[{"_id":"69de82f92c5c1df9d4b24d22","cveID":"CVE-2009-0238","dateAdded":"2026-04-14","dueDate":"2026-04-28","notes":"https://learn.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009 ; https://nvd.nist.gov/vuln/detail/CVE-2009-0238","product":"Office","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","shortDescription":"Microsoft Office Excel contains a remote code execution vulnerability that could allow an attacker to take complete control of an affected system if a user opens a specially crafted Excel file that includes a malformed object.","vendorProject":"Microsoft","vulnerabilityName":"Microsoft Office Remote Code Execution","nvdData":[{"attackVector":"NETWORK","attackComplexity":"LOW","baseSeverity":"HIGH","exploitabilityScore":2.8,"baseScore":8.8,"nvdReferences":[{"url":"http://blogs.zdnet.com/security/?p=2658","source":"secure@microsoft.com"},{"url":"http://isc.sans.org/diary.html?storyid=5923","source":"secure@microsoft.com"},{"url":"http://securitytracker.com/id?1021744","source":"secure@microsoft.com"},{"url":"http://www.microsoft.com/technet/security/advisory/968272.mspx","source":"secure@microsoft.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/33870","source":"secure@microsoft.com"},{"url":"http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-022310-4202-99","source":"secure@microsoft.com"},{"url":"http://www.us-cert.gov/cas/techalerts/TA09-104A.html","source":"secure@microsoft.com","tags":["US Government Resource"]},{"url":"http://www.vupen.com/english/advisories/2009/1023","source":"secure@microsoft.com"},{"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009","source":"secure@microsoft.com"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/48875","source":"secure@microsoft.com"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5968","source":"secure@microsoft.com"},{"url":"http://blogs.zdnet.com/security/?p=2658","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://isc.sans.org/diary.html?storyid=5923","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://securitytracker.com/id?1021744","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.microsoft.com/technet/security/advisory/968272.mspx","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/33870","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-022310-4202-99","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.us-cert.gov/cas/techalerts/TA09-104A.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["US Government Resource"]},{"url":"http://www.vupen.com/english/advisories/2009/1023","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/48875","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5968","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-0238","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}],"vulnStatus":"Deferred"}],"githubPocs":[],"openThreatData":[{"adversaries":[],"malwareFamiles":[],"affectedIndustries":[],"communityAdversaries":[],"communityMalwareFamilies":[],"communityAffectedIndustries":[]}],"knownRansomwareCampaignUse":"Unknown"},{"_id":"69de82f92c5c1df9d4b24d23","cveID":"CVE-2026-32201","dateAdded":"2026-04-14","dueDate":"2026-04-28","notes":"https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-32201 ; https://nvd.nist.gov/vuln/detail/CVE-2026-32201","product":"SharePoint Server","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","shortDescription":"Microsoft SharePoint Server contains an improper input validation vulnerability that allows an unauthorized attacker to perform spoofing over a network.","vendorProject":"Microsoft","vulnerabilityName":"Microsoft SharePoint Server Improper Input Validation Vulnerability","nvdData":[{"nvdReferences":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32201","source":"secure@microsoft.com","tags":["Vendor Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-32201","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]}],"vulnStatus":"Undergoing Analysis"}],"githubPocs":[],"openThreatData":[{"adversaries":[],"malwareFamiles":[],"affectedIndustries":[],"communityAdversaries":[],"communityMalwareFamilies":[],"communityAffectedIndustries":[]}],"knownRansomwareCampaignUse":"Unknown"},{"_id":"69e125f9bf2904da36e09391","cveID":"CVE-2026-34197","dateAdded":"2026-04-16","dueDate":"2026-04-30","notes":"https://activemq.apache.org/security-advisories.data/CVE-2026-34197-announcement.txt ; https://nvd.nist.gov/vuln/detail/CVE-2026-34197","product":"ActiveMQ","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","shortDescription":"Apache ActiveMQ contains an improper input validation