cve-2024-7345
Vulnerability from cvelistv5
Published
2024-09-03 14:50
Modified
2024-09-03 15:08
Severity ?
EPSS score ?
Summary
Local ABL Client bypass of the required PASOE security checks may allow an attacker to commit unauthorized code injection into Multi-Session Agents on supported OpenEdge LTS platforms up to OpenEdge LTS 11.7.18 and LTS 12.2.13 on all supported release platforms
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@progress.com | https://community.progress.com/s/article/Direct-local-client-connections-to-MS-Agents-can-bypass-authentication | Mitigation, Vendor Advisory |
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:progress:openedge:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "openedge",
"vendor": "progress",
"versions": [
{
"lessThanOrEqual": "11.7.19",
"status": "affected",
"version": "11.7.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "12.2.14",
"status": "affected",
"version": "12.2.0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "12.8.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7345",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-03T15:06:48.221094Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T15:08:13.876Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"modules": [
"PASOE Application Server",
"OpenEdge Authentication Gateway"
],
"platforms": [
"Windows",
"Linux",
"64 bit",
"x86",
"32 bit"
],
"product": "OpenEdge",
"vendor": "Progress",
"versions": [
{
"lessThanOrEqual": "11.7.19",
"status": "affected",
"version": "11.7.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "12.2.14",
"status": "affected",
"version": "12.2.0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "12.8.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An active instance of OpenEdge PASOE\u0027s Tomcat Webserver and local or system adjacent access to an ABL client on the Webserver host\u003cbr\u003e"
}
],
"value": "An active instance of OpenEdge PASOE\u0027s Tomcat Webserver and local or system adjacent access to an ABL client on the Webserver host"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Local ABL Client bypass of the required PASOE security checks may allow an attacker to commit unauthorized code injection into Multi-Session Agents on supported OpenEdge LTS platforms up to OpenEdge LTS 11.7.18 and LTS 12.2.13 on all supported release platforms"
}
],
"value": "Local ABL Client bypass of the required PASOE security checks may allow an attacker to commit unauthorized code injection into Multi-Session Agents on supported OpenEdge LTS platforms up to OpenEdge LTS 11.7.18 and LTS 12.2.13 on all supported release platforms"
}
],
"impacts": [
{
"capecId": "CAPEC-664",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-664 Server Side Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T14:50:15.520Z",
"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"shortName": "ProgressSoftware"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://community.progress.com/s/article/Direct-local-client-connections-to-MS-Agents-can-bypass-authentication"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Use the 12.8.0 or above LTS release where the vulnerability does not exist\u003cbr\u003e"
}
],
"value": "Use the 12.8.0 or above LTS release where the vulnerability does not exist"
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Use the 12.2 LTS release at the 12.2.14 Update level or above\u003cbr\u003e"
}
],
"value": "Use the 12.2 LTS release at the 12.2.14 Update level or above"
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Use the 11.7 LTS release at the 11.7.19 Update level or above\n\n\u003cbr\u003e"
}
],
"value": "Use the 11.7 LTS release at the 11.7.19 Update level or above"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Direct local client connections to MS Agents can bypass authentication",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eDo not put client software on host webserver systems\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "Do not put client software on host webserver systems"
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Ensure the \"AppServer.SessMgr.agentHost\" property is set to \"localhost\" unless you are multi-hosting a single Webserver system\u003cbr\u003e"
}
],
"value": "Ensure the \"AppServer.SessMgr.agentHost\" property is set to \"localhost\" unless you are multi-hosting a single Webserver system"
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Block agent listening ports from network access anywhere with the exception of the PASOE Tomcat Webserver\u0027s published listening port\u003cbr\u003e"
}
],
"value": "Block agent listening ports from network access anywhere with the exception of the PASOE Tomcat Webserver\u0027s published listening port"
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Launch PASOE agent processes with \"least privilege\" system resource capabilities\u003cbr\u003e"
}
],
