Software Vulnerabilities

See the active software vulnerabilities that are being reported, bragged about or used.

You can choose from any available dates, and filter the results.

What you get

Use our data to quickly get the following insights:

The first vulnerability describes a cross-site scripting (XSS) vulnerabilities that was reported for emc rsa_validation_manager 3.2 (built by EMC Corp.). This vulnerability was published by National Institute of Standards and Technology (NIST) as CVE-2015-0526, and is classified as network exploitable vulnerabilities, no authentication instance vulnerabilities, low integrity impact, and medium complexity vulnerabilities.

The second vulnerability that allows for intercepted communications and stolen system information for users of the ESET website. This vulnerability was published by Google Project Zero.

Interactive API

Our interactive API powered this example using the link below.
  https://www.surfwatchlabs.com/api/v3/static/swagger.html#!/cyberFacts/getSoftwareVulnerabilities_get_6

To try it yourself, you'll need your Application ID and Application Key from My API Profile.

The Response

An excerpt of actual output from this insight:

[
  {
    "cyberfact_polarity":0,
    "cyberfact_score":61,
    "cyberfact_type_id":6,
    "cyberfact_id":285167,
    "event_date":"2015-06-22T15:59:00.070Z",
    "industry_targets":[
      {
        "industry_target_id":53388,
        "industry_target_description":"EMC Corp.",
        "industry_id":-7,
        "industry_description":"Information Technology",
        "industry_group_id":115,
        "industry_group_description":"Computer Hardware",
        "market":"NYSE"
      }
    ],
    "tags":[
      {
        "tag_id":151802,
        "tag":"cross-site scripting (XSS) vulnerabilities",
        "macro_tag_id":-308,
        "macro_tag":"Software vulnerability exploit",
        "tag_super_type_id":3,
        "tag_super_type":"Practice"
      },
      {
        "tag_id":130198,
        "tag":"vulnerability reporting",
        "macro_tag_id":-311,
        "macro_tag":"Security Research",
        "tag_super_type_id":3,
        "tag_super_type":"Practice"
      },
      {
        "tag_id":204685,
        "tag":"emc rsa_validation_manager 3.2",
        "macro_tag_id":-226,
        "macro_tag":"Management Software",
        "tag_super_type_id":2,
        "tag_super_type":"Target"
      },
      {
        "tag_id":204684,
        "tag":"CVE-2015-0526",
        "macro_tag_id":-308,
        "macro_tag":"Software vulnerability exploit",
        "tag_super_type_id":3,
        "tag_super_type":"Practice"
      },
      {
        "tag_id":40308,
        "tag":"no authentication instance vulnerabilities",
        "macro_tag_id":-308,
        "macro_tag":"Software vulnerability exploit",
        "tag_super_type_id":3,
        "tag_super_type":"Practice"
      },
      {
        "tag_id":40302,
        "tag":"network exploitable vulnerabilities",
        "macro_tag_id":-308,
        "macro_tag":"Software vulnerability exploit",
        "tag_super_type_id":3,
        "tag_super_type":"Practice"
      },
      {
        "tag_id":40311,
        "tag":"low integrity impact",
        "macro_tag_id":-509,
        "macro_tag":"Infected/Exploited Assets",
        "tag_super_type_id":5,
        "tag_super_type":"Effect"
      },
      {
        "tag_id":148166,
        "tag":"vulnerability disclosed",
        "macro_tag_id":-513,
        "macro_tag":"Threat Intelligence",
        "tag_super_type_id":5,
        "tag_super_type":"Effect"
      },
      {
        "tag_id":40304,
        "tag":"medium complexity vulnerabilities",
        "macro_tag_id":-308,
        "macro_tag":"Software vulnerability exploit",
        "tag_super_type_id":3,
        "tag_super_type":"Practice"
      },
      {
        "tag_id":127886,
        "tag":"National Institute of Standards and Technology (NIST)",
        "macro_tag_id":-600,
        "macro_tag":"Other Organizations",
        "tag_super_type_id":6,
        "tag_super_type":"Positive Actor"
      }
    ],
    "publication_date":"2015-06-25T00:00:00.000Z",
    "cyberfact_source":"http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0526",
    "cyberfact_type":"Vulnerabilities",
    "data_feed_ids":[
      -7,
      -100
    ]
  },
  {
    "cyberfact_polarity":0,
    "cyberfact_score":58,
    "cyberfact_type_id":6,
    "cyberfact_id":285131,
    "event_date":"2015-06-25T00:00:00.000Z",
    "industry_targets":[
      {
        "industry_target_id":101914,
        "industry_target_description":"ESET",
        "industry_id":-7,
        "industry_description":"Information Technology",
        "industry_group_id":118,
        "industry_group_description":"Software"
      }
    ],
    "tags":[
      {
        "tag_id":40064,
        "tag":"vulnerability discovered",
        "macro_tag_id":-513,
        "macro_tag":"Threat Intelligence",
        "tag_super_type_id":5,
        "tag_super_type":"Effect"
      },
      {
        "tag_id":20293,
        "tag":"stolen system information",
        "macro_tag_id":-500,
        "macro_tag":"Data Stolen/Leaked",
        "tag_super_type_id":5,
        "tag_super_type":"Effect"
      },
      {
        "tag_id":10682,
        "tag":"software vulnerability",
        "macro_tag_id":-308,
        "macro_tag":"Software vulnerability exploit",
        "tag_super_type_id":3,
        "tag_super_type":"Practice"
      },
      {
        "tag_id":103917,
        "tag":"ESET",
        "macro_tag_id":-280,
        "macro_tag":"Websites",
        "tag_super_type_id":2,
        "tag_super_type":"Target"
      },
      {
        "tag_id":100153,
        "tag":"intercepted communications",
        "macro_tag_id":-523,
        "macro_tag":"Intercepted Communications",
        "tag_super_type_id":5,
        "tag_super_type":"Effect"
      },
      {
        "tag_id":161570,
        "tag":"Google Project Zero",
        "macro_tag_id":-107,
        "macro_tag":"Information Security",
        "tag_super_type_id":6,
        "tag_super_type":"Positive Actor"
      },
      {
        "tag_id":130198,
        "tag":"vulnerability reporting",
        "macro_tag_id":-311,
        "macro_tag":"Security Research",
        "tag_super_type_id":3,
        "tag_super_type":"Practice"
      }
    ],
    "publication_date":"2015-06-25T00:00:00.000Z",
    "cyberfact_source":"http://www.reddit.com/r/netsec/comments/3avp8o/analysis_and_exploitation_of_an_eset_vulnerability/",
    "cyberfact_type":"Vulnerabilities",
    "data_feed_ids":[
      -7,
      -100
    ]
  }
]

