Known Exploited Vulnerability
7.2
HIGH
CVE-2024-8190
Ivanti Cloud Services Appliance OS Command Injecti - [Actively Exploited]
Description

An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. The attacker must have admin level privileges to exploit this vulnerability.

INFO

Published Date :

Sept. 10, 2024, 9:15 p.m.

Last Modified :

Nov. 26, 2024, 7:55 p.m.

Source :

3c1d8aa1-5a33-4ea4-8992-aadd6440af75

Remotely Exploitable :

Yes !

Impact Score :

5.9

Exploitability Score :

1.2
CISA Notification
CISA KEV (Known Exploited Vulnerabilities)

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.

Description :

Ivanti Cloud Services Appliance (CSA) contains an OS command injection vulnerability in the administrative console which can allow an authenticated attacker with application admin privileges to pass commands to the underlying OS.

Required Action :

As Ivanti CSA has reached End-of-Life status, users are urged to remove CSA 4.6.x from service or upgrade to the 5.0.x line of supported solutions, as future vulnerabilities on the 4.6.x version of CSA are unlikely to receive future security updates.

Notes :

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Service-Appliance-CSA-CVE-2024-8190; https://nvd.nist.gov/vuln/detail/CVE-2024-8190

Public PoC/Exploit Available at Github

CVE-2024-8190 has a 6 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2024-8190 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Ivanti endpoint_manager_cloud_services_appliance
2 Ivanti cloud_services_appliance
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2024-8190.

URL Resource
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Service-Appliance-CSA-CVE-2024-8190 Vendor Advisory
https://www.cisa.gov/news-events/alerts/2024/09/13/ivanti-releases-security-update-cloud-services-appliance Third Party Advisory US Government Resource

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

None

Python

Updated: 2 weeks, 6 days ago
0 stars 0 fork 0 watcher
Born at : Nov. 28, 2024, 1:32 a.m. This repo has been linked 3 different CVEs too.

搭建漏洞

HTML

Updated: 4 weeks ago
0 stars 0 fork 0 watcher
Born at : Nov. 20, 2024, 7:53 a.m. This repo has been linked 32 different CVEs too.

CVE-2024-8190: Ivanti Cloud Service Appliance Command Injection

Python

Updated: 3 weeks ago
12 stars 4 fork 4 watcher
Born at : Sept. 16, 2024, 3:33 p.m. This repo has been linked 1 different CVEs too.

漏洞文库 wiki.wy876.cn

poc

HTML

Updated: 1 week, 6 days ago
437 stars 86 fork 86 watcher
Born at : Dec. 31, 2023, 7:18 a.m. This repo has been linked 33 different CVEs too.

收集整理漏洞EXP/POC,大部分漏洞来源网络,目前收集整理了1300多个poc/exp,长期更新。

poc

Updated: 2 weeks, 1 day ago
4250 stars 867 fork 867 watcher
Born at : Aug. 19, 2023, 12:08 p.m. This repo has been linked 159 different CVEs too.

📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.

security cve exploit poc vulnerability

Updated: 1 week, 4 days ago
6566 stars 1140 fork 1140 watcher
Born at : Dec. 8, 2019, 1:03 p.m. This repo has been linked 958 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2024-8190 vulnerability anywhere in the article.

  • Dark Reading
Serious Adversaries Circle Ivanti CSA Zero-Day Flaws

Source: Kristoffer Tripplaar via Alamy Stock Photo A deft chaining together of three separate zero-day flaws in Ivanti's Cloud Service Appliance allowed a particularly potent cyberattacker to infiltra ... Read more

Published Date: Oct 14, 2024 (2 months ago)
  • The Hacker News
Nation-State Attackers Exploiting Ivanti CSA Flaws for Network Infiltration

Network Security / Vulnerability A suspected nation-state adversary has been observed weaponizing three security flaws in Ivanti Cloud Service Appliance (CSA) a zero-day to perform a series of malicio ... Read more

Published Date: Oct 14, 2024 (2 months ago)
  • Cybersecurity News
Suspected Nation-State Adversary Exploits Ivanti CSA in a Series of Sophisticated Attacks

Fortinet’s FortiGuard Labs recently released a detailed analysis of a sophisticated cyberattack targeting the Ivanti Cloud Services Appliance (CSA). The attackers, suspected to be a nation-state actor ... Read more

Published Date: Oct 13, 2024 (2 months ago)
  • Cybersecurity News
CISA Adds Three Actively Exploited Security Vulnerabilities to KEV Catalog, Urges Urgent Patching

