Vulristics Vulnerability Scores

All vulnerabilities: 4
Urgent: 1
Critical: 1
High: 1
Medium: 0
Low: 1

Basic Vulnerability Scores

All vulnerabilities: 4
Critical: 1
High: 2
Medium: 0
Low: 0

Product Name	Prevalence	U	C	H	L	Comment
Confluence Server	0.7	1				Confluence Server
macOS	0.7		1			macOS
Microsoft MSHTML	0			1		Unclassified Product
Unknown Product	0				1	Unknown Product

Vulnerability Type	Criticality	U	C	H	M	L	Comment
Remote Code Execution	1.0	1	1	1			Remote Code Execution
Unknown Vulnerability Type	0					1	Unknown Vulnerability Type

Urgent (1)

Remote Code Execution - Confluence Server (CVE-2021-26084) - Urgent [943]

Description: In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.

Component	Value	Weight	Comment
Exploited in the Wild	1.0	18	Exploitation in the wild is mentioned at Vulners (AttackerKB object), AttackerKB
Public Exploit Exists	1.0	17	Public exploit is found at Vulners (Confluence Server 7.12.4 - 'OGNL injection' Remote Code Execution (RCE) (Unauthenticated), Atlassian Confluence WebWork OGNL Injection Exploit, Confluence Server 7.12.4 - (OGNL injection) Remote Code Execution Exploit, Confluence Server 7.12.4 OGNL Injection Remote Code Execution, Atlassian Confluence WebWork OGNL Injection)
Criticality of Vulnerability Type	1.0	15	Remote Code Execution
Vulnerable Product is Common	0.7	14	Confluence Server
CVSS Base Score	1.0	10	Vulnerability Severity Rating based on CVSS Base Score is 9.8. Based on NVD data

Component

Value

Weight

Comment

Exploited in the Wild

1.0

Exploitation in the wild is mentioned at Vulners (AttackerKB object), AttackerKB

Public Exploit Exists

1.0

Public exploit is found at Vulners (Confluence Server 7.12.4 - 'OGNL injection' Remote Code Execution (RCE) (Unauthenticated), Atlassian Confluence WebWork OGNL Injection Exploit, Confluence Server 7.12.4 - (OGNL injection) Remote Code Execution Exploit, Confluence Server 7.12.4 OGNL Injection Remote Code Execution, Atlassian Confluence WebWork OGNL Injection)

Criticality of Vulnerability Type

1.0

Remote Code Execution

Vulnerable Product is Common

0.7

Confluence Server

CVSS Base Score

1.0

Vulnerability Severity Rating based on CVSS Base Score is 9.8. Based on NVD data

Critical (1)

Description: An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Component	Value	Weight	Comment
Exploited in the Wild	1.0	18	Exploitation in the wild is mentioned at AttackerKB
Public Exploit Exists	0	17	Public exploit is NOT found at Vulners website
Criticality of Vulnerability Type	1.0	15	Remote Code Execution
Vulnerable Product is Common	0.7	14	macOS
CVSS Base Score	0.8	10	Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on NVD data

Component

Value

Weight

Comment

Exploited in the Wild

1.0

Exploitation in the wild is mentioned at AttackerKB

Public Exploit Exists

Public exploit is NOT found at Vulners website

Criticality of Vulnerability Type

1.0

Remote Code Execution

Vulnerable Product is Common

0.7

macOS

CVSS Base Score

0.8

Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on NVD data

Component	Value	Weight	Comment
Exploited in the Wild	1.0	18	Exploitation in the wild is mentioned at Vulners (CISA object, AttackerKB object), AttackerKB, Microsoft
Public Exploit Exists	0	17	Public exploit is NOT found at Vulners website
Criticality of Vulnerability Type	1.0	15	Remote Code Execution
Vulnerable Product is Common	0	14	Unclassified Product
CVSS Base Score	0.9	10	Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on Microsoft data

Component

Value

Weight

Comment

Exploited in the Wild

1.0

Exploitation in the wild is mentioned at Vulners (CISA object, AttackerKB object), AttackerKB, Microsoft

Public Exploit Exists

Public exploit is NOT found at Vulners website

Criticality of Vulnerability Type

1.0

Remote Code Execution

Vulnerable Product is Common

Unclassified Product

CVSS Base Score

0.9

Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on Microsoft data

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites
Public Exploit Exists	0	17	Public exploit is NOT found at Vulners website
Criticality of Vulnerability Type	0	15	Unknown Vulnerability Type
Vulnerable Product is Common	0	14	Unknown Product
CVSS Base Score	0.0	10	Vulnerability Severity Rating based on CVSS Base Score is NA. No data.

Component

Value

Weight

Comment

Exploited in the Wild

Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites

Public Exploit Exists

Public exploit is NOT found at Vulners website

Criticality of Vulnerability Type

Unknown Vulnerability Type

Vulnerable Product is Common

Unknown Product

CVSS Base Score

0.0

Vulnerability Severity Rating based on CVSS Base Score is NA. No data.

Urgent (1)

Critical (1)

High (1)

Medium (0)

Low (1)

Exploitation in the wild detected (3)

Remote Code Execution (3)

Public exploit exists, but exploitation in the wild is NOT detected (0)

Other Vulnerabilities (1)

Unknown Vulnerability Type (1)