"value": "Launch PASOE agent processes with \"least privilege\" system resource capabilities"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"assignerShortName": "ProgressSoftware",
"cveId": "CVE-2024-7345",
"datePublished": "2024-09-03T14:50:15.520Z",
"dateReserved": "2024-07-31T17:32:09.678Z",
"dateUpdated": "2024-09-03T15:08:13.876Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:progress:openedge:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"11.7.18\", \"matchCriteriaId\": \"4E38EE20-1A60-46BB-8045-965B60B09B68\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:progress:openedge:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.0\", \"versionEndIncluding\": \"12.2.13\", \"matchCriteriaId\": \"EE560C37-3845-4B18-BDDC-38FF65C4CA2C\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Local ABL Client bypass of the required PASOE security checks may allow an attacker to commit unauthorized code injection into Multi-Session Agents on supported OpenEdge LTS platforms up to OpenEdge LTS 11.7.18 and LTS 12.2.13 on all supported release platforms\"}, {\"lang\": \"es\", \"value\": \"La omisi\\u00f3n por parte del cliente ABL local de las comprobaciones de seguridad PASOE requeridas puede permitir que un atacante realice una inyecci\\u00f3n de c\\u00f3digo no autorizada en agentes multisesi\\u00f3n en plataformas OpenEdge LTS compatibles hasta OpenEdge LTS 11.7.18 y LTS 12.2.13 en todas las plataformas de lanzamiento compatibles\"}]",
"id": "CVE-2024-7345",
"lastModified": "2024-09-05T14:11:00.493",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"security@progress.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H\", \"baseScore\": 8.3, \"baseSeverity\": \"HIGH\", \"attackVector\": \"ADJACENT_NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.6, \"impactScore\": 6.0}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\", \"baseScore\": 9.6, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"ADJACENT_NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 6.0}]}",
"published": "2024-09-03T15:15:16.707",
"references": "[{\"url\": \"https://community.progress.com/s/article/Direct-local-client-connections-to-MS-Agents-can-bypass-authentication\", \"source\": \"security@progress.com\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}]",
"sourceIdentifier": "security@progress.com",
"vulnStatus": "Analyzed",
"weaknesses": "[{\"source\": \"security@progress.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-94\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-94\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-7345\",\"sourceIdentifier\":\"security@progress.com\",\"published\":\"2024-09-03T15:15:16.707\",\"lastModified\":\"2024-09-05T14:11:00.493\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Local ABL Client bypass of the required PASOE security checks may allow an attacker to commit unauthorized code injection into Multi-Session Agents on supported OpenEdge LTS platforms up to OpenEdge LTS 11.7.18 and LTS 12.2.13 on all supported release platforms\"},{\"lang\":\"es\",\"value\":\"La omisi\u00f3n por parte del cliente ABL local de las comprobaciones de seguridad PASOE requeridas puede permitir que un atacante realice una inyecci\u00f3n de c\u00f3digo no autorizada en agentes multisesi\u00f3n en plataformas OpenEdge LTS compatibles hasta OpenEdge LTS 11.7.18 y LTS 12.2.13 en todas las plataformas de lanzamiento compatibles\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@progress.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":8.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":6.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":9.6,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":6.0}]},\"weaknesses\":[{\"source\":\"security@progress.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:progress:openedge:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"11.7.18\",\"matchCriteriaId\":\"4E38EE20-1A60-46BB-8045-965B60B09B68\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:progress:openedge:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.0\",\"versionEndIncluding\":\"12.2.13\",\"matchCriteriaId\":\"EE560C37-3845-4B18-BDDC-38FF65C4CA2C\"}]}]}],\"references\":[{\"url\":\"https://community.progress.com/s/article/Direct-local-client-connections-to-MS-Agents-can-bypass-authentication\",\"source\":\"security@progress.com\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-7345\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-03T15:06:48.221094Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:progress:openedge:*:*:*:*:*:*:*:*\"], \"vendor\": \"progress\", \"product\": \"openedge\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.7.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"11.7.19\"}, {\"status\": \"affected\", \"version\": \"12.2.