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three new security flaws to its Known Exploited Vulnerabilities (KEV) catalog, following confirmed reports of active exploita ... Read more

Published Date: Oct 09, 2024 (2 months, 1 week ago)
  • Cybersecurity News
Critical Vulnerabilities Discovered in Siemens SINEC Security Monitor

Siemens has released a new security update for its SINEC Security Monitor, a modular cybersecurity software used for passive, non-intrusive, and continuous monitoring of production environments on cus ... Read more

Published Date: Oct 09, 2024 (2 months, 1 week ago)
  • Help Net Security
Ivanti fixes three CSA zero-days exploited in the wild (CVE-2024-9379, CVE-2024-9380, CVE-2024-9381)

Ivanti has patched three additional Cloud Service Appliance (CSA) zero-day flaws, which have been exploited by attackers in conjuction with a zero-day bug the company accidentally fixed in September. ... Read more

Published Date: Oct 08, 2024 (2 months, 1 week ago)
  • The Hacker News
Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited

Ivanti has warned that three new security vulnerabilities impacting its Cloud Service Appliance (CSA) have come under active exploitation in the wild. The zero-day flaws are being weaponized in conjun ... Read more

Published Date: Oct 08, 2024 (2 months, 1 week ago)
  • BleepingComputer
Ivanti warns of three more CSA zero-days exploited in attacks

Image: MidjourneyAmerican IT software company Ivanti has released security updates to fix three new Cloud Services Appliance (CSA) zero-days tagged as actively exploited in attacks. As Ivanti revealed ... Read more

Published Date: Oct 08, 2024 (2 months, 1 week ago)
  • Cybersecurity News
CVE-2024-37404: Critical RCE Flaw Discovered in Ivanti Connect Secure & Policy Secure, PoC Published

Reverse Shell - Running as root User | Image: Richard WarrenIvanti has addressed a critical remote code execution (RCE) vulnerability affecting its Connect Secure and Policy Secure products, as report ... Read more

Published Date: Oct 08, 2024 (2 months, 1 week ago)
  • Cybersecurity News
Ivanti Patches CSA Appliance Against Vulnerabilities, Including Actively Exploited Flaws

Ivanti has recently released urgent security updates for its Cloud Services Appliance (CSA) to address multiple vulnerabilities, including one that is actively being exploited in the wild. The company ... Read more

Published Date: Oct 08, 2024 (2 months, 1 week ago)
  • Cybersecurity News
Active Exploits Target Zimbra Collaboration: Over 19K Systems Vulnerable to CVE-2024-45519

Image: The Shadowserver FoundationEnterprise security firm Proofpoint has issued a critical warning regarding active exploitation attempts against Synacor’s Zimbra Collaboration platform. A recently d ... Read more

Published Date: Oct 07, 2024 (2 months, 1 week ago)
  • The Hacker News
Ivanti Endpoint Manager Flaw Actively Targeted, CISA Warns Agencies to Patch

Vulnerability / Endpoint Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a security flaw impacting Endpoint Manager (EPM) that the company patched in May t ... Read more

Published Date: Oct 03, 2024 (2 months, 2 weeks ago)
  • Cybersecurity News
0-Day Flaw CVE-2024-38200 in Microsoft Office Exposes NTLMv2 Hashes: PoC Exploit Released

A discovered zero-day vulnerability is putting Microsoft Office users at risk. Security researcher Metin Yunus Kandemir recently published the technical details and a proof-of-concept (PoC) exploit th ... Read more

Published Date: Oct 03, 2024 (2 months, 2 weeks ago)
  • Cybersecurity News
Critical CUPS Vulnerabilities Expose Linux and Other Systems to Remote Attacks

In a significant development for cybersecurity, multiple critical vulnerabilities have been discovered in CUPS (Common Unix Printing System), a widely used print server on Linux systems and other plat ... Read more

Published Date: Sep 26, 2024 (2 months, 3 weeks ago)
  • Dark Reading
Third Ivanti Bug Comes Under Active Exploit, CISA Warns

Source: Kristoffer Tripplaar via Alamy Stock PhotoThe Cybersecurity and Infrastructure Security Agency (CISA) has added a third Ivanti vulnerability to the agency's Known Exploited Vulnerabilities (KE ... Read more

Published Date: Sep 25, 2024 (2 months, 3 weeks ago)
  • Help Net Security
Ivanti vTM auth bypass flaw exploited in attacks, CISA warns (CVE-2024-7593)

