CVE-2025-1826 (GCVE-0-2025-1826)

Vulnerability from cvelistv5 – Published: 2025-10-07 17:50 – Updated: 2025-10-14 18:24
VLAI?
Summary
IBM Engineering Requirements Management DOORS Next (IBM Jazz Foundation 7.0.2 to 7.0.2 iFix034, 7.0.3 to 7.0.3 iFix016, and 7.1.0 to 7.1.0 iFix004) is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users on the host network to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity ?
5.4 (Medium)
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CWE
  • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
ibm
References
Impacted products
Vendor Product Version
IBM Jazz Foundation Affected: 7.0.2 , ≤ 7.0.2 iFix034 (semver)
Affected: 7.0.3 , ≤ 7.0.3 iFix016 (semver)
Affected: 7.1.0 , ≤ 7.1.0 iFix004 (semver)
    cpe:2.3:a:ibm:jazz_foundation:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix034:*:*:*:*:*:*
    cpe:2.3:a:ibm:jazz_foundation:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix016:*:*:*:*:*:*
    cpe:2.3:a:ibm:jazz_foundation:7.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:jazz_foundation:7.1.0:ifix004:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-1826",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-07T18:13:04.012312Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-07T18:15:35.175Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:jazz_foundation:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix034:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:jazz_foundation:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix016:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:jazz_foundation:7.1.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:jazz_foundation:7.1.0:ifix004:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Jazz Foundation",
          "vendor": "IBM",
          "versions": [
            {
              "lessThanOrEqual": "7.0.2 iFix034",
              "status": "affected",
              "version": "7.0.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.3 iFix016",
              "status": "affected",
              "version": "7.0.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.1.0 iFix004",
              "status": "affected",
              "version": "7.1.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Engineering Requirements Management DOORS Next (IBM Jazz Foundation 7.0.2 to 7.0.2 iFix034,\u0026nbsp;7.0.3 to 7.0.3 iFix016, and\u0026nbsp;7.1.0 to 7.1.0 iFix004) is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users on the host network to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
            }
          ],
          "value": "IBM Engineering Requirements Management DOORS Next (IBM Jazz Foundation 7.0.2 to 7.0.2 iFix034,\u00a07.0.3 to 7.0.3 iFix016, and\u00a07.1.0 to 7.1.0 iFix004) is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users on the host network to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-14T18:24:39.313Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://www.ibm.com/support/pages/node/7247292"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by upgrading to iFixes detailed below:\u003c/p\u003e\u003cp\u003eIBM recommends customers on ELM 7.0, 7.0.1 or any version below 7.0.2 to upgrade your products to Maintenance release 7.0.2. Optionally, upgrade to the latest 7.1.0 version and apply below fix. \u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eAffected Product(s)\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eVersion(s)\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eRemediation/Fix/Instructions\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eIBM Engineering Lifecycle Management - Jazz Foundation\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e7.0.2\u003c/td\u003e\u003ctd\u003eDownload and install \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Engineering\u0026amp;product=ibm/Rational/IBM+Engineering+Lifecycle+Management\u0026amp;release=7.0.2\u0026amp;platform=Linux\u0026amp;function=fixId\u0026amp;fixids=7.0.2-IBM-ELM-iFix035\u0026amp;includeRequisites=1\u0026amp;includeSupersedes=0\u0026amp;downloadMethod=ddp\"\u003eiFix035\u003c/a\u003e\u0026nbsp;or later\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eIBM Engineering Lifecycle Management - Jazz Foundation\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e7.0.3\u003c/td\u003e\u003ctd\u003eDownload and install \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Engineering\u0026amp;product=ibm/Rational/IBM+Engineering+Lifecycle+Management\u0026amp;release=7.0.3\u0026amp;platform=Linux\u0026amp;function=fixId\u0026amp;fixids=7.0.3-IBM-ELM-iFix017\u0026amp;includeRequisites=1\u0026amp;includeSupersedes=0\u0026amp;downloadMethod=ddp\"\u003eiFix017\u003c/a\u003e\u0026nbsp;or later\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eIBM Engineering Lifecycle Management - Jazz Foundation\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e7.1.0\u003c/td\u003e\u003ctd\u003eDownload and install \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Engineering\u0026amp;product=ibm/Rational/IBM+Engineering+Lifecycle+Management\u0026amp;release=7.1\u0026amp;platform=Linux\u0026amp;function=fixId\u0026amp;fixids=7.1-IBM-ELM-iFix005\u0026amp;includeRequisites=1\u0026amp;includeSupersedes=0\u0026amp;downloadMethod=ddp\"\u003eiFix005\u003c/a\u003e\u0026nbsp;or later\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "IBM strongly recommends addressing the vulnerability now by upgrading to iFixes detailed below:\n\nIBM recommends customers on ELM 7.0, 7.0.1 or any version below 7.0.2 to upgrade your products to Maintenance release 7.0.2. Optionally, upgrade to the latest 7.1.0 version and apply below fix. \n\nAffected Product(s)Version(s)Remediation/Fix/InstructionsIBM Engineering Lifecycle Management - Jazz Foundation\n\n7.0.2Download and install  iFix035 https://www.ibm.com/support/fixcentral/swg/downloadFixes \u00a0or laterIBM Engineering Lifecycle Management - Jazz Foundation\n\n7.0.3Download and install  iFix017 https://www.ibm.com/support/fixcentral/swg/downloadFixes \u00a0or laterIBM Engineering Lifecycle Management - Jazz Foundation\n\n7.1.0Download and install  iFix005 https://www.ibm.com/support/fixcentral/swg/downloadFixes \u00a0or later"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Jazz Foundation cross-site scripting",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2025-1826",
    "datePublished": "2025-10-07T17:50:00.512Z",
    "dateReserved": "2025-03-01T14:39:35.654Z",
    "dateUpdated": "2025-10-14T18:24:39.313Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-1826\",\"sourceIdentifier\":\"psirt@us.ibm.com\",\"published\":\"2025-10-07T18:15:58.683\",\"lastModified\":\"2025-10-08T19:38:09.863\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"IBM Engineering Requirements Management DOORS Next (IBM Jazz Foundation 7.0.2 to 7.0.2 iFix034,\u00a07.0.3 to 7.0.3 iFix016, and\u00a07.1.0 to 7.1.0 iFix004) is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users on the host network to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.3,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"references\":[{\"url\":\"https://www.ibm.com/support/pages/node/7247292\",\"source\":\"psirt@us.ibm.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-1826\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-10-07T18:13:04.012312Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-10-07T18:13:20.715Z\"}}], \"cna\": {\"title\": \"IBM Jazz Foundation cross-site scripting\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 5.4, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:ibm:jazz_foundation:7.0.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix034:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:jazz_foundation:7.0.3:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix016:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:jazz_foundation:7.1.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:jazz_foundation:7.1.0:ifix004:*:*:*:*:*:*\"], \"vendor\": \"IBM\", \"product\": \"Jazz Foundation\", \"versions\": [{\"status\": \"affected\", \"version\": \"7.0.2\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.0.2 iFix034\"}, {\"status\": \"affected\", \"version\": \"7.0.3\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.0.3 iFix016\"}, {\"status\": \"affected\", \"version\": \"7.1.