0.0 up to and including 3.25.0, Remote Code Execution is possible on Windows when using the FileUpload component. The reason for this is a not completely secure extraction of the file name in the FileUploadProcessor.stripFileName(String name) method. As soon as this finds a / in the path, everything before it is removed, but potentially \ (backslashes) coming further back are kept. For example, a file name such as /..\..\webapps\shell.war can be used to upload a file to a Tomcat server under Windows, which is then saved as ..\..\webapps\shell.war in its webapps directory and can then be executed.
Severity
7.6 (High)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
CWE
  • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
  • CWE-23 - Relative Path Traversal
Assigner
References
Impacted products
Vendor Product Version
Eclipse Foundation Eclipse RAP Affected: 3.0.0 , ≤ 3.25.0 (semver)
Create a notification for this product.
Date Public
2023-09-21 07:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:37:59.919Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/160"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/eclipse-rap/org.eclipse.rap/pull/141"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-4760",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-24T16:25:22.581958Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-24T16:26:06.907Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "Eclipse RAP",
          "vendor": "Eclipse Foundation",
          "versions": [
            {
              "lessThanOrEqual": "3.25.0",
              "status": "affected",
              "version": "3.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2023-09-21T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003eIn Eclipse RAP versions from 3.0.0 up to and including 3.25.0, Remote Code Execution is possible on Windows when using the FileUpload component.\u003cbr\u003e\n\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eThe reason for this is a not completely secure extraction of the file name in the \u003ccode\u003eFileUploadProcessor.stripFileName(String name)\u003c/code\u003e method. As soon as this finds a \u003ccode\u003e/\u003c/code\u003e in the path, everything before it is removed, but potentially \u003ccode\u003e\\\u003c/code\u003e (backslashes) coming further back are kept.\u003cbr\u003e\nFor example, a file name such as \u003ccode\u003e/..\\..\\webapps\\shell.war\u003c/code\u003e can be used to upload a file to a Tomcat server under Windows, which is then saved as \u003ccode\u003e..\\..\\webapps\\shell.war\u003c/code\u003e in its \u003ccode\u003ewebapps\u003c/code\u003e directory and can then be executed.\u003cbr\u003e\u003c/div\u003e"
            }
          ],
          "value": "In Eclipse RAP versions from 3.0.0 up to and including 3.25.0, Remote Code Execution is possible on Windows when using the FileUpload component.\n\n\n\n\n\n\nThe reason for this is a not completely secure extraction of the file name in the FileUploadProcessor.stripFileName(String name) method. As soon as this finds a / in the path, everything before it is removed, but potentially \\ (backslashes) coming further back are kept.\n\nFor example, a file name such as /..\\..\\webapps\\shell.war can be used to upload a file to a Tomcat server under Windows, which is then saved as ..\\..\\webapps\\shell.war in its webapps directory and can then be executed.\n\n\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-154",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-154 Resource Location Spoofing"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-23",
              "description": "CWE-23 Relative Path Traversal",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-21T07:35:35.790Z",
        "orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
        "shortName": "eclipse"
      },
      "references": [
        {
          "url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/160"
        },
        {
          "url": "https://github.com/eclipse-rap/org.eclipse.rap/pull/141"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Remote Code Execution in Eclipse RAP on Windows",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
    "assignerShortName": "eclipse",
    "cveId": "CVE-2023-4760",
    "datePublished": "2023-09-21T07:35:35.790Z",
    "dateReserved": "2023-09-04T16:06:47.588Z",
    "dateUpdated": "2024-09-24T16:26:06.907Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2023-4760",
      "date": "2026-05-30",
      "epss": "0.00376",