CVE-2024-7593, a critical authentication bypass vulnerability affecting Ivanti Virtual Traffic Manager (vTM) appliances, is actively exploited by attackers. The confirmation comes from the Cybersecuri ... Read more

Published Date: Sep 25, 2024 (2 months, 3 weeks ago)
  • The Hacker News
CISA Flags Critical Ivanti vTM Vulnerability Amid Active Exploitation Concerns

Vulnerability / Cyber Attack The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting Ivanti Virtual Traffic Manager (vTM) to its Known Expl ... Read more

Published Date: Sep 25, 2024 (2 months, 3 weeks ago)
  • Cybersecurity News
CVE-2024-9014 (CVSS 9.9): pgAdmin’s Critical Vulnerability Puts User Data at Risk

pgAdmin, the leading open-source management tool for PostgreSQL databases, has released an urgent security update to address a critical vulnerability affecting versions 8.11 and earlier. This flaw, id ... Read more

Published Date: Sep 25, 2024 (2 months, 3 weeks ago)
  • Cybersecurity News
CISA Warns of Actively Exploited Ivanti vTM Flaw CVE-2024-7593 (CVSS 9.8), PoC Published

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent advisory regarding an actively exploited security vulnerability impacting Ivanti Virtual Traffic Manager (vTM), a ... Read more

Published Date: Sep 24, 2024 (2 months, 3 weeks ago)
  • Cybersecurity News
CVE-2024-9043 (CVSS 9.8): Cellopoint Secure Email Gateway Flaw Puts Sensitive Data at Risk

A recently disclosed vulnerability (CVE-2024-9043) in Cellopoint’s Secure Email Gateway (SEG) could expose enterprise email systems to critical security risks, making it an urgent matter for administr ... Read more

Published Date: Sep 24, 2024 (2 months, 3 weeks ago)
  • Cybersecurity News
CVE-2024-7490: Urgent Warning for IoT Devices Using Microchip ASF, No Patch Available

The latest vulnerability disclosure identifies a significant security flaw in the Microchip Advanced Software Framework (ASF), specifically within its tinydhcp server implementation. This vulnerabilit ... Read more

Published Date: Sep 23, 2024 (2 months, 3 weeks ago)
  • Help Net Security
Week in review: Critical VMware vCenter Server bugs fixed, Apple releases iOS 18

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Critical VMware vCenter Server bugs fixed (CVE-2024-38812) Broadcom has released fixes for two vulnera ... Read more

Published Date: Sep 22, 2024 (2 months, 3 weeks ago)
  • TheCyberThrone
TheCyberThrone Security Week In Review – September 21, 2024

Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings. This review is for the week ending Saturday, September 21, 2024.Microsoft Kernel Vulne ... Read more

Published Date: Sep 22, 2024 (2 months, 3 weeks ago)
  • Dark Reading
Ivanti's Cloud Service Appliance Attacked via Second Vuln

Source: Kristoffer Tripplaar via Alamy Stock PhotoLess than two weeks after patching one flaw, Ivanti announced on Sept. 19 that a second, critical Cloud Services Appliance (CSA) vulnerability is bein ... Read more

Published Date: Sep 20, 2024 (2 months, 3 weeks ago)
  • The Register
Ivanti patches exploited admin command execution flaw

The US Cybersecurity and Infrastructure Security Agency (CISA) just added the latest Ivanti weakness to its Known Exploited Vulnerability (KEV) catalog, a situation sure to annoy some – given that it' ... Read more

Published Date: Sep 20, 2024 (2 months, 3 weeks ago)
  • security.nl
Ivanti waarschuwt voor actief misbruik van 'toevallig' gepatcht CSA-lek

Softwarebedrijf Ivanti waarschuwt klanten voor een kritiek path traversal-lek in Cloud Service Appliance (CSA) waar aanvallers actief misbruik van maken en dat 'bij toeval' op 10 september werd opgelo ... Read more

Published Date: Sep 20, 2024 (2 months, 4 weeks ago)
  • TheCyberThrone
Ivanti fixes CVE-2024-8963 Flaw that added to KEV catalog

Ivanti has released a patch for a critical vulnerability in its new Cloud Services Appliance (CSA) vulnerability, which will lead to a path traversal issueThe vulnerability tracked as CVE-2024-8963 wi ... Read more

Published Date: Sep 20, 2024 (2 months, 4 weeks ago)
  • The Hacker News
Critical Ivanti Cloud Appliance Vulnerability Exploited in Active Cyberattacks

Enterprise Security / Network Security Ivanti has revealed that a critical security flaw impacting Cloud Service Appliance (CSA) has come under active exploitation in the wild. The new vulnerability, ... Read more