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"12.2.14\"}, {\"status\": \"unaffected\", \"version\": \"12.8.0\"}], \"defaultStatus\": \"affected\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-03T15:08:08.132Z\"}}], \"cna\": {\"title\": \"Direct local client connections to MS Agents can bypass authentication\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"impacts\": [{\"capecId\": \"CAPEC-664\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-664 Server Side Request Forgery\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 8.3, \"attackVector\": \"ADJACENT_NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Progress\", \"modules\": [\"PASOE Application Server\", \"OpenEdge Authentication Gateway\"], \"product\": \"OpenEdge\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.7.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"11.7.19\"}, {\"status\": \"affected\", \"version\": \"12.2.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"12.2.14\"}, {\"status\": \"unaffected\", \"version\": \"12.8.0\", \"versionType\": \"custom\"}], \"platforms\": [\"Windows\", \"Linux\", \"64 bit\", \"x86\", \"32 bit\"], \"defaultStatus\": \"affected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Use the 12.8.0 or above LTS release where the vulnerability does not exist\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Use the 12.8.0 or above LTS release where the vulnerability does not exist\u003cbr\u003e\", \"base64\": false}]}, {\"lang\": \"en\", \"value\": \"Use the 12.2 LTS release at the 12.2.14 Update level or above\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Use the 12.2 LTS release at the 12.2.14 Update level or above\u003cbr\u003e\", \"base64\": false}]}, {\"lang\": \"en\", \"value\": \"Use the 11.7 LTS release at the 11.7.19 Update level or above\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Use the 11.7 LTS release at the 11.7.19 Update level or above\\n\\n\u003cbr\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://community.progress.com/s/article/Direct-local-client-connections-to-MS-Agents-can-bypass-authentication\", \"tags\": [\"vendor-advisory\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Do not put client software on host webserver systems\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cdiv\u003eDo not put client software on host webserver systems\u003cbr\u003e\u003c/div\u003e\", \"base64\": false}]}, {\"lang\": \"en\", \"value\": \"Ensure the \\\"AppServer.SessMgr.agentHost\\\" property is set to \\\"localhost\\\" unless you are multi-hosting a single Webserver system\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Ensure the \\\"AppServer.SessMgr.agentHost\\\" property is set to \\\"localhost\\\" unless you are multi-hosting a single Webserver system\u003cbr\u003e\", \"base64\": false}]}, {\"lang\": \"en\", \"value\": \"Block agent listening ports from network access anywhere with the exception of the PASOE Tomcat Webserver\u0027s published listening port\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Block agent listening ports from network access anywhere with the exception of the PASOE Tomcat Webserver\u0027s published listening port\u003cbr\u003e\", \"base64\": false}]}, {\"lang\": \"en\", \"value\": \"Launch PASOE agent processes with \\\"least privilege\\\" system resource capabilities\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Launch PASOE agent processes with \\\"least privilege\\\" system resource capabilities\u003cbr\u003e\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Local ABL Client bypass of the required PASOE security checks may allow an attacker to commit unauthorized code injection into Multi-Session Agents on supported OpenEdge LTS platforms up to OpenEdge LTS 11.7.18 and LTS 12.2.13 on all supported release platforms\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Local ABL Client bypass of the required PASOE security checks may allow an attacker to commit unauthorized code injection into Multi-Session Agents on supported OpenEdge LTS platforms up to OpenEdge LTS 11.7.18 and LTS 12.2.13 on all supported release platforms\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-94\", \"description\": \"CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)\"}]}], \"configurations\": [{\"lang\": \"en\", \"value\": \"An active instance of OpenEdge PASOE\u0027s Tomcat Webserver and local or system adjacent access to an ABL client on the Webserver host\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"An active instance of OpenEdge PASOE\u0027s Tomcat Webserver and local or system adjacent access to an ABL client on the Webserver host\u003cbr\u003e\", \"base64\": false}]}], \"providerMetadata\": {\"orgId\": \"f9fea0b6-671e-4eea-8fde-31911902ae05\", \"shortName\": \"ProgressSoftware\", \"dateUpdated\": \"2024-09-03T14:50:15.520Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-7345\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-09-03T15:08:13.876Z\", \"dateReserved\": \"2024-07-31T17:32:09.678Z\", \"assignerOrgId\": \"f9fea0b6-671e-4eea-8fde-31911902ae05\", \"datePublished\": \"2024-09-03T14:50:15.520Z\", \"assignerShortName\": \"ProgressSoftware\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.