This method allows the creation or the renewal of API Keys for MPA users. Once created and renewed, its validity is set to a default of 12 months.
\nThis methos is not stateless and must be anticipated by a regualar login session of an MPA user.
","urlObject":{"path":["api","v1","mpa","admin","api-key","claim"],"host":["{{url}}"],"query":[],"variable":[]}},"response":[{"id":"3aa2bfac-544a-45ad-84f9-dce1f7780704","name":"V2 - GET api-key/claim","originalRequest":{"method":"GET","header":[{"key":"Content-Type","value":"application/json"}],"url":"{{url}}/api/v1/mpa/admin/api-key/claim"},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[],"cookie":[],"responseTime":null,"body":"{\n \"success\": true,\n \"result\": {\n \"owner\": \"test8@zerorisk.io\",\n \"apiKey\": \"9jcansd6eccpukh18tgi1lsss2\",\n \"expiration\": \"1536064855819\"\n },\n \"errors\": null\n}"},{"id":"9d32df59-7d60-4d94-a62d-44616fdd9638","name":"V1 - GET api-key claim","originalRequest":{"method":"GET","header":[{"key":"Content-Type","value":"application/json"}],"url":"{{url}}/api/v1/mpa/admin/api-key/claim"},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"cache-control","value":"no-cache, no-store, max-age=0, must-revalidate","name":"cache-control","description":""},{"key":"content-length","value":"147","name":"content-length","description":""},{"key":"content-type","value":"application/json;charset=UTF-8","name":"content-type","description":""},{"key":"date","value":"Tue, 05 Sep 2017 08:24:59 GMT","name":"date","description":""},{"key":"expires","value":"0","name":"expires","description":""},{"key":"pragma","value":"no-cache","name":"pragma","description":""},{"key":"x-content-type-options","value":"nosniff","name":"x-content-type-options","description":""},{"key":"x-frame-options","value":"DENY","name":"x-frame-options","description":""}],"cookie":[{"expires":"Invalid Date","hostOnly":false,"httpOnly":false,"domain":".zerorisk.local","path":"/","secure":false,"session":true,"value":"%7B%22timeOfLastAPIActivity%22%3A%222017-09-03T18%3A37%3A55.253Z%22%2C%22reasonForInvalidation%22%3Anull%2C%22authenticated%22%3A%7B%7D%7D","key":"zr:session"},{"expires":"Invalid Date","hostOnly":false,"httpOnly":true,"domain":".zerorisk.local","path":"/","secure":false,"session":true,"value":"37D35BD3D6F24AA404A97E2E9511CF49","key":"JSESSIONID"},{"expires":"Invalid Date","hostOnly":false,"httpOnly":false,"domain":".zerorisk.local","path":"/","secure":false,"session":true,"value":"2bdd8ccb-a7e3-46bf-9bd1-c2f694806818","key":"X-CSRF-TOKEN"}],"responseTime":null,"body":"{\"success\": true, \"result\": {\"owner\": \"test8@zerorisk.io\", \"apiKey\": \"1k8a2cm8c14570nc18dob5rndf\", \"expiration\": \"1536135899595\"}, \"errors\": null }"}],"_postman_id":"cbaed5f4-3036-47ff-a968-45ed31112a11"},{"name":"api-key disable","id":"960742e3-3b53-4d1a-b46d-51cfed8195b2","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[{"key":"Content-Type","value":"application/json"},{"key":"Api-Key","value":"{{Api-Key}}"},{"key":"Api-Owner","value":"{{Api-Owner}}"}],"url":"{{url}}/api/v1/mpa/admin/api-key/disable","description":"This method allows the immediate disabling of API Keys for MPA users.
\nThis methos is not stateless and must be anticipated by a regualar login session of an MPA user.
","urlObject":{"path":["api","v1","mpa","admin","api-key","disable"],"host":["{{url}}"],"query":[],"variable":[]}},"response":[{"id":"38174110-5bd5-48e3-8bd6-5be4486dd121","name":"V1 - GET api-key disable","originalRequest":{"method":"GET","header":[{"key":"Content-Type","value":"application/json"},{"key":"Api-Key","value":"{{Api-Key}}"},{"key":"Api-Owner","value":"{{Api-Owner}}"}],"url":"{{url}}/api/v1/mpa/admin/api-key/disable"},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"cache-control","value":"no-cache, no-store, max-age=0, must-revalidate","name":"cache-control","description":""},{"key":"content-length","value":"125","name":"content-length","description":""},{"key":"content-type","value":"application/json;charset=UTF-8","name":"content-type","description":""},{"key":"date","value":"Tue, 05 Sep 2017 08:25:19 GMT","name":"date","description":""},{"key":"expires","value":"0","name":"expires","description":""},{"key":"pragma","value":"no-cache","name":"pragma","description":""},{"key":"x-content-type-options","value":"nosniff","name":"x-content-type-options","description":""},{"key":"x-frame-options","value":"DENY","name":"x-frame-options","description":""}],"cookie":[{"expires":"Invalid Date","hostOnly":false,"httpOnly":false,"domain":".zerorisk.local","path":"/","secure":false,"session":true,"value":"%7B%22timeOfLastAPIActivity%22%3A%222017-09-03T18%3A37%3A55.253Z%22%2C%22reasonForInvalidation%22%3Anull%2C%22authenticated%22%3A%7B%7D%7D","key":"zr:session"},{"expires":"Invalid Date","hostOnly":false,"httpOnly":true,"domain":".zerorisk.local","path":"/","secure":false,"session":true,"value":"37D35BD3D6F24AA404A97E2E9511CF49","key":"JSESSIONID"},{"expires":"Invalid Date","hostOnly":false,"httpOnly":false,"domain":".zerorisk.local","path":"/","secure":false,"session":true,"value":"2bdd8ccb-a7e3-46bf-9bd1-c2f694806818","key":"X-CSRF-TOKEN"}],"responseTime":null,"body":"{\"success\": true, \"result\": {\"owner\": \"test8@zerorisk.io\", \"apiKey\": \"null\", \"expiration\": \"1536128700000\"}, \"errors\": null }"}],"_postman_id":"960742e3-3b53-4d1a-b46d-51cfed8195b2"}],"id":"ac54caa8-0c0f-4eee-86fe-cb67bc7af964","_postman_id":"ac54caa8-0c0f-4eee-86fe-cb67bc7af964","description":""},{"name":"users","item":[{"name":"sign_in","event":[{"listen":"test","script":{"id":"3e6c07d4-08e7-4d1d-87eb-8e0e12d5fab7","exec":["var response = pm.response.json()","if(response.result && response.result.token)"," pm.environment.set(\"x-auth-token\", response.result.token)","","","var xsrfCookie = postman.getResponseCookie(\"X-CSRF-TOKEN\");","if(xsrfCookie)"," postman.setEnvironmentVariable(\"xsrf-token\", xsrfCookie.value)"],"type":"text/javascript"}}],"id":"a9fc3692-a87f-48c2-b72d-20dfacef599a","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[{"key":"Content-Type","value":"application/json"}],"body":{"mode":"raw","raw":"{\n \"username\": \"test8@zerorisk.io\",\n \"password\": \"password\"\n}"},"url":"{{url}}/api/v1/users/sign_in","description":"This method the creation of a session ID (token) for all V1 APIs, which are stateful in nature. The session ID (token) must be used to consume all available V1 APIs, with the exclusion of the API Keys Disabling which is executed in a stateless context.
\nThis methos requires valid users credentials for ZeroRisk MPA Portal.
","urlObject":{"path":["api","v1","users","sign_in"],"host":["{{url}}"],"query":[],"variable":[]}},"response":[{"id":"88f763b2-b4c1-40f5-9068-6fe834235876","name":"V1 - POST Sign In","originalRequest":{"method":"POST","header":[{"key":"Content-Type","name":"Content-Type","value":"application/json","type":"text"},{"key":"Api-Owner","value":"{{Api-Owner}}"},{"key":"Api-Key","value":"{{Api-Key}}"}],"body":{"mode":"raw","raw":"{\n \"username\": \"test8@zerorisk.io\",\n \"password\": \"password\"\n}","options":{"raw":{"language":"json"}}},"url":"{{url}}/api/v1/users/sign_in"},"status":"OK","code":200,"_postman_previewlanguage":"plainText","header":[{"key":"access-control-allow-credentials","value":"true","name":"access-control-allow-credentials","description":""},{"key":"access-control-allow-origin","value":"chrome-extension://aicmkgpgakddgnaphhhpliifpcfhicfo","name":"access-control-allow-origin","description":""},{"key":"access-control-expose-headers","value":"Access-Control-Allow-Origin, Access-Control-Allow-Credentials","name":"access-control-expose-headers","description":""},{"key":"cache-control","value":"no-cache, no-store, max-age=0, must-revalidate","name":"cache-control","description":""},{"key":"content-length","value":"107","name":"content-length","description":""},{"key":"date","value":"Tue, 05 Sep 2017 08:24:34 GMT","name":"date","description":""},{"key":"expires","value":"0","name":"expires","description":""},{"key":"pragma","value":"no-cache","name":"pragma","description":""},{"key":"vary","value":"Origin","name":"vary","description":""},{"key":"x-content-type-options","value":"nosniff","name":"x-content-type-options","description":""},{"key":"x-frame-options","value":"DENY","name":"x-frame-options","description":""}],"cookie":[{"expires":"Invalid Date","hostOnly":false,"httpOnly":false,"domain":".zerorisk.local","path":"/","secure":false,"session":true,"value":"%7B%22timeOfLastAPIActivity%22%3A%222017-09-03T18%3A37%3A55.253Z%22%2C%22reasonForInvalidation%22%3Anull%2C%22authenticated%22%3A%7B%7D%7D","key":"zr:session"},{"expires":"Invalid Date","hostOnly":false,"httpOnly":true,"domain":".zerorisk.local","path":"/","secure":false,"session":true,"value":"37D35BD3D6F24AA404A97E2E9511CF49","key":"JSESSIONID"},{"expires":"Invalid Date","hostOnly":false,"httpOnly":false,"domain":".zerorisk.local","path":"/","secure":false,"session":true,"value":"2bdd8ccb-a7e3-46bf-9bd1-c2f694806818","key":"X-CSRF-TOKEN"}],"responseTime":null,"body":"{\"result\":{\"token\":\"37D35BD3D6F24AA404A97E2E9511CF49\",\"userId\":8,\"entityId\":8},\"success\":true,\"error\":null}"}],"_postman_id":"a9fc3692-a87f-48c2-b72d-20dfacef599a"}],"id":"d2a3d27f-aaa8-42b8-b946-2a8a56b88008","_postman_id":"d2a3d27f-aaa8-42b8-b946-2a8a56b88008","description":""}],"id":"8ea457b3-eeb0-4681-8872-d106fa592e8e","_postman_id":"8ea457b3-eeb0-4681-8872-d106fa592e8e","description":""},{"name":"V2","item":[{"name":"mpa","item":[{"name":"users","item":[{"name":"users","id":"67df2d76-e0ed-4ef0-966f-c7a7d79f6e19","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[{"key":"Content-Type","value":"application/json"},{"key":"Api-Key","value":"{{Api-Key}}"},{"key":"Api-Owner","value":"{{Api-Owner}}"}],"url":"{{url}}/api/v2/shared/public/mpa/users","description":"This method allows the retrieval of all merchants' users connected to an MPA account, including base details and ZeroRisk IDs.