Published Date: Sep 20, 2024 (2 months, 4 weeks ago)
  • Cybersecurity News
Critical Flaw in Ivanti CSA 4.6: CVE-2024-8963 Actively Exploited, Urgent Upgrade Required

Ivanti, a leader in enterprise software, has disclosed a critical vulnerability in its Ivanti Connect Secure Appliance (CSA) 4.6, identified as CVE-2024-8963. This vulnerability, rated at a CVSS score ... Read more

Published Date: Sep 20, 2024 (2 months, 4 weeks ago)
  • Cybersecurity News
PoC Exploit Releases for Exploited Vulnerability CVE-2024-8190 in Ivanti Cloud Services Appliance

Authenticated Command Injection | Image: Horizon3.aiA proof-of-concept (PoC) exploit for CVE-2024-8190, an exploited OS command injection vulnerability in Ivanti Cloud Services Appliance, is now publi ... Read more

Published Date: Sep 20, 2024 (2 months, 4 weeks ago)
  • BleepingComputer
Ivanti warns of another critical CSA flaw exploited in attacks

Image: MidjourneyToday, Ivanti warned that threat actors are exploiting another Cloud Services Appliance (CSA) security flaw in attacks targeting a limited number of customers. Tracked as CVE-2024-896 ... Read more

Published Date: Sep 19, 2024 (2 months, 4 weeks ago)
  • Help Net Security
PoC exploit for exploited Ivanti Cloud Services Appliance flaw released (CVE-2024-8190)

CVE-2024-8190, an OS command injection vulnerability in Ivanti Cloud Services Appliance (CSA) v4.6, is under active exploitation. Details about the attacks are still unknown, but there may be more in ... Read more

Published Date: Sep 17, 2024 (3 months ago)
  • Cybersecurity News
166k+ Projects at Risk: AutoGPT’s Critical Vulnerability Explained – CVE-2024-6091 (CVSS 9.8)

A significant security vulnerability has been discovered in AutoGPT, a powerful AI tool designed to automate tasks through intelligent agents. With over 166k stars on GitHub, AutoGPT has gained popula ... Read more

Published Date: Sep 17, 2024 (3 months ago)
  • Dark Reading
Ivanti Cloud Bug Goes Under Exploit After Alarms Are Raised

Source: NicoElNino via Alamy Stock PhotoJust days after Ivanti released an advisory regarding a high-severity vulnerability in its Cloud Service Appliance (CSA), the company is alerting customers that ... Read more

Published Date: Sep 16, 2024 (3 months ago)
  • BleepingComputer
Exploit code released for critical Ivanti RCE flaw, patch now

A proof-of-concept (PoC) exploit for CVE-2024-29847, a critical remote code execution (RCE) vulnerability in Ivanti Endpoint Manager, is now publicly released, making it crucial to update devices. The ... Read more

Published Date: Sep 16, 2024 (3 months ago)
  • databreaches.net
Multiple attacks forces CISA to order agencies to upgrade or remove end-of-life Ivanti appliance

Jonathan Greig reports: The nation’s top cyber watchdogs urged federal agencies to either remove or upgrade an Ivanti appliance that is no longer being updated and has been exploited in attacks. The t ... Read more

Published Date: Sep 14, 2024 (3 months ago)
  • TheCyberThrone
CISA adds Ivanti Bug CVE-2024-8190 to its Catalog

The US CISA added Ivanti vulnerability tracked as CVE-2024-8190 to its Known Exploited Vulnerabilities Catalog based on the evidence of active exploitationThe vulnerability affects Ivanti Cloud Servic ... Read more

Published Date: Sep 14, 2024 (3 months ago)
  • security.nl
Ivanti meldt actief misbruik van beveiligingslek in Cloud Service Appliance

Aanvallers maken actief misbruik van een beveiligingslek in Ivanti Cloud Service Appliance (CSA), zo heeft het bedrijf zelf bekendgemaakt. Via de CSA kunnen organisaties software uitrollen, updates in ... Read more

Published Date: Sep 14, 2024 (3 months ago)
  • The Hacker News
Ivanti Warns of Active Exploitation of Newly Patched Cloud Appliance Vulnerability

Enterprise Security / Threat Intelligence Ivanti has revealed that a newly patched security flaw in its Cloud Service Appliance (CSA) has come under active exploitation in the wild. The high-severity ... Read more

Published Date: Sep 14, 2024 (3 months ago)
  • Cybersecurity News
CISA & Ivanti Warn of Active Exploitation Cloud Services Appliance Flaw CVE-2024-8190