      "percentile": "0.59465"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:eclipse:remote_application_platform:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3.0.0\", \"versionEndIncluding\": \"3.25.0\", \"matchCriteriaId\": \"11B55478-B8C8-47E0-B87D-7A02BB498FCD\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"In Eclipse RAP versions from 3.0.0 up to and including 3.25.0, Remote Code Execution is possible on Windows when using the FileUpload component.\\n\\n\\n\\n\\n\\n\\nThe reason for this is a not completely secure extraction of the file name in the FileUploadProcessor.stripFileName(String name) method. As soon as this finds a / in the path, everything before it is removed, but potentially \\\\ (backslashes) coming further back are kept.\\n\\nFor example, a file name such as /..\\\\..\\\\webapps\\\\shell.war can be used to upload a file to a Tomcat server under Windows, which is then saved as ..\\\\..\\\\webapps\\\\shell.war in its webapps directory and can then be executed.\\n\\n\\n\"}, {\"lang\": \"es\", \"value\": \"En las versiones de Eclipse RAP desde 3.0.0 hasta 3.25.0 incluida, la Ejecuci\\u00f3n Remota de C\\u00f3digo es posible en Windows cuando se utiliza el componente FileUpload. La raz\\u00f3n de esto es una extracci\\u00f3n no completamente segura del nombre del archivo en el m\\u00e9todo FileUploadProcessor.stripFileName(String name). Tan pronto como esto encuentre una/en la ruta, todo lo anterior se elimina, pero potencialmente \\\\ (barras invertidas) que vienen m\\u00e1s atr\\u00e1s se mantienen. Por ejemplo, se puede utilizar un nombre de archivo como /..\\\\..\\\\webapps\\\\shell.war para cargar un archivo en un servidor Tomcat en Windows, que luego se guarda como ..\\\\..\\\\webapps\\\\shell.war. en su directorio webapps y luego se puede ejecutar.\\n\"}]",
      "id": "CVE-2023-4760",
      "lastModified": "2024-11-21T08:35:55.317",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"emo@eclipse.org\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L\", \"baseScore\": 7.6, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 4.7}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}]}",
      "published": "2023-09-21T08:15:09.403",
      "references": "[{\"url\": \"https://github.com/eclipse-rap/org.eclipse.rap/pull/141\", \"source\": \"emo@eclipse.org\", \"tags\": [\"Issue Tracking\", \"Patch\"]}, {\"url\": \"https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/160\", \"source\": \"emo@eclipse.org\", \"tags\": [\"Exploit\", \"Issue Tracking\"]}, {\"url\": \"https://github.com/eclipse-rap/org.eclipse.rap/pull/141\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\"]}, {\"url\": \"https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/160\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Issue Tracking\"]}]",
      "sourceIdentifier": "emo@eclipse.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"emo@eclipse.org\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}, {\"lang\": \"en\", \"value\": \"CWE-23\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-4760\",\"sourceIdentifier\":\"emo@eclipse.org\",\"published\":\"2023-09-21T08:15:09.403\",\"lastModified\":\"2024-11-21T08:35:55.317\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Eclipse RAP versions from 3.0.0 up to and including 3.25.0, Remote Code Execution is possible on Windows when using the FileUpload component.\\n\\n\\n\\n\\n\\n\\nThe reason for this is a not completely secure extraction of the file name in the FileUploadProcessor.stripFileName(String name) method. As soon as this finds a / in the path, everything before it is removed, but potentially \\\\ (backslashes) coming further back are kept.\\n\\nFor example, a file name such as /..\\\\..\\\\webapps\\\\shell.war can be used to upload a file to a Tomcat server under Windows, which is then saved as ..\\\\..\\\\webapps\\\\shell.war in its webapps directory and can then be executed.\\n\\n\\n\"},{\"lang\":\"es\",\"value\":\"En las versiones de Eclipse RAP desde 3.0.0 hasta 3.25.0 incluida, la Ejecuci\u00f3n Remota de C\u00f3digo es posible en Windows cuando se utiliza el componente FileUpload. La raz\u00f3n de esto es una extracci\u00f3n no completamente segura del nombre del archivo en el m\u00e9todo FileUploadProcessor.stripFileName(String name). Tan pronto como esto encuentre una/en la ruta, todo lo anterior se elimina, pero potencialmente \\\\ (barras invertidas) que vienen m\u00e1s atr\u00e1s se mantienen. Por ejemplo, se puede utilizar un nombre de archivo como /..\\\\..\\\\webapps\\\\shell.war para cargar un archivo en un servidor Tomcat en Windows, que luego se guarda como ..\\\\..\\\\webapps\\\\shell.war. en su directorio webapps y luego se puede ejecutar.