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.1.0 iFix004\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"IBM strongly recommends addressing the vulnerability now by upgrading to iFixes detailed below:\\n\\nIBM recommends customers on ELM 7.0, 7.0.1 or any version below 7.0.2 to upgrade your products to Maintenance release 7.0.2. Optionally, upgrade to the latest 7.1.0 version and apply below fix. \\n\\nAffected Product(s)Version(s)Remediation/Fix/InstructionsIBM Engineering Lifecycle Management - Jazz Foundation\\n\\n7.0.2Download and install  iFix035 https://www.ibm.com/support/fixcentral/swg/downloadFixes \\u00a0or laterIBM Engineering Lifecycle Management - Jazz Foundation\\n\\n7.0.3Download and install  iFix017 https://www.ibm.com/support/fixcentral/swg/downloadFixes \\u00a0or laterIBM Engineering Lifecycle Management - Jazz Foundation\\n\\n7.1.0Download and install  iFix005 https://www.ibm.com/support/fixcentral/swg/downloadFixes \\u00a0or later\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eIBM strongly recommends addressing the vulnerability now by upgrading to iFixes detailed below:\u003c/p\u003e\u003cp\u003eIBM recommends customers on ELM 7.0, 7.0.1 or any version below 7.0.2 to upgrade your products to Maintenance release 7.0.2. Optionally, upgrade to the latest 7.1.0 version and apply below fix. \u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eAffected Product(s)\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eVersion(s)\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eRemediation/Fix/Instructions\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eIBM Engineering Lifecycle Management - Jazz Foundation\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e7.0.2\u003c/td\u003e\u003ctd\u003eDownload and install \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Engineering\u0026amp;product=ibm/Rational/IBM+Engineering+Lifecycle+Management\u0026amp;release=7.0.2\u0026amp;platform=Linux\u0026amp;function=fixId\u0026amp;fixids=7.0.2-IBM-ELM-iFix035\u0026amp;includeRequisites=1\u0026amp;includeSupersedes=0\u0026amp;downloadMethod=ddp\\\"\u003eiFix035\u003c/a\u003e\u0026nbsp;or later\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eIBM Engineering Lifecycle Management - Jazz Foundation\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e7.0.3\u003c/td\u003e\u003ctd\u003eDownload and install \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Engineering\u0026amp;product=ibm/Rational/IBM+Engineering+Lifecycle+Management\u0026amp;release=7.0.3\u0026amp;platform=Linux\u0026amp;function=fixId\u0026amp;fixids=7.0.3-IBM-ELM-iFix017\u0026amp;includeRequisites=1\u0026amp;includeSupersedes=0\u0026amp;downloadMethod=ddp\\\"\u003eiFix017\u003c/a\u003e\u0026nbsp;or later\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eIBM Engineering Lifecycle Management - Jazz Foundation\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e7.1.0\u003c/td\u003e\u003ctd\u003eDownload and install \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Engineering\u0026amp;product=ibm/Rational/IBM+Engineering+Lifecycle+Management\u0026amp;release=7.1\u0026amp;platform=Linux\u0026amp;function=fixId\u0026amp;fixids=7.1-IBM-ELM-iFix005\u0026amp;includeRequisites=1\u0026amp;includeSupersedes=0\u0026amp;downloadMethod=ddp\\\"\u003eiFix005\u003c/a\u003e\u0026nbsp;or later\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\\n\\n\u003cbr\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://www.ibm.com/support/pages/node/7247292\", \"tags\": [\"vendor-advisory\", \"patch\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"IBM Engineering Requirements Management DOORS Next (IBM Jazz Foundation 7.0.2 to 7.0.2 iFix034,\\u00a07.0.3 to 7.0.3 iFix016, and\\u00a07.1.0 to 7.1.0 iFix004) is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users on the host network to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"IBM Engineering Requirements Management DOORS Next (IBM Jazz Foundation 7.0.2 to 7.0.2 iFix034,\u0026nbsp;7.0.3 to 7.0.3 iFix016, and\u0026nbsp;7.1.0 to 7.1.0 iFix004) is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users on the host network to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-79\", \"description\": \"CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"9a959283-ebb5-44b6-b705-dcc2bbced522\", \"shortName\": \"ibm\", \"dateUpdated\": \"2025-10-14T18:24:39.313Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-1826\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-14T18:24:39.313Z\", \"dateReserved\": \"2025-03-01T14:39:35.654Z\", \"assignerOrgId\": \"9a959283-ebb5-44b6-b705-dcc2bbced522\", \"datePublished\": \"2025-10-07T17:50:00.512Z\", \"assignerShortName\": \"ibm\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.