\nThe method is only used by Merchant Portfolio Authorities users with a valid API KEY.
\nThis method allows the retrieval of a given merchant user given his unique identifier.
\nThe method is only used by Merchant Portfolio Authorities users with a valid API KEY.
\nThis method allows the retrieval of a given merchant user given his unique identifier.
\nThe method is only used by Merchant Portfolio Authorities users with a valid API KEY.
\nThis method allows the creation of a merchant user, and the inclusion of this user within a specific merchant by specifying the merchant identificator.
\nThe method is only used by Merchant Portfolio Authorities users with a valid API KEY.
\nThis sections is dedicated to the primary zerorisk user of the merchant being created. This user will be able to login to the Merchant Portal and will be invited based on the passwordLess option in the Merchant section.
\nThis method allows the edit of a given merchant user, identified by the ZeroRisk ID.
This method can also be used to disable users by setting the dedicated flag equals to \"true\".
The method is only used by Merchant Portfolio Authorities users with a valid API KEY.
\nThis method allows the retrieval of all merchants connected to an MPA account, including base details and ZeroRisk IDs.
\nThe method is only used by Merchant Portfolio Authorities users with a valid API KEY.
\nThis method allows the retrieval of a given merchant given his unique identifier.
\nThe method is only used by Merchant Portfolio Authorities users with a valid API KEY.
\nCreation of a Merchant and its Primary User
\nThis method allows the creation of a Merchant Entity that will be created in the domain of the requesting user whose MPA entity will own the created merchant.
\nThis version allows the creation of the Merchant structure along with its necessary primary user that can be automatically invited by mean of a welcome email, simply using the dedicated \"passwordLess\" field explained below.
\nPrerequsites
\nThe method is only used by Merchant Portfolio Authorities users with a valid API KEY.
\nHeader Fields
\nRequest Body Fields
\nMerchant
\nThis section is dedicated to basic parameters describing the merchant and the behaviour of the merchant registration request itself.
\nmid (Optional)
\nA string representing the Merchant ID as available from the MPA internal records.
\nlevel (Optional)
\nA string representing the Merchant Level. Accepted values are: \"LEVEL1\"; \"LEVEL2\"; \"LEVEL3\"; \"LEVEL4\".
\npasswordLess
\nWhen set to TRUE, the principal user will NOT be invited automatically to allow delayed invitation via Password-Less links. If set to FALSE, the user will be notified via email and invited to join ZeroRisk autonomously. This option only works when the User object is provided as part of the request.
\nlastReminder (Optional)
\nWhen set to FALSE, the merchant will not receive the fourth and last reminder of the creation flow. Its default value is \"TRUE\".
\nContact Info
\nThis section is dedicated to business information about the merchant being registered.
\ncompanyName
\nA string representing the comany business name of the registered entity.
\ncontactName
\nA string representing the name of the individual legally representing the company, such user won't be given access to ZeroRisk by default.
\ndba (Optional)
\nA string representing the DBA name of the registered company.
\ntitle
\nA string representing the business title of the individual legally representing the company.
\nphone
\nA string representing the phone number of the company being registered. Accepted format: prefix+number with no spaces or special characters (i.e. 00442456677895)
\nfax (Optional)
\nA string representing the fax number of the company being registered. Accepted format: prefix+number with no spaces or special characters (i.e. 00442456677895).
\nThe email of the individual legally representing the company being registered.
\nUser
\nThis sections is dedicated to the primary zerorisk user of the merchant being created. This user will be able to login to the Merchant Portal and will be invited based on the passwordLess option in the Merchant section.
\nThe email of the individual acting as the Primary User of the company being registered within ZeroRisk.
\nusername (optional)
\nA unique username to identify the user. Needed when it is desired to register more than one user with the same email..
\nfirstName
\nA string representing the first name of the individual acting as the Primary User of the company being registered within ZeroRisk.
\nlastName
\nA string representing the last name of the individual acting as the Primary User of the company being registered within ZeroRisk.
\ntitle
\nA string representing the business title of the individual acting as the Primary User of the company being registered within ZeroRisk.
\nAddress
\nThis section is dedicated to the location information of the merchant being registered.
\nbusinessAddress
\nA single line string representing the business headquarter address of the company being registered.
\ncity
\nA string representing the business headquarter city of the company being registered.
\nstateProvince (Optional)
\nA string representing the state or province shortcut if required by local ligislations. Admitted values are (IT, UK, CA, etc.).
\ncountry
\nA string representing the business headquarter country of the company being registered.
\nzipCode (Optional)
\nA string representing the business headquarter zip code of the company being registered. Only official zip codes formats admitted (i.e. 80100, LT-4567).
\nurl (Optional)
\nA string representing the website URL of the company being registered. Admitted values are in the canonical format \"www.advantio.com\".
\nThis method allows the creation of a user specific seamless access token that can be used to integrate and facilitate merchants logins within existing applications.
\nThis will return the existing login-url, if this has not yet reached the expiration period set in the MPA customizaion (by default, 90 days).
\nIf othwerise a login-url is not found for the given user, or it has reached its expiration date, a new login-url will be generated.
The method is only used by Merchant Portfolio Authorities users with a valid API KEY.
\nThis method allows the creation of the Merchant structure along with its necessary primary user and a 3 months valid login URL.
\nThe method is only used by Merchant Portfolio Authorities users with a valid API KEY.
\nThis section is dedicated to basic parameters describing the merchant and the behaviour of the merchant registration request itself.
\nlevel (Optional): A string representing the Merchant Level.
\nNOT IMPLEMENTED - externalId (Optional): A string representing an additional unique ID generated by an external connected system to associate to the merchant internal ID generated by ZeroRisk.
\nmpa (Optional): A list representing the MPA IDs which the created Merchant must be bound to. If not specified, the merchant will be associated to the MPA entity requesting the creation.
The MPA indicated must be connected to the requesting MPA via the hierarchical system.
This section is dedicated to business information about the merchant being registered.
\ncompanyName: A string representing the comany business name of the registered entity.
\ncontactName: A string representing the name of the individual legally representing the company, such user won't be given access to ZeroRisk by default.
\ndba (Optional): A string representing the DBA name of the registered company.
\ntitle: A string representing the business title of the individual legally representing the company.
\nphone: A string representing the phone number of the company being registered. Accepted format: prefix+number with no spaces or special characters (i.e. 00442456677895)
\nfax (Optional): A string representing the fax number of the company being registered. Accepted format: prefix+number with no spaces or special characters (i.e. 00442456677895).
\nemail: The email of the individual legally representing the company being registered.
\nThis sections is dedicated to the primary zerorisk user of the merchant being created. This user will be able to login to the Merchant Portal and will be invited based on the passwordLess option in the Merchant section.
\nemail: The email of the individual acting as the Primary User of the company being registered within ZeroRisk.
\nfirstName: A string representing the first name of the individual acting as the Primary User of the company being registered within ZeroRisk.
\nlastName: A string representing the last name of the individual acting as the Primary User of the company being registered within ZeroRisk.
\nusername: A string representinge the username which identifies the user. Needed when it is desired to register more than one user with the same email.
\ntitle: A string representing the business title of the individual acting as the Primary User of the company being registered within ZeroRisk.
\nThis section is dedicated to the location information of the merchant being registered.
\nbusinessAddress: A single line string representing the business headquarter address of the company being registered.
\ncity: A string representing the business headquarter city of the company being registered.
\nstateProvince (Optional): A string representing the state or province shortcut if required by local ligislations. Admitted values are (IT, UK, CA, etc.).
\ncountry: A string representing the business headquarter country of the company being registered.
\nzipCode (Optional): A string representing the business headquarter zip code of the company being registered. Only official zip codes formats admitted (i.e. 80100, LT-4567).
\nurl (Optional): A string representing the website URL of the company being registered. Admitted values are in the canonical format \"www.advantio.com\".
\nThis method allows the retrieval of all merchants connected to an MPA account, including base details and ZeroRisk IDs.
