7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
Attacks against known vulnerabilities are one of the most common security risks. Have you seen an updated OWASP Top-10? A risk that used to be A09 Using Components with Known Vulnerabilities is now titledA06:2021-Vulnerable and Outdated Components. This category moved up to #06 from #9 in 2017. We highlighted this in our OWASP Top 10 2021 proposal that we published earlier this year.
We all know: _patch management is hard. _For many reasons: backward compatibility, code refactoring overheads, testing, legacy code. Patches and updates are just hard to apply on time. A kind of challenge where WAFs and API Security Platform products can be a perfect solution with their attack detection capabilities, virtual patches, and proactive vulnerability detection capabilities.
Wallarm introduces the new feature to highlight known attacks:
By using new filters, you can filter out all the known attacks for your analysis that drastically decreases the number of events for analysis. You can exclude events that are more likely to be mass scanning and random testing and instead focus on some unique events and unusual attacks. Itโs also a great way to identify any potential false positives as itโs highly unlikely that the output for the known attacks would have any of them. Just use this attack query to exclude all the typical/known attacks and get only unusual events:
For example, one of our customers had ~1K attacks for the last 7 days โ but only 12 events that were not relying on the typical tooling/CVEs/scanning. A huge difference in the amount of data to analyze.
Or another use case. Suppose you learn about some new CVE that is relevant to your tech stack. In that case, you can also instantly run a search query and check if there have been any exploitation attempts against your applications.
New feature is already deployed for the whole customer base. No updates and additional configuration are required.
These are some examples of usage.
Chose between searching of all events, known or unknown attacks
Search attacks by CVE
You can search for the attacks that use some particular CVE:
Or if you like, find all the events that are related to any known CVE by using known cve keywords:
The Wallarm team has added more than 1500 recent CVEs to the list and keeps updating the database every day. One of the objectives is that the team has to analyze all the new CVEs and introduce filters as soon as the public data on the CVE is published. Wallarm team also enumerates vulnerabilities backward by analysis of real attacks data to add filters for more known attacks and payloads seen in the wild.
The post Wallarm starts to highlight CVE to address OWASP Top-10 A6 Vulnerable and Outdated Components appeared first on Wallarm.
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N