A high-severity vulnerability (CVE-2024-8190) in Ivanti Cloud Services Appliance (CSA) is under active exploitation, prompting an urgent directive from the U.S. Cybersecurity and Infrastructure Securi ... Read more

Published Date: Sep 14, 2024 (3 months ago)
  • BleepingComputer
Ivanti warns high severity CSA flaw is now exploited in attacks

Ivanti confirmed on Friday that a high-severity vulnerability in its Cloud Services Appliance (CSA) solution is now actively exploited in attacks. "At the time of disclosure on September 10, we were n ... Read more

Published Date: Sep 13, 2024 (3 months ago)
  • Help Net Security
Ivanti fixes critical vulnerabilities in Endpoint Management (CVE-2024-29847)

Ivanti has fixed a slew of vulnerabilities affecting its Endpoint Manager solution, including a maximum severity one (CVE-2024-29847) that may allow unauthenticated attackers to remotely execute code ... Read more

Published Date: Sep 11, 2024 (3 months, 1 week ago)
  • The Hacker News
Ivanti Releases Urgent Security Updates for Endpoint Manager Vulnerabilities

Enterprise Security / Vulnerability Ivanti has released software updates to address multiple security flaws impacting Endpoint Manager (EPM), including 10 critical vulnerabilities that could result in ... Read more

Published Date: Sep 11, 2024 (3 months, 1 week ago)
  • The Register
Microsoft says it broke some Windows 10 patching – as it fixes flaws under attack

Patch Tuesday Another Patch Tuesday has dawned, as usual with the unpleasant news that there are pressing security weaknesses and blunders to address. Microsoft issued fixes for more than 70 flaws aff ... Read more

Published Date: Sep 11, 2024 (3 months, 1 week ago)
  • BleepingComputer
Ivanti fixes maximum severity RCE bug in Endpoint Management software

Ivanti has fixed a maximum severity vulnerability in its Endpoint Management software (EPM) that can let unauthenticated attackers gain remote code execution on the core server. Ivanti EPM helps admin ... Read more

Published Date: Sep 10, 2024 (3 months, 1 week ago)

The following table lists the changes that have been made to the CVE-2024-8190 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Modified Analysis by [email protected]

    Nov. 26, 2024

    Action Type Old Value New Value
    Changed Reference Type https://www.cisa.gov/news-events/alerts/2024/09/13/ivanti-releases-security-update-cloud-services-appliance No Types Assigned https://www.cisa.gov/news-events/alerts/2024/09/13/ivanti-releases-security-update-cloud-services-appliance Third Party Advisory, US Government Resource
  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Nov. 21, 2024

    Action Type Old Value New Value
    Added Reference https://www.cisa.gov/news-events/alerts/2024/09/13/ivanti-releases-security-update-cloud-services-appliance
  • Initial Analysis by [email protected]

    Sep. 16, 2024

    Action Type Old Value New Value
    Added CVSS V3.1 NIST AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
    Changed Reference Type https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Service-Appliance-CSA-CVE-2024-8190 No Types Assigned https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Service-Appliance-CSA-CVE-2024-8190 Vendor Advisory
    Added CWE NIST CWE-78
    Added CPE Configuration OR *cpe:2.3:a:ivanti:cloud_services_appliance:4.6:-:*:*:*:*:*:* *cpe:2.3:a:ivanti:cloud_services_appliance:4.6:patch_518:*:*:*:*:*:*
  • CVE CISA KEV Update by 9119a7d8-5eab-497f-8521-727c672e3725

    Sep. 14, 2024

    Action Type Old Value New Value
    Added Date Added 2024-09-13
    Added Vulnerability Name Ivanti Cloud Services Appliance OS Command Injection Vulnerability
    Added Due Date 2024-10-04
    Added Required Action As Ivanti CSA has reached End-of-Life status, users are urged to remove CSA 4.6.x from service or upgrade to the 5.0.x line of supported solutions, as future vulnerabilities on the 4.6.x version of CSA are unlikely to receive future security updates.
  • CVE Received by 3c1d8aa1-5a33-4ea4-8992-aadd6440af75

    Sep. 10, 2024

    Action Type Old Value New Value
    Added Description An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. The attacker must have admin level privileges to exploit this vulnerability.
    Added Reference ivanti https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Service-Appliance-CSA-CVE-2024-8190 [No types assigned]
    Added CWE ivanti CWE-78
    Added CVSS V3.1 ivanti AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2024-8190 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability