| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| CVE-2022-24086 | Adobe Commerce and Magento Open Source Improper Input Validation Vulnerability | secondary_impact | T1213 | Data from Information Repositories |
Comments
This vulnerability can be exploited via a public-facing e-commerce application in order to achieve remote code execution. To evade detection, the exploit segment responsible for downloading and executing the remote malicious PHP code is obfuscated.
References
|
| CVE-2022-24086 | Adobe Commerce and Magento Open Source Improper Input Validation Vulnerability | primary_impact | T1027 | Obfuscated Files or Information |
Comments
This vulnerability can be exploited via a public-facing e-commerce application in order to achieve remote code execution. To evade detection, the exploit segment responsible for downloading and executing the remote malicious PHP code is obfuscated.
References
|
| CVE-2020-0069 | Mediatek Multiple Chipsets Insufficient Input Validation Vulnerability | exploitation_technique | T1068 | Exploitation for Privilege Escalation |
Comments
CVE-2020-0069 is an insufficient input validation vulnerability in multiple MediaTek chipsets that, combined with missing SELinux restrictions in the Command Queue drivers' ioctl handlers, allows an adversary to perform an out-of-bounds write leading to privilege escalation.
References
|
| CVE-2022-24086 | Adobe Commerce and Magento Open Source Improper Input Validation Vulnerability | exploitation_technique | T1190 | Exploit Public-Facing Application |
Comments
This vulnerability can be exploited via a public-facing e-commerce application in order to achieve remote code execution. To evade detection, the exploit segment responsible for downloading and executing the remote malicious PHP code is obfuscated.
References
|
| CVE-2008-2992 | Adobe Reader and Acrobat Input Validation Vulnerability | exploitation_technique | T1204.002 | Malicious File |
Comments
This vulnerability is exploited via a maliciously-crafted pdf file.
References
|
| CVE-2023-2868 | Barracuda Networks ESG Appliance Improper Input Validation Vulnerability | secondary_impact | T1041 | Exfiltration Over C2 Channel |
Comments
CVE-2023-2868 in the Barracuda Email Security Gateway (ESG) had been reportedly exploited for espionage and exfiltration efforts by UNC4841 attributed by Mandiant. Following the exploitation of CVE-2023-2868, malware SALTWATER, SEASPY, and SEASIDE were identified to be used in intrusions.
References
|
| CVE-2023-2868 | Barracuda Networks ESG Appliance Improper Input Validation Vulnerability | secondary_impact | T1105 | Ingress Tool Transfer |
Comments
CVE-2023-2868 in the Barracuda Email Security Gateway (ESG) had been reportedly exploited for espionage and exfiltration efforts by UNC4841 attributed by Mandiant. Following the exploitation of CVE-2023-2868, malware SALTWATER, SEASPY, and SEASIDE were identified to be used in intrusions.
References
|
| CVE-2023-2868 | Barracuda Networks ESG Appliance Improper Input Validation Vulnerability | primary_impact | T1059 | Command and Scripting Interpreter |
Comments
CVE-2023-2868 in the Barracuda Email Security Gateway (ESG) had been reportedly exploited for espionage and exfiltration efforts by UNC4841 attributed by Mandiant. Following the exploitation of CVE-2023-2868, malware SALTWATER, SEASPY, and SEASIDE were identified to be used in intrusions.
References
|
| CVE-2023-2868 | Barracuda Networks ESG Appliance Improper Input Validation Vulnerability | exploitation_technique | T1566.001 | Spearphishing Attachment |
Comments
CVE-2023-2868 in the Barracuda Email Security Gateway (ESG) had been reportedly exploited for espionage and exfiltration efforts by UNC4841 attributed by Mandiant. Following the exploitation of CVE-2023-2868, malware SALTWATER, SEASPY, and SEASIDE were identified to be used in intrusions.
References
|
| CVE-2024-4879 | ServiceNow Improper Input Validation Vulnerability | primary_impact | T1190 | Exploit Public-Facing Application |
Comments
CVE-2024-4879 is a Template Injection Vulnerability in ServiceNow UI Macros. When ServiceNow instances are installed public-facing instead of internally, they can be exploited for arbitrary code execution. Adversaries have been observed selling data exfiltrated through this exploit.
References
|
| CVE-2024-4879 | ServiceNow Improper Input Validation Vulnerability | exploitation_technique | T1059 | Command and Scripting Interpreter |
Comments
CVE-2024-4879 is a Template Injection Vulnerability in ServiceNow UI Macros. When ServiceNow instances are installed public-facing instead of internally, they can be exploited for arbitrary code execution. Adversaries have been observed selling data exfiltrated through this exploit.
References
|
| CVE-2024-5217 | ServiceNow Incomplete List of Disallowed Inputs Vulnerability | exploitation_technique | T1059 | Command and Scripting Interpreter |
Comments
CVE-2024-5217 is an input validation vulnerability that could enable an unauthenticated user to remotely execute code within the context of the Now Platform due to incomplete input validation in a GlideExpression Script.
References
|
| CVE-2022-3075 | Google Chromium Mojo Insufficient Data Validation Vulnerability | exploitation_technique | T1204.001 | Malicious Link |
Comments
This data validation vulnerability is exploited by a remote attacker who compromised the renderer process via a crafted HTML page to potentially perform a sandbox escape.
Exploitation in the wild techniques have not been published by Google.
References
|