\nThe method is only used by Merchant Portfolio Authorities users with a valid API KEY.
\nThis method allows the retrieval of a given merchant given his unique identifier.
\nThe method is only used by Merchant Portfolio Authorities users with a valid API KEY.
\nThis method allows the retrieval of SAQs of a given merchant.
\n\nThe method is only used by Merchant Portfolio Authorities users with a valid API KEY.
\n\nApi-Key = \"Api Key Value\"
Api-Owner = \"authorised user email\"
page = Indicates the page number to provide.
\nperPage = Indicates the number of records to be provided for each page.
\nquestionnaireStatuses = One or multiple values from the list (DRAFT, SUBMITTED, EXPIRING, EXPIRED, ARCHIVED, PENDING_APPROVAL, AWAITING_UPLOAD) separated by a comma, indicating the SAQ statuses to filter out.
\nsaqTypes = One or multiple values from the list (SAQ_A, SAQ_A_EP, SAQ_B, SAQ_B_IP, SAQ_C, SAQ_C_VT, SAQ_D, SAQ_D_SP, SAQ_P2PE, ROC, RAQ, OTHER, UPLOADED, SAQ_SPOC) separated by a comma, indicating the SAQ type to filter out.
\n","urlObject":{"path":["api","v3","shared","public","mpa","merchants","78","saqs"],"host":["{{url}}"],"query":[{"key":"page","value":"1"},{"key":"perPage","value":"10"},{"key":"questionnaireStatuses","value":null},{"key":"saqTypes","value":null}],"variable":[]}},"response":[],"_postman_id":"2ef5f356-2e60-48b9-9ff3-e4b4b35e888e"},{"name":"merchants/id/saqs","id":"b6dbafa1-57b4-4e14-96e2-505ce03d26d5","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[{"key":"Content-Type","value":"application/json"},{"key":"Api-Key","value":"{{Api-Key}}"},{"key":"Api-Owner","value":"{{Api-Owner}}"}],"url":"{{url}}/api/v3/shared/public/mpa/merchants/78/saqs?saqType=SAQ_A","description":"This method allows the creation of SAQs for a given merchant.
\n\nThe method is only used by Merchant Portfolio Authorities users with a valid API KEY.
\n\nApi-Key = \"Api Key Value\"
Api-Owner = \"authorised user email\"
saqType = A value from the list: (SAQ_A, SAQ_A_EP, SAQ_B, SAQ_B_IP, SAQ_C, SAQ_C_VT, SAQ_D, SAQ_D_SP, SAQ_P2PE, ROC, RAQ, OTHER, UPLOADED, SAQ_SPOC).
\n","urlObject":{"path":["api","v3","shared","public","mpa","merchants","78","saqs"],"host":["{{url}}"],"query":[{"key":"saqType","value":"SAQ_A"}],"variable":[]}},"response":[],"_postman_id":"b6dbafa1-57b4-4e14-96e2-505ce03d26d5"},{"name":"merchants/id/dashboard","id":"4e44881e-f737-4d19-b185-5874ff0db7dc","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[{"key":"Content-Type","value":"application/json"},{"key":"Api-Key","value":"{{Api-Key}}"},{"key":"Api-Owner","value":"{{Api-Owner}}"}],"url":"{{url}}/api/v3/shared/public/mpa/merchants/78/dashbaord","description":"This method allows the retrieval of the dashboard object of a given merchant.
\n\nThe method is only used by Merchant Portfolio Authorities users with a valid API KEY.
\n\nApi-Key = \"Api Key Value\"
Api-Owner = \"authorised user email\"
N/A
\n","urlObject":{"path":["api","v3","shared","public","mpa","merchants","78","dashbaord"],"host":["{{url}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"4e44881e-f737-4d19-b185-5874ff0db7dc"},{"name":"merchants/statistics","id":"46cdcd43-294b-45fa-ae34-d229923b0904","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[{"key":"Content-Type","value":"application/json"},{"key":"Api-Key","value":"{{Api-Key}}"},{"key":"Api-Owner","value":"{{Api-Owner}}"}],"url":"{{url}}/api/v3/shared/public/mpa/merchants/statistics?segmentId&mpaId","description":"This method allows the retrieval of the statistics object for the whole merchants portfolio.
\n\nThe method is only used by Merchant Portfolio Authorities users with a valid API KEY.
\n\nApi-Key = \"Api Key Value\"
Api-Owner = \"authorised user email\"
segmentId = A numerical identifier for the segment to limit the statisics object to merchants in the segments only.
\nmpaId = A numerical identifier for the MPA entity to operate on, so to limit the statisics object to merchants in relation with the specific MPA. Please note the requesting user must have permissions to access the provided MPA identifier.
\n","urlObject":{"path":["api","v3","shared","public","mpa","merchants","statistics"],"host":["{{url}}"],"query":[{"key":"segmentId","value":null},{"key":"mpaId","value":null}],"variable":[]}},"response":[],"_postman_id":"46cdcd43-294b-45fa-ae34-d229923b0904"},{"name":"merchants/id/asv/assets","id":"469d1d17-b3d7-4913-839f-04aff975c98a","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[{"key":"Content-Type","value":"application/json"},{"key":"Api-Key","value":"{{Api-Key}}"},{"key":"Api-Owner","value":"{{Api-Owner}}"}],"url":"{{url}}/api/v3/shared/public/mpa/merchants/78/asv/assets?page=1&perPage=10&pciPassed","description":"This method allows the retrieval of all ASV assets registered for a given merchant.
\n\nThe method is only used by Merchant Portfolio Authorities users with a valid API KEY.
\n\nApi-Key = \"Api Key Value\"
Api-Owner = \"authorised user email\"
page = Indicates the page number to provide.
\nperPage = Indicates the number of records to be provided for each page.
\npciPassed = A true/false boolean value that filters for PCI status. If false, only non PCI compliant assets will be returned. If true, only PCI compliant assets will be returned. Null to return all records.
\n","urlObject":{"path":["api","v3","shared","public","mpa","merchants","78","asv","assets"],"host":["{{url}}"],"query":[{"key":"page","value":"1"},{"key":"perPage","value":"10"},{"key":"pciPassed","value":null}],"variable":[]}},"response":[],"_postman_id":"469d1d17-b3d7-4913-839f-04aff975c98a"},{"name":"merchants/asv/assets","id":"ed639b8a-9bde-44ac-a48f-f552e80b2b2a","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[{"key":"Content-Type","value":"application/json"},{"key":"Api-Key","value":"{{Api-Key}}"},{"key":"Api-Owner","value":"{{Api-Owner}}"}],"url":"{{url}}/api/v3/shared/public/mpa/merchants/asv/assets?page=1&perPage=10&pciPassed","description":"This method allows the retrieval of all ASV assets for all connected merchants.
\n\nThe method is only used by Merchant Portfolio Authorities users with a valid API KEY.
\n\nApi-Key = \"Api Key Value\"
Api-Owner = \"authorised user email\"
page = Indicates the page number to provide.
\nperPage = Indicates the number of records to be provided for each page.
\npciPassed = A true/false boolean value that filters for PCI status. If false, only non PCI compliant assets will be returned. If true, only PCI compliant assets will be returned. Null to return all records.
\n","urlObject":{"path":["api","v3","shared","public","mpa","merchants","asv","assets"],"host":["{{url}}"],"query":[{"key":"page","value":"1"},{"key":"perPage","value":"10"},{"key":"pciPassed","value":null}],"variable":[]}},"response":[],"_postman_id":"ed639b8a-9bde-44ac-a48f-f552e80b2b2a"},{"name":"merchants/id/asv/scans","id":"45957041-30ec-479e-8422-47399143ebd6","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[{"key":"Content-Type","value":"application/json"},{"key":"Api-Key","value":"{{Api-Key}}"},{"key":"Api-Owner","value":"{{Api-Owner}}"}],"url":"{{url}}/api/v3/shared/public/mpa/merchants/78/asv/scans?page=1&perPage=10&status","description":"This method allows the retrieval of ASV Scans of a given merchant.
\n\nThe method is only used by Merchant Portfolio Authorities users with a valid API KEY.
\n\nApi-Key = \"Api Key Value\"
Api-Owner = \"authorised user email\"
page = Indicates the page number to provide.
\nperPage = Indicates the number of records to be provided for each page.
\nstatus = One or multiple values from the list (CREATED, RUNNING, PAUSED, FINISHED, FAILED, QUEUED, SCHEDULED, CANCELED, ERROR, PENDING_APPROVAL, REJECTED, APPROVED) separated by a comma, indicating the SAQ type to filter out.
\n","urlObject":{"path":["api","v3","shared","public","mpa","merchants","78","asv","scans"],"host":["{{url}}"],"query":[{"key":"page","value":"1"},{"key":"perPage","value":"10"},{"key":"status","value":null}],"variable":[]}},"response":[],"_postman_id":"45957041-30ec-479e-8422-47399143ebd6"},{"name":"merchants/asv/scans","id":"2cfa2651-2ddf-496e-b3ad-90888d4ced31","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[{"key":"Content-Type","value":"application/json"},{"key":"Api-Key","value":"{{Api-Key}}"},{"key":"Api-Owner","value":"{{Api-Owner}}"}],"url":"{{url}}/api/v3/shared/public/mpa/merchants/asv/scans?page=1&perPage=10&status","description":"This method allows the retrieval of ASV Scans of all connected merchant.
\n\nThe method is only used by Merchant Portfolio Authorities users with a valid API KEY.
\n\npage = Indicates the page number to provide.
\nperPage = Indicates the number of records to be provided for each page.
\nstatus = One or multiple values from the list (CREATED, RUNNING, PAUSED, FINISHED, FAILED, QUEUED, SCHEDULED, CANCELED, ERROR, PENDING_APPROVAL, REJECTED, APPROVED) separated by a comma, indicating the SAQ type to filter out.