vulnerability that allows for code injection.","vendorProject":"Apache","vulnerabilityName":"Apache ActiveMQ Improper Input Validation Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"LOW","baseSeverity":"HIGH","exploitabilityScore":2.8,"baseScore":8.8,"nvdReferences":[{"url":"https://activemq.apache.org/security-advisories.data/CVE-2026-34197-announcement.txt","source":"security@apache.org","tags":["Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/04/06/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-34197","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]}],"vulnStatus":"Analyzed"}],"githubPocs":["https://github.com/keraattin/CVE-2026-34197","https://github.com/hg0434hongzh0/CVE-2026-34197","https://github.com/KONDORDEVSECURITYCORP/CVE-2026-34197","https://github.com/AtoposX-J/CVE-2026-34197-Apache-ActiveMQ-RCE","https://github.com/DEVSECURITYSPRO/CVE-2026-34197","https://github.com/dinosn/CVE-2026-34197","https://github.com/0xBlackash/CVE-2026-34197"],"openThreatData":[{"adversaries":[],"malwareFamiles":[],"affectedIndustries":[],"communityAdversaries":[],"communityMalwareFamilies":[],"communityAffectedIndustries":[]}],"knownRansomwareCampaignUse":"Unknown"},{"_id":"69e687215a9d39622b659e1b","cveID":"CVE-2026-20122","dateAdded":"2026-04-20","dueDate":"2026-04-23","notes":"CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/ CVE-2026-20122","product":"Catalyst SD-WAN Manger","requiredAction":"Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.","shortDescription":"Cisco Catalyst SD-WAN Manager contains an incorrect use of privileged APIs vulnerability due to improper file handling on the API interface of an affected system. An attacker could exploit this vulnerability by uploading a malicious file on the local file system. A successful exploit could allow the attacker to overwrite arbitrary files on the affected system and gain vmanage user privileges.","vendorProject":"Cisco","vulnerabilityName":"Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"LOW","baseSeverity":"MEDIUM","exploitabilityScore":2.8,"baseScore":5.4,"nvdReferences":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20122","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}],"vulnStatus":"Modified"}],"githubPocs":[],"openThreatData":[{"adversaries":[],"malwareFamiles":[],"affectedIndustries":[],"communityAdversaries":[],"communityMalwareFamilies":[],"communityAffectedIndustries":[]}],"knownRansomwareCampaignUse":"Unknown"},{"_id":"69e687215a9d39622b659e1c","cveID":"CVE-2026-20133","dateAdded":"2026-04-20","dueDate":"2026-04-23","notes":"CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/CVE-2026-20133","product":"Catalyst SD-WAN Manager","requiredAction":"Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.","shortDescription":"Cisco Catalyst SD-WAN Manager contains an exposure of sensitive information to an unauthorized actor vulnerability that could allow remote attackers to view sensitive information on affected systems.","vendorProject":"Cisco","vulnerabilityName":"Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"LOW","baseSeverity":"MEDIUM","exploitabilityScore":2.8,"baseScore":6.5,"nvdReferences":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20133","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}],"vulnStatus":"Modified"}],"githubPocs":[],"openThreatData":[{"adversaries":[],"malwareFamiles":[],"affectedIndustries":[],"communityAdversaries":[],"communityMalwareFamilies":[],"communityAffectedIndustries":[]}],"knownRansomwareCampaignUse":"Unknown"},{"_id":"69e687215a9d39622b659e1d","cveID":"CVE-2025-2749","dateAdded":"2026-04-20","dueDate":"2026-05-04","notes":"https://devnet.kentico.com/download/hotfixes ; https://nvd.nist.gov/vuln/detail/CVE-2025-2749","product":"Kentico Xperience","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","shortDescription":"Kentico Xperience contains a path traversal vulnerability that could allow an authenticated user's Staging Sync Server to upload arbitrary data to path relative locations.","vendorProject":"Kentico","vulnerabilityName":"Kentico Xperience Path Traversal Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"LOW","baseSeverity":"HIGH","exploitabilityScore":1.2,"baseScore":7.2,"nvdReferences":[{"url":"https://devnet.kentico.com/download/hotfixes","source":"disclosure@vulncheck.com","tags":["Patch"]},{"url":"https://labs.watchtowr.com/bypassing-authentication-like-its-the-90s-pre-auth-rce-chain-s-in-kentico-xperience-cms/","source":"disclosure@vulncheck.