CVE-2023-36475 (GCVE-0-2023-36475)
Vulnerability from cvelistv5
Published
2023-06-28 22:32
Modified
2024-11-27 14:44
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Summary
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 5.5.2 and 6.2.1, an attacker can use a prototype pollution sink to trigger a remote code execution through the MongoDB BSON parser. A patch is available in versions 5.5.2 and 6.2.1.
References
security-advisories@github.com https://github.com/parse-community/parse-server/commit/3dd99dd80e27e5e1d99b42844180546d90c7aa90 Patch
security-advisories@github.com https://github.com/parse-community/parse-server/commit/5fad2928fb8ee17304abcdcf259932f827d8c81f Patch
security-advisories@github.com https://github.com/parse-community/parse-server/issues/8674 Issue Tracking, Patch
security-advisories@github.com https://github.com/parse-community/parse-server/issues/8675 Issue Tracking, Patch
security-advisories@github.com https://github.com/parse-community/parse-server/releases/tag/5.5.2 Release Notes
security-advisories@github.com https://github.com/parse-community/parse-server/releases/tag/6.2.1 Release Notes
security-advisories@github.com https://github.com/parse-community/parse-server/security/advisories/GHSA-462x-c3jw-7vr6 Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108 https://github.com/parse-community/parse-server/commit/3dd99dd80e27e5e1d99b42844180546d90c7aa90 Patch
af854a3a-2127-422b-91ae-364da2661108 https://github.com/parse-community/parse-server/commit/5fad2928fb8ee17304abcdcf259932f827d8c81f Patch
af854a3a-2127-422b-91ae-364da2661108 https://github.com/parse-community/parse-server/issues/8674 Issue Tracking, Patch
af854a3a-2127-422b-91ae-364da2661108 https://github.com/parse-community/parse-server/issues/8675 Issue Tracking, Patch
af854a3a-2127-422b-91ae-364da2661108 https://github.com/parse-community/parse-server/releases/tag/5.5.2 Release Notes
af854a3a-2127-422b-91ae-364da2661108 https://github.com/parse-community/parse-server/releases/tag/6.2.1 Release Notes
af854a3a-2127-422b-91ae-364da2661108 https://github.com/parse-community/parse-server/security/advisories/GHSA-462x-c3jw-7vr6 Vendor Advisory
Impacted products
Vendor Product Version
parse-community parse-server Version: < 5.5.2
Version: >= 6.0.0, < 6.2.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T16:45:57.041Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/parse-community/parse-server/security/advisories/GHSA-462x-c3jw-7vr6",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/parse-community/parse-server/security/advisories/GHSA-462x-c3jw-7vr6"
          },
          {
            "name": "https://github.com/parse-community/parse-server/issues/8674",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/parse-community/parse-server/issues/8674"
          },
          {
            "name": "https://github.com/parse-community/parse-server/issues/8675",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/parse-community/parse-server/issues/8675"
          },
          {
            "name": "https://github.com/parse-community/parse-server/commit/3dd99dd80e27e5e1d99b42844180546d90c7aa90",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/parse-community/parse-server/commit/3dd99dd80e27e5e1d99b42844180546d90c7aa90"
          },
          {
            "name": "https://github.com/parse-community/parse-server/commit/5fad2928fb8ee17304abcdcf259932f827d8c81f",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/parse-community/parse-server/commit/5fad2928fb8ee17304abcdcf259932f827d8c81f"
          },
          {
            "name": "https://github.com/parse-community/parse-server/releases/tag/5.5.2",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/parse-community/parse-server/releases/tag/5.5.2"
          },
          {
            "name": "https://github.com/parse-community/parse-server/releases/tag/6.2.1",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/parse-community/parse-server/releases/tag/6.2.1"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-36475",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-27T14:43:51.427204Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-27T14:44:09.330Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "parse-server",
          "vendor": "parse-community",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 5.5.2"
            },
            {
              "status": "affected",
              "version": "\u003e= 6.0.0, \u003c 6.2.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 5.5.2 and 6.2.1, an attacker can use a prototype pollution sink to trigger a remote code execution through the MongoDB BSON parser. A patch is available in versions 5.5.2 and 6.2.1."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1321",
              "description": "CWE-1321: Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-28T22:32:10.081Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/parse-community/parse-server/security/advisories/GHSA-462x-c3jw-7vr6",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/parse-community/parse-server/security/advisories/GHSA-462x-c3jw-7vr6"
        },
        {
          "name": "https://github.com/parse-community/parse-server/issues/8674",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/parse-community/parse-server/issues/8674"
        },
        {
          "name": "https://github.com/parse-community/parse-server/issues/8675",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/parse-community/parse-server/issues/8675"
        },
        {
          "name": "https://github.com/parse-community/parse-server/commit/3dd99dd80e27e5e1d99b42844180546d90c7aa90",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/parse-community/parse-server/commit/3dd99dd80e27e5e1d99b42844180546d90c7aa90"
        },
        {
          "name": "https://github.com/parse-community/parse-server/commit/5fad2928fb8ee17304abcdcf259932f827d8c81f",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/parse-community/parse-server/commit/5fad2928fb8ee17304abcdcf259932f827d8c81f"
        },
        {
          "name": "https://github.com/parse-community/parse-server/releases/tag/5.5.2",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/parse-community/parse-server/releases/tag/5.5.2"
        },
        {
          "name": "https://github.com/parse-community/parse-server/releases/tag/6.2.1",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/parse-community/parse-server/releases/tag/6.2.1"
        }
      ],
      "source": {
        "advisory": "GHSA-462x-c3jw-7vr6",
        "discovery": "UNKNOWN"
      },
      "title": "Parse Server vulnerable to remote code execution via MongoDB BSON parser through prototype pollution"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-36475",
    "datePublished": "2023-06-28T22:32:10.081Z",
    "dateReserved": "2023-06-21T18:50:41.703Z",
    "dateUpdated": "2024-11-27T14:44:09.330Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-36475\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2023-06-28T23:15:21.140\",\"lastModified\":\"2024-11-21T08:09:47.380\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 5.5.2 and 6.2.1, an attacker can use a prototype pollution sink to trigger a remote code execution through the MongoDB BSON parser. A patch is available in versions 5.5.2 and 6.2.1.\"},{\"lang\":\"es\",\"value\":\"Parse Server es un backend de c\u00f3digo abierto que puede desplegarse en cualquier infraestructura que pueda ejecutar Node.js. Antes de las versiones 5.5.2 y 6.2.1, un atacante puede utilizar un prototipo de \\\"pollution sink\\\" para desencadenar una ejecuci\u00f3n remota de c\u00f3digo a trav\u00e9s del analizador BSON de MongoDB. Hay un parche disponible en las versiones 5.5.2 y 6.2.1. \"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1321\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse-server:*:*:*:*:*:node.js:*:*\",\"versionEndExcluding\":\"5.5.2\",\"matchCriteriaId\":\"8059544D-58C9-4AA3-8ABF-C29439C1EF8E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse-server:*:*:*:*:*:node.js:*:*\",\"versionStartIncluding\":\"6.0.0\",\"versionEndExcluding\":\"6.2.1\",\"matchCriteriaId\":\"505FD02D-F6D9-4B39-B963-03604E91D129\"}]}]}],\"references\":[{\"url\":\"https://github.com/parse-community/parse-server/commit/3dd99dd80e27e5e1d99b42844180546d90c7aa90\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/parse-community/parse-server/commit/5fad2928fb8ee17304abcdcf259932f827d8c81f\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/parse-community/parse-server/issues/8674\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/parse-community/parse-server/issues/8675\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/parse-community/parse-server/releases/tag/5.5.2\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/parse-community/parse-server/releases/tag/6.2.1\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/parse-community/parse-server/security/advisories/GHSA-462x-c3jw-7vr6\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/parse-community/parse-server/commit/3dd99dd80e27e5e1d99b42844180546d90c7aa90\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/parse-community/parse-server/commit/5fad2928fb8ee17304abcdcf259932f827d8c81f\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/parse-community/parse-server/issues/8674\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/parse-community/parse-server/issues/8675\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/parse-community/parse-server/releases/tag/5.5.2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/parse-community/parse-server/releases/tag/6.2.1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/parse-community/parse-server/security/advisories/GHSA-462x-c3jw-7vr6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"title\": \"Parse Server vulnerable to remote code execution via MongoDB BSON parser through prototype