\n","urlObject":{"path":["api","v3","shared","public","mpa","merchants","asv","scans"],"host":["{{url}}"],"query":[{"key":"page","value":"1"},{"key":"perPage","value":"10"},{"key":"status","value":null}],"variable":[]}},"response":[],"_postman_id":"2cfa2651-2ddf-496e-b3ad-90888d4ced31"},{"name":"merchants/id/asv/assets/vulnerabilities","id":"975312eb-477b-4063-84ed-c55069373a8d","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[{"key":"Content-Type","value":"application/json"},{"key":"Api-Key","value":"{{Api-Key}}"},{"key":"Api-Owner","value":"{{Api-Owner}}"}],"url":"{{url}}/api/v3/shared/public/mpa/merchants/78/asv/assets/vulnerabilities?page=1&perPage=10&pciFlag","description":"This method allows the retrieval of ASV Scans vulnerabilities of one given merchant, limited to the latest scan executed on all assets registered by the merchant.
\n\nThe method is only used by Merchant Portfolio Authorities users with a valid API KEY.
\n\npage = Indicates the page number to provide.
\nperPage = Indicates the number of records to be provided for each page.
\npciFlag = A true/false boolean value that filters for PCI affecting vulnerabilities. If false, only non PCI affecting vulnerabilities will be returned. If true, only PCI affecting vulnerabilities will be returned. Null to return all records.
\n","urlObject":{"path":["api","v3","shared","public","mpa","merchants","78","asv","assets","vulnerabilities"],"host":["{{url}}"],"query":[{"key":"page","value":"1"},{"key":"perPage","value":"10"},{"key":"pciFlag","value":null}],"variable":[]}},"response":[],"_postman_id":"975312eb-477b-4063-84ed-c55069373a8d"},{"name":"merchants/asv/assets/vulnerabilities","id":"a01e06cd-f79e-49ca-90fb-67210742046b","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[{"key":"Content-Type","value":"application/json"},{"key":"Api-Key","value":"{{Api-Key}}"},{"key":"Api-Owner","value":"{{Api-Owner}}"}],"url":"{{url}}/api/v3/shared/public/mpa/merchants/asv/assets/vulnerabilities?page=1&perPage=10&pciFlag","description":"This method allows the retrieval of ASV Scans vulnerabilities of all connected merchant, limited to the latest scan executed on all assets registered by each merchant.
\n\nThe method is only used by Merchant Portfolio Authorities users with a valid API KEY.
\n\nApi-Key = \"Api Key Value\"
Api-Owner = \"authorised user email\"
page = Indicates the page number to provide.
\nperPage = Indicates the number of records to be provided for each page.
\npciFlag = A true/false boolean value that filters for PCI affecting vulnerabilities. If false, only non PCI affecting vulnerabilities will be returned. If true, only PCI affecting vulnerabilities will be returned. Null to return all records.
\n","urlObject":{"path":["api","v3","shared","public","mpa","merchants","asv","assets","vulnerabilities"],"host":["{{url}}"],"query":[{"key":"page","value":"1"},{"key":"perPage","value":"10"},{"key":"pciFlag","value":null}],"variable":[]}},"response":[],"_postman_id":"a01e06cd-f79e-49ca-90fb-67210742046b"},{"name":"merchants","id":"cc7b1bca-e6a7-4357-b7eb-0abe13101e5c","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[{"key":"Content-Type","value":"application/json"},{"key":"Api-Key","value":"{{Api-Key}}"},{"key":"Api-Owner","value":"{{Api-Owner}}"}],"body":{"mode":"raw","raw":"{\n \"merchant\": {\n \"mids\": [\n {\n \"mpa\": 8,\n \"mid\": \"1234\"\n },\n {\n \"mpa\": 9,\n \"mid\": \"5678\"\n }\n ],\n \"parent\": 123456789\n },\n \"contactInfo\": {\n \"companyName\": \"Advantio Test Merchant\",\n \"dba\": null,\n \"contactName\": \"John Smith\",\n \"title\": \"CTO\",\n \"phone\": \"12345678\",\n \"fax\": \"12345678\",\n \"email\": \"john.smith@advantio.comm\"\n },\n \"address\": {\n \"businessAddress\": \"TBD\",\n \"city\": \"TBD\",\n \"stateProvince\": \"TBD\",\n \"country\": \"TBD\",\n \"zipCode\": \"2\",\n \"url\": \"www.zerorisk.io\"\n }\n}"},"url":"{{url}}/api/v3/shared/public/mpa/merchants","description":"This method allows the creation of a Merchant Entity that will be created in the domain of the requesting user whose MPA entity will own the created merchant.
\n\nThis version allows the creation of the Merchant structure
\n\nThe method is only used by Merchant Portfolio Authorities users with a valid API KEY.
\n\nApi-Key = \"Api Key Value\"
Api-Owner = \"authorised user email\"
This section is dedicated to basic parameters describing the merchant and the behaviour of the merchant registration request itself.
\n\nmids: A list of pairs (mpa, mid) which represent the Merchant ID linked to each MPA in the hierarchy.
mid: A string representing the Merchant ID as available from the MPA internal records.
Accepted Values and Format: All UTF-8 approved characters excluding HTML tags.
Size: Maximum 255 characters
mpa (Optional): A list representing the MPA IDs which the created Merchant must be bound to. If not specified, the merchant will be associated to the MPA entity requesting the creation.
The MPA indicated must be connected to the requesting MPA via the hierarchical system.
Accepted values: A list of integer numbers (IDs of valid MPA identifiers).
level (Optional): A string representing the Merchant Level. Accepted values are: \"LEVEL1\"; \"LEVEL2\"; \"LEVEL3\"; \"LEVEL4\".
Accepted values: \"LEVEL1\"; \"LEVEL2\"; \"LEVEL3\"; \"LEVEL4\".
lastReminder (Optional): When set to false, the merchant will not receive the fourth and last reminder of the creation flow. Its default value is true.
Accepted values: boolean values true, false.
This section is dedicated to business information about the merchant being registered.
\n\ncompanyName: A string representing the comapny business name of the registered entity.
Accepted Values and Format: All UTF-8 approved characters excluding HTML tags.
Size: Maximum 255 characters
contactName: A string representing the name of the individual legally representing the company, such user won't be given access to ZeroRisk by default.
Accepted Values and Format: All UTF-8 approved characters excluding HTML tags.
Size: Maximum 255 characters
dba: A string representing the DBA name of the registered company. (Optional)
Accepted Values and Format: All UTF-8 approved characters excluding HTML tags.
Size: Maximum 255 characters
title: A string representing the business title of the individual legally representing the company.
Accepted Values and Format: All UTF-8 approved characters excluding HTML tags.
Size: Maximum 255 characters
phone: A string representing the phone number of the company being registered. Accepted format: prefix+number with no spaces or special characters (i.e. 00442456677895).
Accepted Values and Format: All UTF-8 approved characters excluding HTML tags.
Size: Minimum 5 characters / Maximum 20 characters
fax (Optional): A string representing the fax number of the company being registered. Accepted format: prefix+number with no spaces or special characters (i.e. 00442456677895).
Accepted Values and Format: All UTF-8 approved characters excluding HTML tags.
Size: Minimum 5 characters / Maximum 20 characters
email: The email of the individual legally representing the company being registered.
Accepted Values and Format: ISO compliant email format
Size: Maximum 255 characters
This section is dedicated to the location information of the merchant being registered.
\n\nbusinessAddress: A one line string representing the business headquarter address of the company being registered.
Accepted Values and Format: All UTF-8 approved characters excluding HTML tags.
Size: Maximum 255 characters
city: A string representing the business headquarter city of the company being registered.
Accepted Values and Format: All UTF-8 approved characters excluding HTML tags.
Size: Maximum 255 characters
stateProvince (Optional): A string representing the state or province shortcut if required by local ligislations. Admitted values are (IT, UK, CA, etc.).
Accepted Values and Format: All UTF-8 approved characters excluding HTML tags.
Size: Maximum 255 characters
country: A string representing the business headquarter country of the company being registered.
Accepted Values and Format: All UTF-8 approved characters excluding HTML tags.
Size: Maximum 255 characters
zipCode (Optional): A string representing the business headquarter zip code of the company being registered. Only official zip codes formats admitted (i.e. 80100, LT-4567)
Accepted Values and Format: All UTF-8 approved characters excluding HTML tags.
Size: Maximum 255 characters
url (Optional): A string representing the website URL of the company being registered. Admitted values are in the canonical format \"www.advantio.com\".
Accepted Values and Format: All UTF-8 approved characters excluding HTML tags.
Size: Maximum 255 characters
This method allows the creation of a Merchant Entity that will be created in the domain of the requesting user whose MPA entity will own the created merchant.
\n\nThis version allows the creation of the Merchant structure
\n\nThe method is only used by Merchant Portfolio Authorities users with a valid API KEY.
\n\nApi-Key = \"Api Key Value\"
Api-Owner = \"authorised user email\"
This section is dedicated to basic parameters describing the merchant and the behaviour of the merchant registration request itself.
\n\nmids: A list of pairs (mpa, mid) which represent the Merchant ID linked to each MPA in the hierarchy.
mid: A string representing the Merchant ID as available from the MPA internal records.
Accepted Values and Format: All UTF-8 approved characters excluding HTML tags.
Size: Maximum 255 characters
mpa (Optional): A list representing the MPA IDs which the created Merchant must be bound to. If not specified, the merchant will be associated to the MPA entity requesting the creation.
The MPA indicated must be connected to the requesting MPA via the hierarchical system.