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.vulncheck.com/advisories/kentico-xperience-staging-media-file-upload-authenticated-rce","source":"disclosure@vulncheck.com"},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-2749","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}],"vulnStatus":"Modified"}],"githubPocs":[],"openThreatData":[{"adversaries":[],"malwareFamiles":[],"affectedIndustries":[],"communityAdversaries":[],"communityMalwareFamilies":[],"communityAffectedIndustries":[]}],"knownRansomwareCampaignUse":"Unknown"},{"_id":"69e687215a9d39622b659e1e","cveID":"CVE-2023-27351","dateAdded":"2026-04-20","dueDate":"2026-05-04","notes":"https://www.papercut.com/kb/Main/PO-1216-and-PO-1219 ; https://nvd.nist.gov/vuln/detail/CVE-2023-27351","product":"NG/MF","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","shortDescription":"PaperCut NG/MF contains an improper authentication vulnerability that could allow remote attackers to bypass authentication on affected installations via the SecurityRequestFilter class.","vendorProject":"PaperCut","vulnerabilityName":"PaperCut NG/MF Improper Authentication Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"LOW","baseSeverity":"HIGH","exploitabilityScore":3.9,"baseScore":7.5,"nvdReferences":[{"url":"https://www.papercut.com/kb/Main/PO-1216-and-PO-1219","source":"zdi-disclosures@trendmicro.com","tags":["Vendor Advisory"]},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-23-232/","source":"zdi-disclosures@trendmicro.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.papercut.com/kb/Main/PO-1216-and-PO-1219","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-23-232/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-27351","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}],"vulnStatus":"Modified"}],"githubPocs":[],"openThreatData":[{"adversaries":["Storm-1175"],"malwareFamiles":["Medusa"],"affectedIndustries":[],"communityAdversaries":["Mango Sandworm","APT35, Charming Kitten, Mint Sandstorm, Cobalt Mirage","Test Adversary2"],"communityMalwareFamilies":["\"prepending (enc) ransomware\" (not an official name)","Meterpreter","Truebot","Gopuram","Qakbot","#aggr:autoit/banload","Syncro rmm","Cobalt strike","Atera rmm","Medusa locker","Cl0p","Immortal stealer"],"communityAffectedIndustries":["Government","Healthcare","Finance","Educational services","Education","Public administration","Transportation","Technology","Aerospace","Construction","Other services","Energy","Defense","Chemical","Legal, financial, healthcare, government, municipal, real-estate, enterprise-technology, critical-in"]}],"knownRansomwareCampaignUse":"Unknown"},{"_id":"69e687215a9d39622b659e1f","cveID":"CVE-2025-48700","dateAdded":"2026-04-20","dueDate":"2026-04-23","notes":"https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories ; https://nvd.nist.gov/vuln/detail/CVE-2025-48700","product":"Zimbra Collaboration Suite (ZCS)","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","shortDescription":"Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability that could allow attackers to execute arbitrary JavaScript within the user's session, potentially leading to unauthorized access to sensitive information.","vendorProject":"Synacor","vulnerabilityName":"Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"LOW","baseSeverity":"MEDIUM","exploitabilityScore":2.8,"baseScore":6.1,"nvdReferences":[{"url":"https://wiki.zimbra.com/wiki/Security_Center","source":"cve@mitre.org","tags":["Release Notes"]},{"url":"https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy","source":"cve@mitre.org","tags":["Product"]},{"url":"https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-48700","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}],"vulnStatus":"Modified"}],"githubPocs":[],"openThreatData":[{"adversaries":[],"malwareFamiles":[],"affectedIndustries":[],"communityAdversaries":[],"communityMalwareFamilies":[],"communityAffectedIndustries":[]}],"knownRansomwareCampaignUse":"Unknown"},{"_id":"69e687215a9d39622b659e20","cveID":"CVE-2026-20128","dateAdded":"2026-04-20","dueDate":"2026-04-23","notes":"CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/CVE-2026-20128","product":"Catalyst SD-WAN Manager","requiredAction":"Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.","shortDescription":"Cisco Catalyst SD-WAN Manager contains a storing passwords in a recoverable format vulnerability that allows an authenticated, local attacker to gain DCA user privileges by accessing a credential file for the DCA user on the filesystem as a low-privileged user.","vendorProject":"Cisco","vulnerabilityName":"Cisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format Vulnerability","nvdData":[{"attackVector":"LOCAL","attackComplexity":"HIGH","baseSeverity":"HIGH","exploitabilityScore":0.8,"baseScore":7.5,"nvdReferences":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20128","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}],"vulnStatus":"Modified"}],"githubPocs":[],"openThreatData":[{"adversaries":[],"malwareFamiles":[],"affectedIndustries":[],"communityAdversaries":[],"communityMalwareFamilies":[],"communityAffectedIndustries":[]}],"knownRansomwareCampaignUse":"Unknown"},{"_id":"69e687215a9d39622b659e21","cveID":"CVE-2025-32975","dateAdded":"2026-04-20","dueDate":"2026-05-04","notes":"https://support.quest.com/kb/4379499/quest-response-to-kace-sma-vulnerabilities-cve-2025-32975-cve-2025-32976-cve-2025-32977-cve-2025-32978 ; https://nvd.nist.gov/vuln/detail/CVE-2025-32975","product":"KACE Systems Management Appliance (SMA)","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","shortDescription":"Quest KACE Systems Management Appliance (SMA) contains an improper authentication vulnerability that could allow attackers to impersonate legitimate users without valid credentials.","vendorProject":"Quest","vulnerabilityName":"Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"LOW","baseSeverity":"CRITICAL","exploitabilityScore":3.9,"baseScore":10.0,"nvdReferences":[{"url":"https://seclists.org/fulldisclosure/2025/Jun/22","source":"cve@mitre.org"},{"url":"https://seralys.com/research/CVE-2025-32975.txt","source":"cve@mitre.org"},{"url":"https://support.quest.com/kb/4379499/quest-response-to-kace-sma-vulnerabilities-cve-2025-32975-cve-2025-32976-cve-2025-32977-cve-2025-32978","source":"cve@mitre.org"},{"url":"http://seclists.org/fulldisclosure/2025/Jun/25","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32975","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}],"vulnStatus":"Deferred"}],"githubPocs":[],"openThreatData":[{"adversaries":[],"malwareFamiles":[],"affectedIndustries":[],"communityAdversaries":[],"communityMalwareFamilies":[],"communityAffectedIndustries":[]}],"knownRansomwareCampaignUse":"Unknown"},{"_id":"69e687215a9d39622b659e22","cveID":"CVE-2024-27199","dateAdded":"2026-04-20","dueDate":"2026-05-04","notes":"https://www.jetbrains.com/privacy-security/issues-fixed/ ; https://nvd.nist.gov/vuln/detail/CVE-2024-27199","product":"TeamCity","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","shortDescription":"JetBrains TeamCity contains a relative path traversal vulnerability that could allow limited admin actions to be performed.","vendorProject":"JetBrains","vulnerabilityName":"JetBrains TeamCity Relative Path Traversal Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"LOW","baseSeverity":"HIGH","exploitabilityScore":3.9,"baseScore":7.3,"nvdReferences":[{"url":"https://www.darkreading.com/cyberattacks-data-breaches/jetbrains-teamcity-mass-exploitation-underway-rogue-accounts-thrive","source":"cve@jetbrains.com","tags":["Press/Media Coverage"]},{"url":"https://www.jetbrains.com/privacy-security/issues-fixed/","source":"cve@jetbrains.com","tags":["Vendor Advisory"]},{"url":"https://www.darkreading.com/cyberattacks-data-breaches/jetbrains-teamcity-mass-exploitation-underway-rogue-accounts-thrive","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Press/Media Coverage"]},{"url":"https://www.jetbrains.com/privacy-security/issues-fixed/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://github.com/Stuub/RCity-CVE-2024-27198/blob/main/RCity.py","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-27199","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}],"vulnStatus":"Modified"}],"githubPocs":["https://github.com/Stuub/RCity-CVE-2024-27199"],"openThreatData":[{"adversaries":["Thallium","Earth Lamia","Storm-1175"],"malwareFamiles":["Bypassboss","Brute ratel","Pulsepack","Cobalt strike - s0154","Xworm","Xmrig","Sparkrat","Vshell","Kimsuky","Medusa","Jasmin","Blankgrabber"],"affectedIndustries":["Transportation","Technology","Education","Finance","Government","Retail"],"communityAdversaries":["Thallium","Kimsuky","Earth Lamia","Silver Fox, Powercat, BRUSHWORM and BRUSHLOGGER, Blank Grabber, Infiniti Stealer"],"communityMalwareFamilies":["Bypassboss","Brute ratel","Cobalt strike","Cobalt strike - s0154","Pulsepack","Xworm","Sparkrat","Xmrig","Vshell","Kimsuky","Trend pattern","Jasmin","Blankgrabber"],"communityAffectedIndustries":["Transportation","Technology","Education","Finance","Government","Retail"]}],"knownRansomwareCampaignUse":"Unknown"}]