The Code

Here is the code to do it yourself:

import javax.ws.rs.client.Client;
import javax.ws.rs.client.ClientBuilder;
import javax.ws.rs.client.WebTarget;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.MultivaluedHashMap;
import javax.ws.rs.core.MultivaluedMap;

public class CyberFactSoftwareVulnerabilities {

    private static final String API_BASE_URL = "https://www.surfwatchlabs.com:443/api/v3";

    public static void main( String[] args ) throws Exception {

        Client restClient = ClientBuilder.newClient();
        WebTarget target = restClient.target( API_BASE_URL )
                .path( "/cyberFacts/softwareVulnerabilities" )
                .queryParam( "startDate", "2015-06-25" )
                .queryParam( "endDate", "2015-06-25" );

        MultivaluedMap headers = new MultivaluedHashMap<>();
        headers.add( "app-id", "your-app-id" );
        headers.add( "app-key", "your-app-key" );

        String response = target
                .request( MediaType.APPLICATION_JSON )  // alternately set "Content-Type" header
                .headers( headers )
                .get( String.class );

        System.out.print( response );
    }

}
Or view the source on GitHub
require 'rest_client'
require 'json'

url = 'https://www.surfwatchlabs.com:443/api/v3/cyberFacts/softwareVulnerabilities'

header = {
  'content_type' => 'application/json',
  'app-key' => ENV['SURFWATCH_ANALYTICS_APP_KEY'],
  'app-id' => ENV['SURFWATCH_ANALYTICS_APP_ID'],
  params: {
    'startDate' => '2015-06-25',
    'endDate' => '2015-06-25'
  }
}
response = RestClient.get(url, header)
results = JSON.parse(response)
puts results
Or view the source on GitHub