gchq 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには vendor risk cross-site scripting and vendor risk xxe があり、vendor surface software deployment and vendor surface production workloads の利用場面で vendor impact session compromise などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2019-10779 | All versions of stroom:stroom-app before 5.5.12 and all versions of the 6.0.0 branch before 6.0.25 are affected by Cross-site Scripting. An attacker website is able to load the Stroom UI into a hidden iframe. Using that iframe, the attacker site can issue commands to the Stroom UI via an XSS vulnerability to take full control of the Stroom UI on behalf of the logged-in user. | [email protected] | 6.1 | 0.29% | 2020-01-28 | 2024-11-21 |
| CVE-2019-15532 | CyberChef before 8.31.2 allows XSS in core/operations/TextEncodingBruteForce.mjs. | [email protected] | 6.1 | 0.45% | 2019-08-26 | 2024-11-21 |
| CVE-2018-1000651 | Stroom version <5.4.5 contains a XML External Entity (XXE) vulnerability in XML Parser that can result in disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted XML file. | [email protected] | 10.0 | 0.24% | 2018-08-20 | 2024-11-21 |