pollution\", \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-1321\", \"lang\": \"en\", \"description\": \"CWE-1321: Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)\", \"type\": \"CWE\"}]}], \"metrics\": [{\"cvssV3_1\": {\"attackComplexity\": \"LOW\", \"attackVector\": \"NETWORK\", \"availabilityImpact\": \"HIGH\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"scope\": \"UNCHANGED\", \"userInteraction\": \"NONE\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"version\": \"3.1\"}}], \"references\": [{\"name\": \"https://github.com/parse-community/parse-server/security/advisories/GHSA-462x-c3jw-7vr6\", \"tags\": [\"x_refsource_CONFIRM\"], \"url\": \"https://github.com/parse-community/parse-server/security/advisories/GHSA-462x-c3jw-7vr6\"}, {\"name\": \"https://github.com/parse-community/parse-server/issues/8674\", \"tags\": [\"x_refsource_MISC\"], \"url\": \"https://github.com/parse-community/parse-server/issues/8674\"}, {\"name\": \"https://github.com/parse-community/parse-server/issues/8675\", \"tags\": [\"x_refsource_MISC\"], \"url\": \"https://github.com/parse-community/parse-server/issues/8675\"}, {\"name\": \"https://github.com/parse-community/parse-server/commit/3dd99dd80e27e5e1d99b42844180546d90c7aa90\", \"tags\": [\"x_refsource_MISC\"], \"url\": \"https://github.com/parse-community/parse-server/commit/3dd99dd80e27e5e1d99b42844180546d90c7aa90\"}, {\"name\": \"https://github.com/parse-community/parse-server/commit/5fad2928fb8ee17304abcdcf259932f827d8c81f\", \"tags\": [\"x_refsource_MISC\"], \"url\": \"https://github.com/parse-community/parse-server/commit/5fad2928fb8ee17304abcdcf259932f827d8c81f\"}, {\"name\": \"https://github.com/parse-community/parse-server/releases/tag/5.5.2\", \"tags\": [\"x_refsource_MISC\"], \"url\": \"https://github.com/parse-community/parse-server/releases/tag/5.5.2\"}, {\"name\": \"https://github.com/parse-community/parse-server/releases/tag/6.2.1\", \"tags\": [\"x_refsource_MISC\"], \"url\": \"https://github.com/parse-community/parse-server/releases/tag/6.2.1\"}], \"affected\": [{\"vendor\": \"parse-community\", \"product\": \"parse-server\", \"versions\": [{\"version\": \"\u003c 5.5.2\", \"status\": \"affected\"}, {\"version\": \"\u003e= 6.0.0, \u003c 6.2.1\", \"status\": \"affected\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2023-06-28T22:32:10.081Z\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 5.5.2 and 6.2.1, an attacker can use a prototype pollution sink to trigger a remote code execution through the MongoDB BSON parser. A patch is available in versions 5.5.2 and 6.2.1.\"}], \"source\": {\"advisory\": \"GHSA-462x-c3jw-7vr6\", \"discovery\": \"UNKNOWN\"}}, \"adp\": [{\"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T16:45:57.041Z\"}, \"title\": \"CVE Program Container\", \"references\": [{\"name\": \"https://github.com/parse-community/parse-server/security/advisories/GHSA-462x-c3jw-7vr6\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"], \"url\": \"https://github.com/parse-community/parse-server/security/advisories/GHSA-462x-c3jw-7vr6\"}, {\"name\": \"https://github.com/parse-community/parse-server/issues/8674\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"], \"url\": \"https://github.com/parse-community/parse-server/issues/8674\"}, {\"name\": \"https://github.com/parse-community/parse-server/issues/8675\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"], \"url\": \"https://github.com/parse-community/parse-server/issues/8675\"}, {\"name\": \"https://github.com/parse-community/parse-server/commit/3dd99dd80e27e5e1d99b42844180546d90c7aa90\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"], \"url\": \"https://github.com/parse-community/parse-server/commit/3dd99dd80e27e5e1d99b42844180546d90c7aa90\"}, {\"name\": \"https://github.com/parse-community/parse-server/commit/5fad2928fb8ee17304abcdcf259932f827d8c81f\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"], \"url\": \"https://github.com/parse-community/parse-server/commit/5fad2928fb8ee17304abcdcf259932f827d8c81f\"}, {\"name\": \"https://github.com/parse-community/parse-server/releases/tag/5.5.2\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"], \"url\": \"https://github.com/parse-community/parse-server/releases/tag/5.5.2\"}, {\"name\": \"https://github.com/parse-community/parse-server/releases/tag/6.2.1\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"], \"url\": \"https://github.com/parse-community/parse-server/releases/tag/6.2.1\"}]}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-36475\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-27T14:43:51.427204Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-27T14:44:05.337Z\"}}]}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-36475\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"GitHub_M\", \"dateReserved\": \"2023-06-21T18:50:41.703Z\", \"datePublished\": \"2023-06-28T22:32:10.081Z\", \"dateUpdated\": \"2024-11-27T14:44:09.330Z\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.