彙總 helpsystems 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
歷史漏洞主要涉及 跨站腳本與路徑處理缺陷 等問題,部分漏洞可能導致 工作階段劫持,並影響 軟體部署與生產負載 相關場景。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2022-42948 KEV | Cobalt Strike 4.7.1 fails to properly escape HTML tags when they are displayed on Swing components. By injecting crafted HTML code, it is possible to remotely execute code in the Cobalt Strike UI. | [email protected] | 9.8 | 22.06% | 2023-03-24 | 2025-11-03 |
| CVE-2022-39197 KEV | An XSS (Cross Site Scripting) vulnerability was found in HelpSystems Cobalt Strike through 4.7 that allowed a remote attacker to execute HTML on the Cobalt Strike teamserver. To exploit the vulnerability, one must first inspect a Cobalt Strike payload, and then modify the username field in the payload (or create a new payload with the extracted information and then modify that username field to be malformed). | [email protected] | 6.1 | 19.64% | 2022-09-22 | 2025-11-03 |
| CVE-2021-46830 | A path traversal vulnerability exists within GoAnywhere MFT before 6.8.3 that utilize self-registration for the GoAnywhere Web Client. This vulnerability could potentially allow an external user who self-registers with a specific username and/or profile information to gain access to files at a higher directory level than intended. | [email protected] | 6.5 | 0.57% | 2022-07-27 | 2024-11-21 |
| CVE-2021-43708 | The Labeling tool in Titus Classification Suite 18.8.1910.140 allows users to avoid the generation of a classification label by using Excel's safe mode. | [email protected] | 5.5 | 0.08% | 2022-04-21 | 2024-11-21 |
| CVE-2022-23317 | CobaltStrike <=4.5 HTTP(S) listener does not determine whether the request URL begins with "/", and attackers can obtain relevant information by specifying the URL. | [email protected] | 7.5 | 0.27% | 2022-02-15 | 2024-11-21 |
| CVE-2021-36798 | A Denial-of-Service (DoS) vulnerability was discovered in Team Server in HelpSystems Cobalt Strike 4.2 and 4.3. It allows remote attackers to crash the C2 server thread and block beacons' communication with it. | [email protected] | 7.5 | 27.68% | 2021-08-09 | 2024-11-21 |
| CVE-2018-20764 | A buffer overflow exists in HelpSystems tcpcrypt on Linux, used for BoKS encrypted telnet through BoKS version 6.7.1. Since tcpcrypt is setuid, exploitation leads to privilege escalation. | [email protected] | 9.8 | 0.68% | 2019-02-08 | 2024-11-21 |