\\n\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"emo@eclipse.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L\",\"baseScore\":7.6,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.8,\"impactScore\":4.7},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"emo@eclipse.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"},{\"lang\":\"en\",\"value\":\"CWE-23\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:remote_application_platform:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0.0\",\"versionEndIncluding\":\"3.25.0\",\"matchCriteriaId\":\"11B55478-B8C8-47E0-B87D-7A02BB498FCD\"}]}]}],\"references\":[{\"url\":\"https://github.com/eclipse-rap/org.eclipse.rap/pull/141\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/160\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Exploit\",\"Issue Tracking\"]},{\"url\":\"https://github.com/eclipse-rap/org.eclipse.rap/pull/141\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/160\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/160\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/eclipse-rap/org.eclipse.rap/pull/141\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T07:37:59.919Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-4760\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-24T16:25:22.581958Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-24T16:26:01.241Z\"}}], \"cna\": {\"title\": \"Remote Code Execution in Eclipse RAP on Windows\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"impacts\": [{\"capecId\": \"CAPEC-154\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-154 Resource Location Spoofing\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.6, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Eclipse Foundation\", \"product\": \"Eclipse RAP\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"3.25.0\"}], \"platforms\": [\"Windows\"], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2023-09-21T07:00:00.000Z\", \"references\": [{\"url\": \"https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/160\"}, {\"url\": \"https://github.com/eclipse-rap/org.eclipse.rap/pull/141\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In Eclipse RAP versions from 3.0.0 up to and including 3.25.0, Remote Code Execution is possible on Windows when using the FileUpload component.\\n\\n\\n\\n\\n\\n\\nThe reason for this is a not completely secure extraction of the file name in the FileUploadProcessor.stripFileName(String name) method. As soon as this finds a / in the path, everything before it is removed, but potentially \\\\ (backslashes) coming further back are kept.\\n\\nFor example, a file name such as /..\\\\..\\\\webapps\\\\shell.war can be used to upload a file to a Tomcat server under Windows, which is then saved as ..\\\\..\\\\webapps\\\\shell.war in its webapps directory and can then be executed.\\n\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cdiv\u003eIn Eclipse RAP versions from 3.0.0 up to and including 3.25.0, Remote Code Execution is possible on Windows when using the FileUpload component.\u003cbr\u003e\\n\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eThe reason for this is a not completely secure extraction of the file name in the \u003ccode\u003eFileUploadProcessor.stripFileName(String name)\u003c/code\u003e method. As soon as this finds a \u003ccode\u003e/\u003c/code\u003e in the path, everything before it is removed, but potentially \u003ccode\u003e\\\\\u003c/code\u003e (backslashes) coming further back are kept.\u003cbr\u003e\\nFor example, a file name such as \u003ccode\u003e/..\\\\..\\\\webapps\\\\shell.war\u003c/code\u003e can be used to upload a file to a Tomcat server under Windows, which is then saved as \u003ccode\u003e..\\\\..\\\\webapps\\\\shell.war\u003c/code\u003e in its \u003ccode\u003ewebapps\u003c/code\u003e directory and can then be executed.\u003cbr\u003e\u003c/div\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-22\", \"description\": \"CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-23\", \"description\": \"CWE-23 Relative Path Traversal\"}]}], \"providerMetadata\": {\"orgId\": \"e51fbebd-6053-4e49-959f-1b94eeb69a2c\", \"shortName\": \"eclipse\", \"dateUpdated\": \"2023-09-21T07:35:35.790Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-4760\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-09-24T16:26:06.907Z\", \"dateReserved\": \"2023-09-04T16:06:47.588Z\", \"assignerOrgId\": \"e51fbebd-6053-4e49-959f-1b94eeb69a2c\", \"datePublished\": \"2023-09-21T07:35:35.790Z\", \"assignerShortName\": \"eclipse\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.