Lucene search

K

Cobalt Strike Security Vulnerabilities

cve
cve

CVE-2022-42948

Cobalt Strike 4.7.1 fails to properly escape HTML tags when they are displayed on Swing components. By injecting crafted HTML code, it is possible to remotely execute code in the Cobalt Strike...

9.8CVSS

9.4AI Score

0.025EPSS

2023-03-24 02:15 PM
383
In Wild
cve
cve

CVE-2022-39197

An XSS (Cross Site Scripting) vulnerability was found in HelpSystems Cobalt Strike through 4.7 that allowed a remote attacker to execute HTML on the Cobalt Strike teamserver. To exploit the vulnerability, one must first inspect a Cobalt Strike payload, and then modify the username field in the...

6.1CVSS

6AI Score

0.008EPSS

2022-09-22 01:15 AM
438
In Wild
3
cve
cve

CVE-2022-23317

CobaltStrike <=4.5 HTTP(S) listener does not determine whether the request URL begins with "/", and attackers can obtain relevant information by specifying the...

7.5CVSS

7.4AI Score

0.002EPSS

2022-02-15 01:15 PM
57
cve
cve

CVE-2021-36798

A Denial-of-Service (DoS) vulnerability was discovered in Team Server in HelpSystems Cobalt Strike 4.2 and 4.3. It allows remote attackers to crash the C2 server thread and block beacons' communication with...

7.5CVSS

7.4AI Score

0.003EPSS

2021-08-09 01:15 PM
56
In Wild
2