Accepted values: A list of integer numbers (IDs of valid MPA identifiers).
level (Optional): A string representing the Merchant Level. Accepted values are: \"LEVEL1\"; \"LEVEL2\"; \"LEVEL3\"; \"LEVEL4\".
Accepted values: \"LEVEL1\"; \"LEVEL2\"; \"LEVEL3\"; \"LEVEL4\".
lastReminder (Optional): When set to false, the merchant will not receive the fourth and last reminder of the creation flow. Its default value is true.
Accepted values: boolean values true, false.
This section is dedicated to business information about the merchant being registered.
\n\ncompanyName: A string representing the comapny business name of the registered entity.
Accepted Values and Format: All UTF-8 approved characters excluding HTML tags.
Size: Maximum 255 characters
contactName: A string representing the name of the individual legally representing the company, such user won't be given access to ZeroRisk by default.
Accepted Values and Format: All UTF-8 approved characters excluding HTML tags.
Size: Maximum 255 characters
dba: A string representing the DBA name of the registered company. (Optional)
Accepted Values and Format: All UTF-8 approved characters excluding HTML tags.
Size: Maximum 255 characters
title: A string representing the business title of the individual legally representing the company.
Accepted Values and Format: All UTF-8 approved characters excluding HTML tags.
Size: Maximum 255 characters
phone: A string representing the phone number of the company being registered. Accepted format: prefix+number with no spaces or special characters (i.e. 00442456677895).
Accepted Values and Format: All UTF-8 approved characters excluding HTML tags.
Size: Minimum 5 characters / Maximum 20 characters
fax (Optional): A string representing the fax number of the company being registered. Accepted format: prefix+number with no spaces or special characters (i.e. 00442456677895).
Accepted Values and Format: All UTF-8 approved characters excluding HTML tags.
Size: Minimum 5 characters / Maximum 20 characters
email: The email of the individual legally representing the company being registered.
Accepted Values and Format: ISO compliant email format
Size: Maximum 255 characters
This section is dedicated to the location information of the merchant being registered.
\n\nbusinessAddress: A one line string representing the business headquarter address of the company being registered.
Accepted Values and Format: All UTF-8 approved characters excluding HTML tags.
Size: Maximum 255 characters
city: A string representing the business headquarter city of the company being registered.
Accepted Values and Format: All UTF-8 approved characters excluding HTML tags.
Size: Maximum 255 characters
stateProvince (Optional): A string representing the state or province shortcut if required by local ligislations. Admitted values are (IT, UK, CA, etc.).
Accepted Values and Format: All UTF-8 approved characters excluding HTML tags.
Size: Maximum 255 characters
country: A string representing the business headquarter country of the company being registered.
Accepted Values and Format: All UTF-8 approved characters excluding HTML tags.
Size: Maximum 255 characters
zipCode (Optional): A string representing the business headquarter zip code of the company being registered. Only official zip codes formats admitted (i.e. 80100, LT-4567)
Accepted Values and Format: All UTF-8 approved characters excluding HTML tags.
Size: Maximum 255 characters
url (Optional): A string representing the website URL of the company being registered. Admitted values are in the canonical format \"www.advantio.com\".
Accepted Values and Format: All UTF-8 approved characters excluding HTML tags.
Size: Maximum 255 characters
This method allows the creation of a user specific seamless access token that can be used to integrate and facilitate merchants logins within existing applications.
\nThe method is only used by Merchant Portfolio Authorities users with a valid API KEY.
\nThis method allows the retrieval of all merchants' users connected to an MPA account, including base details and ZeroRisk IDs.
\nThe method is only used by Merchant Portfolio Authorities users with a valid API KEY.
\nThis method allows the retrieval of a given merchant user given his unique identifier.
\nThe method is only used by Merchant Portfolio Authorities users with a valid API KEY.
\nThis method allows the creation of a merchant user, and the inclusion of this user within a specific merchant by specifying the merchant identificator.
\nThe method is only used by Merchant Portfolio Authorities users with a valid API KEY.
\nThis sections is dedicated to the primary zerorisk user of the merchant being created. This user will be able to login to the Merchant Portal and will be invited based on the passwordLess option in the Merchant section.
\ntrue, the principal user will NOT be invited autoamtically to allow delayed invitation via Password-Less links. If set to false, the user will be notified via email and invited to join ZeroRisk autonomously.\n true, falseThis method allows the edit of a given merchant user, identified by the ZeroRisk ID.
This method can also be used to disable users by setting the dedicated flag equals to \"true\".
The method is only used by Merchant Portfolio Authorities users with a valid API KEY.
\nfalse the user will be disabled and prevented to login ZeroRisk.\n true, falseThis method allows the retrieval of all devices connected to a Top Zone Entity hierarchy, including base details and ZeroRisk IDs.
\nThe method is only used by PINPoint Admin users with a valid API KEY.
\nIN_STOCK, IN_TRANSIT, INSTALLED, IN_MAINTENANCE, DISMISSED) (Multiple values allowed)STANDARD, UNATTENDED, IOT, CONTACTLESS_ONLY (Multiple values allowed)perPage one, otherwise it will be ignored\npage one, otherwise it will be ignored\nThis method allows the retrieval of a single Device connected to a Top Zone Entity hierarchy, including base details and ZeroRisk IDs.
\nThe method is only used by PINPoint Admin users with a valid API KEY.
\nThis method allows the creation of a single Device within a Top Zone Entity hierarchy
\nThe method is only used by PINPoint Admin users with a valid API KEY.
\nThis method allows the update of a single Device within a Top Zone Entity hierarchy
\nThe method is only used by PINPoint Admin users with a valid API KEY.
\nThe following documentation covers all avaialble APIs to support integrations with existing applications.
The method is only used by Merchant Portfolio Authorities users with a valid API KEY.
Api-Key = \"Api Key Value\"
Api-Owner = \"authorised user email\"
Removes the specified endpoint from the subscription list of one existing assessment.
\n","urlObject":{"path":["private","subscription"],"host":["{{url}}"],"query":[{"description":{"content":"(Required) endpoint
\n","type":"text/plain"},"key":"endpoint","value":"https://mysite.test"},{"description":{"content":"externalId
\n","type":"text/plain"},"key":"externalId","value":""},{"description":{"content":"host
\n","type":"text/plain"},"key":"host","value":"pennymarket.it"}],"variable":[]}},"response":[{"id":"aa46b109-69d4-490e-9e15-d8d2ef998927","name":"Forbidden","originalRequest":{"method":"DELETE","header":[],"url":{"raw":"{{baseUrl}}/api/srs/v1/private/subscription?endpoint=Add the specified endpoint to the subscription list of one existing assessment. Every refresh of the record will trigger a POST action to the given endpoint, thus implementing the webhook feature.
\n","urlObject":{"path":["private","subscription"],"host":["{{url}}"],"query":[{"description":{"content":"(Required) endpoint
\n","type":"text/plain"},"key":"endpoint","value":"https://pf.zerorisk.io/api/v2/hooks/srs"},{"description":{"content":"externalId
\n","type":"text/plain"},"key":"externalId","value":""},{"description":{"content":"host
\n","type":"text/plain"},"key":"host","value":"pennymarket.it"}],"variable":[]}},"response":[{"id":"11395955-cdd8-4370-a3a5-d58e8683aee7","name":"subscribe","originalRequest":{"method":"GET","header":[{"key":"X-Consumer-Id","value":"{{X-Consumer-Id}}","type":"text"},{"key":"X-Consumer-Key","value":"{{X-Consumer-Key}}","type":"text"},{"key":"Content-Type","value":"application/json","type":"text"}],"url":{"raw":"{{url}}/private/subscription?endpoint=https://mysite.test&externalId=&host=pennymarket.it","host":["{{url}}"],"path":["private","subscription"],"query":[{"key":"endpoint","value":"https://mysite.test","description":"(Required) endpoint"},{"key":"externalId","value":"","description":"externalId"},{"key":"host","value":"pennymarket.it","description":"host"}]}},"status":"Not Found","code":404,"_postman_previewlanguage":"json","header":[{"key":"Content-Type","value":"application/json"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Date","value":"Fri, 05 Feb 2021 13:25:00 GMT"},{"key":"Keep-Alive","value":"timeout=60"},{"key":"Connection","value":"keep-alive"}],"cookie":[],"responseTime":null,"body":"{\n \"status\": \"NOT_FOUND\",\n \"timestamp\": \"05-02-2021 01:25:00\",\n \"message\": \"Unknown assessment.\",\n \"debugMessage\": null,\n \"subErrors\": null\n}"},{"id":"e45db0f6-92ee-4360-b629-2e02ef9a9bdd","name":"Forbidden","originalRequest":{"method":"GET","header":[],"url":{"raw":"{{baseUrl}}/api/srs/v1/private/subscription?endpoint=Method is used to fetch an assessment from the database by using its domain name or its external id.
\nThe method will return the report for a completed assessment or the status in the case of running assessment.
\nA 404 error is returned in case a domain matching assessment is not found.
\n","urlObject":{"path":["private","assessment",""],"host":["{{url}}"],"query":[{"disabled":true,"key":"externalId","value":""},{"key":"host","value":"pennymarket.it"}],"variable":[]}},"response":[{"id":"fa84c2a2-88c3-4072-b505-c35103a7e948","name":"assessment","originalRequest":{"method":"GET","header":[{"key":"Content-Type","value":"application/json"},{"key":"X-Consumer-Id","value":"{{X-Consumer-Id}}"},{"key":"X-Consumer-Key","value":"{{X-Consumer-Key}}","type":"text"}],"url":{"raw":"{{url}}/private/assessment/?host=pennymarket.it","host":["{{url}}"],"path":["private","assessment",""],"query":[{"key":"externalId","value":"","disabled":true},{"key":"host","value":"pennymarket.it"}]}},"status":"Not Found","code":404,"_postman_previewlanguage":"json","header":[{"key":"Content-Type","value":"application/json"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Date","value":"Fri, 05 Feb 2021 13:13:00 GMT"},{"key":"Keep-Alive","value":"timeout=60"},{"key":"Connection","value":"keep-alive"}],"cookie":[],"responseTime":null,"body":"{\n \"status\": \"NOT_FOUND\",\n \"timestamp\": \"05-02-2021 01:13:00\",\n \"message\": \"Unknown assessment.\",\n \"debugMessage\": null,\n \"subErrors\": null\n}"},{"id":"78808558-667a-4d94-8926-345fc64af4d2","name":"assessment","originalRequest":{"method":"GET","header":[{"key":"Content-Type","value":"application/json"},{"key":"X-Consumer-Id","value":"{{X-Consumer-Id}}"},{"key":"X-Consumer-Key","value":"{{X-Consumer-Key}}","type":"text"}],"url":{"raw":"{{url}}/private/assessment/?host=certs.advantio.com","host":["{{url}}"],"path":["private","assessment",""],"query":[{"key":"externalId","value":"","disabled":true},{"key":"host","value":"certs.advantio.com"}]}},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"Content-Type","value":"application/json"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Date","value":"Fri, 05 Feb 2021 13:11:48 GMT"},{"key":"Keep-Alive","value":"timeout=60"},{"key":"Connection","value":"keep-alive"}],"cookie":[],"responseTime":null,"body":"{\n \"domain\": \"http://certs.advantio.com\",\n \"host\": \"certs.advantio.com\",\n \"externalId\": \"d280c2ee48fd443f8ece08488f38e9311599641910426\",\n \"assessmentType\": \"FULL\",\n \"assessmentStatus\": \"COMPLETED\",\n \"history\": [\n {\n \"timeStamp\": \"2020-10-26T14:34:59.539+00:00\",\n \"summarizedFindings\": {\n \"spending\": null,\n \"totalCost\": 630,\n \"certificatesRiskGrade\": 4,\n \"certificatesRiskGradeCompletenessPercentage\": 100,\n \"domainsGlobalTrustScore\": 80,\n \"domainsGlobalTrustScoreCompletenessPercentage\": 100,\n \"ipsGlobalSecurityScore\": 59,\n \"ipsCvesAverageCvssScore\": null,\n \"globalTrustScore\": 69,\n \"globalTrustScoreCompletenessPercentage\": 100,\n \"paymentPropertiesTrustScore\": null,\n \"globalOverlayedTrustScore\": 75,\n \"paymentPropertiesOverlayedTrustScore\": null,\n \"ipsCvesTotalNumber\": 0,\n \"securityHeadersViolations\": 37,\n \"isNonPopularCmsFound\": false,\n \"isPulsesAvailable\": false\n },\n \"status\": \"COMPLETED\"\n },\n {\n \"timeStamp\": \"2020-10-26T14:34:59.539+00:00\",\n \"summarizedFindings\": {\n \"spending\": null,\n \"totalCost\": 630,\n \"certificatesRiskGrade\": 4,\n \"certificatesRiskGradeCompletenessPercentage\": 100,\n \"domainsGlobalTrustScore\": 80,\n \"domainsGlobalTrustScoreCompletenessPercentage\": 100,\n \"ipsGlobalSecurityScore\": 59,\n \"ipsCvesAverageCvssScore\": null,\n \"globalTrustScore\": 69,\n \"globalTrustScoreCompletenessPercentage\": 100,\n \"paymentPropertiesTrustScore\": null,\n \"globalOverlayedTrustScore\": 75,\n \"paymentPropertiesOverlayedTrustScore\": null,\n \"ipsCvesTotalNumber\": 0,\n \"securityHeadersViolations\": 37,\n \"isNonPopularCmsFound\": false,\n \"isPulsesAvailable\": false\n },\n \"status\": \"COMPLETED\"\n },\n {\n \"timeStamp\": \"2020-10-26T14:34:59.539+00:00\",\n \"summarizedFindings\": {\n \"spending\": null,\n \"totalCost\": 630,\n \"certificatesRiskGrade\": 4,\n \"certificatesRiskGradeCompletenessPercentage\": 100,\n \"domainsGlobalTrustScore\": 80,\n \"domainsGlobalTrustScoreCompletenessPercentage\": 100,\n \"ipsGlobalSecurityScore\": 59,\n \"ipsCvesAverageCvssScore\": null,\n \"globalTrustScore\": 69,\n \"globalTrustScoreCompletenessPercentage\": 100,\n \"paymentPropertiesTrustScore\": null,\n \"globalOverlayedTrustScore\": 75,\n \"paymentPropertiesOverlayedTrustScore\": null,\n \"ipsCvesTotalNumber\": 0,\n \"securityHeadersViolations\": 37,\n \"isNonPopularCmsFound\": false,\n \"isPulsesAvailable\": false\n },\n \"status\": \"COMPLETED\"\n },\n {\n \"timeStamp\": \"2021-02-02T15:09:49.692+00:00\",\n \"summarizedFindings\": {\n \"spending\": null,\n \"totalCost\": 610,\n \"certificatesRiskGrade\": 3,\n \"certificatesRiskGradeCompletenessPercentage\": 100,\n \"domainsGlobalTrustScore\": 72,\n \"domainsGlobalTrustScoreCompletenessPercentage\": 100,\n \"ipsGlobalSecurityScore\": 72,\n \"ipsCvesAverageCvssScore\": null,\n \"globalTrustScore\": 72,\n \"globalTrustScoreCompletenessPercentage\": 100,\n \"paymentPropertiesTrustScore\": null,\n \"globalOverlayedTrustScore\": 71,\n \"paymentPropertiesOverlayedTrustScore\": null,\n \"ipsCvesTotalNumber\": 0,\n \"securityHeadersViolations\": 36,\n \"isNonPopularCmsFound\": false,\n \"isPulsesAvailable\": true\n },\n \"status\": \"COMPLETED\"\n },\n {\n \"timeStamp\": \"2021-02-02T16:19:25.653+00:00\",\n \"summarizedFindings\": null,\n \"status\": \"COMPLETED\"\n }\n ],\n \"report\": {\n \"businessDetails\": {\n \"spending\": null,\n \"isShoppingCartDiscovered\": null,\n \"trafficRanks\": null,\n \"domainAge\": null,\n \"webPage\": null,\n \"saqs\": [\n \"SAQ_A\"\n ],\n \"channels\": [\n \"E_COMMERCE\"\n ],\n \"merchantLevel\": null,\n \"state\": null,\n \"country\": null,\n \"city\": null,\n \"vertical\": null,\n \"postcode\": null,\n \"companyName\": null\n },\n \"accuracy\": {\n \"evaluatedPortsOnIpsPercentage\": 100,\n \"evaluatedRiskOnIpsPercentage\": 100,\n \"isTechnologyAssessed\": false,\n \"isDataLeaksAssessed\": true,\n \"isMxRecordAssessed\": false,\n \"evaluatedRiskOnSubDomainsPercentage\": 100\n },\n \"surfaceComplexity\": {\n \"onlineSubdomains\": 5,\n \"offlineSubdomains\": null,\n \"excludedSubdomains\": null,\n \"discoveredIps\": 3,\n \"exclusiveIpsPercentage\": 60,\n \"discoveredPortsGrade\": 5,\n \"discoveredHostingProvidersGrade\": null,\n \"discoveredHostingProviders\": null\n },\n \"technologyAssessments\": [],\n \"certificates\": [\n {\n \"domain\": \"go.advantio.com\",\n \"openedPort\": 443,\n \"protocol\": \"tcp\",\n \"versions\": null,\n \"expired\": false,\n \"certificateRiskGrade\": 1,\n \"issuer\": \"Cloudflare, Inc.\",\n \"isIssuerTrusted\": false,\n \"blacklisted\": false,\n \"validPeer\": true,\n \"deprecatedIssuer\": false,\n \"nameMatch\": true,\n \"valid\": true,\n \"isTlsPortWithNoCertificate\": false,\n \"analysisSource\": \"a\",\n \"ipv4\": \"199.60.103.254\"\n },\n {\n \"domain\": \"www.advantio.com\",\n \"openedPort\": 443,\n \"protocol\": \"tcp\",\n \"versions\": null,\n \"expired\": false,\n \"certificateRiskGrade\": 1,\n \"issuer\": \"Cloudflare, Inc.\",\n \"isIssuerTrusted\": false,\n \"blacklisted\": false,\n \"validPeer\": true,\n \"deprecatedIssuer\": false,\n \"nameMatch\": true,\n \"valid\": true,\n \"isTlsPortWithNoCertificate\": false,\n \"analysisSource\": \"a\",\n \"ipv4\": \"199.60.103.254\"\n },\n {\n \"domain\": \"mail.advantio.com\",\n \"openedPort\": 443,\n \"protocol\": \"tcp\",\n \"versions\": null,\n \"expired\": false,\n \"certificateRiskGrade\": 1,\n \"issuer\": \"Cloudflare, Inc.\",\n \"isIssuerTrusted\": false,\n \"blacklisted\": false,\n \"validPeer\": true,\n \"deprecatedIssuer\": false,\n \"nameMatch\": true,\n \"valid\": true,\n \"isTlsPortWithNoCertificate\": false,\n \"analysisSource\": \"a\",\n \"ipv4\": \"199.60.103.254\"\n },\n {\n \"domain\": \"blue.advantio.com\",\n \"openedPort\": 443,\n \"protocol\": \"tcp\",\n \"versions\": [\n \"-TLSv1\",\n \"-SSLv2\",\n \"-SSLv3\",\n \"-TLSv1.1\",\n \"TLSv1.2\",\n \"-TLSv1.3\"\n ],\n \"expired\": false,\n \"certificateRiskGrade\": 1,\n \"issuer\": \"GoDaddy.com, Inc.\",\n \"isIssuerTrusted\": false,\n \"blacklisted\": false,\n \"validPeer\": true,\n \"deprecatedIssuer\": false,\n \"nameMatch\": true,\n \"valid\": true,\n \"isTlsPortWithNoCertificate\": false,\n \"analysisSource\": \"a+s\",\n \"ipv4\": \"54.154.32.113\"\n },\n {\n \"domain\": \"certs.advantio.com\",\n \"openedPort\": 443,\n \"protocol\": \"tcp\",\n \"versions\": [\n \"-TLSv1\",\n \"-SSLv2\",\n \"-SSLv3\",\n \"-TLSv1.1\",\n \"TLSv1.2\",\n \"TLSv1.3\"\n ],\n \"expired\": false,\n \"certificateRiskGrade\": 1,\n \"issuer\": \"GoDaddy.com, Inc.\",\n \"isIssuerTrusted\": false,\n \"blacklisted\": false,\n \"validPeer\": true,\n \"deprecatedIssuer\": false,\n \"nameMatch\": true,\n \"valid\": true,\n \"isTlsPortWithNoCertificate\": false,\n \"analysisSource\": \"a+s\",\n \"ipv4\": \"188.166.129.254\"\n }\n ],\n \"mxRecord\": {\n \"isDmarcEnabled\": null,\n \"isDmarcEnforced\": null,\n \"isEmailConfigured\": null,\n \"isEmailSpoofable\": null,\n \"isFreeEmail\": null\n },\n \"rootDomainExposure\": {\n \"isDataLeaked\": false,\n \"isBlacklisted\": false,\n \"dataLeaks\": null,\n \"blacklists\": null\n },\n \"domainsSecurity\": {\n \"securityHeaders\": [\n {\n \"domain\": \"go.advantio.com\",\n \"violations\": [\n {\n \"headerName\": \"strict-transport-security\",\n \"violationReason\": \"Missing security header.\",\n \"violationGrade\": 3\n },\n {\n \"headerName\": \"x-content-type-options\",\n \"violationReason\": \"Missing security header.\",\n \"violationGrade\": 3\n },\n {\n \"headerName\": \"referrer-policy\",\n \"violationReason\": \"Missing security header.\",\n \"violationGrade\": 3\n },\n {\n \"headerName\": \"x-frame-options\",\n \"violationReason\": \"Missing security header.\",\n \"violationGrade\": 3\n },\n {\n \"headerName\": \"content-security-policy\",\n \"violationReason\": \"Missing security header.\",\n \"violationGrade\": 3\n },\n {\n \"headerName\": \"x-xss-protection\",\n \"violationReason\": \"Missing security header. This is deprecated by content-security-policy.\",\n \"violationGrade\": 3\n },\n {\n \"headerName\": \"x-permitted-cross-domain-policies\",\n \"violationReason\": \"Missing security header.\",\n \"violationGrade\": 3\n },\n {\n \"headerName\": \"feature-policy\",\n \"violationReason\": \"Missing security header.\",\n \"violationGrade\": 3\n }\n ],\n \"code\": 301,\n \"status\": \"HTTP/1.1 301 Moved Permanently\",\n \"date\": \"Tue, 02 Feb 2021 17:00:00 GMT\",\n \"server\": \"cloudflare\",\n \"upgrade\": null,\n \"connection\": \"keep-alive\",\n \"last-modified\": null,\n \"etag\": null,\n \"accept-ranges\": null,\n \"content-length\": null,\n \"vary\": \"Accept-Encoding\",\n \"content-type\": null,\n \"strict-transport-security\": null,\n \"x-xss-protection\": null,\n \"x-content-type-options\": null,\n \"referrer-policy\": null,\n \"x-frame-options\": null,\n \"content-security-policy\": null,\n \"x-permitted-cross-domain-policies\": null,\n \"feature-policy\": null,\n \"expect-ct\": \"max-age=604800, report-uri=\\\"https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct\\\"\",\n \"set-cookie\": \"__cfduid=d8eba999bb1b8242764011c806ad2e9ad1612285200; expires=Thu, 04-Mar-21 17:00:00 GMT; path=/; domain=.go.advantio.com; HttpOnly; SameSite=Lax __cfruid=99a85f93277acc9e56f7851af672eaf75d376b52-1612285200; path=/; domain=.go.advantio.com; HttpOnly; Secure; SameSite=None\"\n },\n {\n \"domain\": \"blue.advantio.com\",\n \"violations\": [\n {\n \"headerName\": \"strict-transport-security\",\n \"violationReason\": \"Missing security header.\",\n \"violationGrade\": 3\n },\n {\n \"headerName\": \"x-content-type-options\",\n \"violationReason\": \"Missing security header.\",\n \"violationGrade\": 3\n },\n {\n \"headerName\": \"referrer-policy\",\n \"violationReason\": \"Missing security header.\",\n \"violationGrade\": 3\n },\n {\n \"headerName\": \"x-frame-options\",\n \"violationReason\": \"Missing security header.\",\n \"violationGrade\": 3\n },\n {\n \"headerName\": \"content-security-policy\",\n \"violationReason\": \"Missing security header.\",\n \"violationGrade\": 3\n },\n {\n \"headerName\": \"x-xss-protection\",\n \"violationReason\": \"Missing security header. This is deprecated by content-security-policy.\",\n \"violationGrade\": 3\n },\n {\n \"headerName\": \"x-permitted-cross-domain-policies\",\n \"violationReason\": \"Missing security header.\",\n \"violationGrade\": 3\n },\n {\n \"headerName\": \"feature-policy\",\n \"violationReason\": \"Missing security header.\",\n \"violationGrade\": 3\n },\n {\n \"headerName\": \"expect-ct\",\n \"violationReason\": \"Missing security header.\",\n \"violationGrade\": 1\n }\n ],\n \"code\": 403,\n \"status\": \"HTTP/1.1 403 Forbidden\",\n \"date\": \"Tue, 02 Feb 2021 17:00:11 GMT\",\n \"server\": \"nginx\",\n \"upgrade\": null,\n \"connection\": \"keep-alive\",\n \"last-modified\": null,\n \"etag\": null,\n \"accept-ranges\": null,\n \"content-length\": \"162\",\n \"vary\": null,\n \"content-type\": \"text/html\",\n \"strict-transport-security\": null,\n \"x-xss-protection\": null,\n \"x-content-type-options\": null,\n \"referrer-policy\": null,\n \"x-frame-options\": null,\n \"content-security-policy\": null,\n \"x-permitted-cross-domain-policies\": null,\n \"feature-policy\": null,\n \"expect-ct\": null,\n \"set-cookie\": null\n },\n {\n \"domain\": \"www.advantio.com\",\n \"violations\": [\n {\n \"headerName\": \"x-content-type-options\",\n \"violationReason\": \"Missing security header.\",\n \"violationGrade\": 3\n },\n {\n \"headerName\": \"x-frame-options\",\n \"violationReason\": \"Missing security header.\",\n \"violationGrade\": 3\n },\n {\n \"headerName\": \"x-permitted-cross-domain-policies\",\n \"violationReason\": \"Missing security header.\",\n \"violationGrade\": 3\n },\n {\n \"headerName\": \"feature-policy\",\n \"violationReason\": \"Missing security header.\",\n \"violationGrade\": 3\n }\n ],\n \"code\": 200,\n \"status\": \"HTTP/1.1 200 OK\",\n \"date\": \"Tue, 02 Feb 2021 17:00:21 GMT\",\n \"server\": \"cloudflare\",\n \"upgrade\": null,\n \"connection\": \"keep-alive\",\n \"last-modified\": null,\n \"etag\": null,\n \"accept-ranges\": null,\n \"content-length\": null,\n \"vary\": \"Accept-Encoding\",\n \"content-type\": \"text/html;charset=utf-8\",\n \"strict-transport-security\": \"max-age=3628800\",\n \"x-xss-protection\": null,\n \"x-content-type-options\": null,\n \"referrer-policy\": \"no-referrer-when-downgrade\",\n \"x-frame-options\": null,\n \"content-security-policy\": \"upgrade-insecure-requests\",\n \"x-permitted-cross-domain-policies\": null,\n \"feature-policy\": null,\n \"expect-ct\": \"max-age=604800, report-uri=\\\"https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct\\\"\",\n \"set-cookie\": \"__cfduid=dcd2b6cfca95c6de7a9aaf12c0545c0a11612285221; expires=Thu, 04-Mar-21 17:00:21 GMT; path=/; domain=.www.advantio.com; HttpOnly; SameSite=Lax __cfruid=fea2f20552b738c32b100175d180c173b40bb98e-1612285221; path=/; domain=.www.advantio.com; HttpOnly; Secure; SameSite=None\"\n },\n {\n \"domain\": \"mail.advantio.com\",\n \"violations\": [\n {\n \"headerName\": \"x-content-type-options\",\n \"violationReason\": \"Missing security header.\",\n \"violationGrade\": 3\n },\n {\n \"headerName\": \"referrer-policy\",\n \"violationReason\": \"Missing security header.\",\n \"violationGrade\": 3\n },\n {\n \"headerName\": \"x-frame-options\",\n \"violationReason\": \"Missing security header.\",\n \"violationGrade\": 3\n },\n {\n \"headerName\": \"content-security-policy\",\n \"violationReason\": \"Missing security header.\",\n \"violationGrade\": 3\n },\n {\n \"headerName\": \"x-xss-protection\",\n \"violationReason\": \"Missing security header. This is deprecated by content-security-policy.\",\n \"violationGrade\": 3\n },\n {\n \"headerName\": \"x-permitted-cross-domain-policies\",\n \"violationReason\": \"Missing security header.\",\n \"violationGrade\": 3\n },\n {\n \"headerName\": \"feature-policy\",\n \"violationReason\": \"Missing security header.\",\n \"violationGrade\": 3\n }\n ],\n \"code\": 301,\n \"status\": \"HTTP/1.1 301 Moved Permanently\",\n \"date\": \"Tue, 02 Feb 2021 17:00:41 GMT\",\n \"server\": \"cloudflare\",\n \"upgrade\": null,\n \"connection\": \"keep-alive\",\n \"last-modified\": null,\n \"etag\": null,\n \"accept-ranges\": null,\n \"content-length\": null,\n \"vary\": \"Accept-Encoding\",\n \"content-type\": null,\n \"strict-transport-security\": \"max-age=31536000; includeSubDomains\",\n \"x-xss-protection\": null,\n \"x-content-type-options\": null,\n \"referrer-policy\": null,\n \"x-frame-options\": null,\n \"content-security-policy\": null,\n \"x-permitted-cross-domain-policies\": null,\n \"feature-policy\": null,\n \"expect-ct\": \"max-age=604800, report-uri=\\\"https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct\\\"\",\n \"set-cookie\": \"__cfduid=d5b3c76ab9f5bb7f7cafa0063a3ae30771612285241; expires=Thu, 04-Mar-21 17:00:41 GMT; path=/; domain=.mail.advantio.com; HttpOnly; SameSite=Lax __cfruid=fa15a195f3b558ecb34b464dce64c4902fe979db-1612285241; path=/; domain=.mail.advantio.com; HttpOnly; Secure; SameSite=None\"\n }\n ],\n \"securityProperties\": [\n {\n \"domain\": \"go.advantio.com\",\n \"trustScore\": 100,\n \"isSuspendedSite\": false,\n \"isMostAbusedTld\": false,\n \"isRobotsNoindex\": false,\n \"isEmptyPageTitle\": false,\n \"isDomainBlacklisted\": false,\n \"isSuspiciousDomain\": false,\n \"isSinkholedDomain\": false,\n \"isRiskyGeoLocation\": false,\n \"isChinaCountry\": false,\n \"isExternalRedirect\": true,\n \"isValidHttps\": true,\n \"isWebsitePopular\": false,\n \"isDomainRecent\": \"no\",\n \"isHeuristicPattern\": false\n },\n {\n \"domain\": \"blue.advantio.com\",\n \"trustScore\": 100,\n \"isSuspendedSite\": false,\n \"isMostAbusedTld\": false,\n \"isRobotsNoindex\": false,\n \"isEmptyPageTitle\": false,\n \"isDomainBlacklisted\": false,\n \"isSuspiciousDomain\": false,\n \"isSinkholedDomain\": false,\n \"isRiskyGeoLocation\": false,\n \"isChinaCountry\": false,\n \"isExternalRedirect\": false,\n \"isValidHttps\": true,\n \"isWebsitePopular\": false,\n \"isDomainRecent\": \"no\",\n \"isHeuristicPattern\": false\n },\n {\n \"domain\": \"www.advantio.com\",\n \"trustScore\": 100,\n \"isSuspendedSite\": false,\n \"isMostAbusedTld\": false,\n \"isRobotsNoindex\": false,\n \"isEmptyPageTitle\": false,\n \"isDomainBlacklisted\": false,\n \"isSuspiciousDomain\": false,\n \"isSinkholedDomain\": false,\n \"isRiskyGeoLocation\": false,\n \"isChinaCountry\": false,\n \"isExternalRedirect\": false,\n \"isValidHttps\": true,\n \"isWebsitePopular\": false,\n \"isDomainRecent\": \"no\",\n \"isHeuristicPattern\": false\n },\n {\n \"domain\": \"certs.advantio.com\",\n \"trustScore\": 100,\n \"isSuspendedSite\": false,\n \"isMostAbusedTld\": false,\n \"isRobotsNoindex\": false,\n \"isEmptyPageTitle\": false,\n \"isDomainBlacklisted\": false,\n \"isSuspiciousDomain\": false,\n \"isSinkholedDomain\": false,\n \"isRiskyGeoLocation\": false,\n \"isChinaCountry\": false,\n \"isExternalRedirect\": false,\n \"isValidHttps\": true,\n \"isWebsitePopular\": false,\n \"isDomainRecent\": \"no\",\n \"isHeuristicPattern\": false\n },\n {\n \"domain\": \"mail.advantio.com\",\n \"trustScore\": 100,\n \"isSuspendedSite\": false,\n \"isMostAbusedTld\": false,\n \"isRobotsNoindex\": false,\n \"isEmptyPageTitle\": false,\n \"isDomainBlacklisted\": false,\n \"isSuspiciousDomain\": false,\n \"isSinkholedDomain\": false,\n \"isRiskyGeoLocation\": false,\n \"isChinaCountry\": false,\n \"isExternalRedirect\": true,\n \"isValidHttps\": true,\n \"isWebsitePopular\": false,\n \"isDomainRecent\": \"no\",\n \"isHeuristicPattern\": false\n }\n ],\n \"normalizedDomainBasedScores\": [\n {\n \"domain\": \"blue.advantio.com\",\n \"normalizedScore\": 62,\n \"certificatesRiskGrade\": 1,\n \"containsCategory3HeadersViolations\": true\n },\n {\n \"domain\": \"mail.advantio.com\",\n \"normalizedScore\": 62,\n \"certificatesRiskGrade\": 1,\n \"containsCategory3HeadersViolations\": true\n },\n {\n \"domain\": \"www.advantio.com\",\n \"normalizedScore\": 62,\n \"certificatesRiskGrade\": 1,\n \"containsCategory3HeadersViolations\": true\n },\n {\n \"domain\": \"go.advantio.com\",\n \"normalizedScore\": 62,\n \"certificatesRiskGrade\": 1,\n \"containsCategory3HeadersViolations\": true\n },\n {\n \"domain\": \"certs.advantio.com\",\n \"normalizedScore\": 89,\n \"certificatesRiskGrade\": 1,\n \"containsCategory3HeadersViolations\": false\n }\n ],\n \"pulses\": null\n },\n \"ipsSecurity\": {\n \"securityAssessments\": [\n {\n \"isFurtherInvestigationSuggested\": null,\n \"hasCves\": true,\n \"score\": null,\n \"cvss2\": 5.76,\n \"ports\": [\n {\n \"openedPort\": 443,\n \"protocol\": \"tcp\"\n }\n ],\n \"discoveredPortsGrade\": 2,\n \"normalizedScore\": 55,\n \"ipv4\": \"188.166.129.254\",\n \"cpes\": [\n {\n \"cpe\": \"cpe:/a:nginx:nginx:1.4.6\",\n \"cves\": [\n {\n \"id\": \"CVE-2018-16845\",\n \"assigner\": \"cve@mitre.org\",\n \"description\": \"nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module.\",\n \"cvss2\": 5.8,\n \"cvss2Severity\": \"MEDIUM\",\n \"cvss3\": 6.1,\n \"cvss3Severity\": \"MEDIUM\",\n \"published\": \"2018-11-07T14:29:00.000+00:00\"\n },\n {\n \"id\": \"CVE-2017-7529\",\n \"assigner\": \"cve@mitre.org\",\n \"description\": \"Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.\",\n \"cvss2\": 5,\n \"cvss2Severity\": \"MEDIUM\",\n \"cvss3\": 7.5,\n \"cvss3Severity\": \"HIGH\",\n \"published\": \"2017-07-13T13:29:00.000+00:00\"\n },\n {\n \"id\": \"CVE-2016-4450\",\n \"assigner\": \"cve@mitre.org\",\n \"description\": \"os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary file.\",\n \"cvss2\": 5,\n \"cvss2Severity\": \"MEDIUM\",\n \"cvss3\": 7.5,\n \"cvss3Severity\": \"HIGH\",\n \"published\": \"2016-06-07T14:06:00.000+00:00\"\n },\n {\n \"id\": \"CVE-2016-0747\",\n \"assigner\": \"cve@mitre.org\",\n \"description\": \"The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution.\",\n \"cvss2\": 5,\n \"cvss2Severity\": \"MEDIUM\",\n \"cvss3\": 5.3,\n \"cvss3Severity\": \"MEDIUM\",\n \"published\": \"2016-02-15T19:59:00.000+00:00\"\n },\n {\n \"id\": \"CVE-2016-0746\",\n \"assigner\": \"cve@mitre.org\",\n \"description\": \"Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (worker process crash) or possibly have unspecified other impact via a crafted DNS response related to CNAME response processing.\",\n \"cvss2\": 7.5,\n \"cvss2Severity\": \"HIGH\",\n \"cvss3\": 9.8,\n \"cvss3Severity\": \"CRITICAL\",\n \"published\": \"2016-02-15T19:59:00.000+00:00\"\n },\n {\n \"id\": \"CVE-2016-0742\",\n \"assigner\": \"cve@mitre.org\",\n \"description\": \"The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.\",\n \"cvss2\": 5,\n \"cvss2Severity\": \"MEDIUM\",\n \"cvss3\": 7.5,\n \"cvss3Severity\": \"HIGH\",\n \"published\": \"2016-02-15T19:59:00.000+00:00\"\n },\n {\n \"id\": \"CVE-2014-3616\",\n \"assigner\": \"cve@mitre.org\",\n \"description\": \"nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct \\\"virtual host confusion\\\" attacks.\",\n \"cvss2\": 4.3,\n \"cvss2Severity\": \"MEDIUM\",\n \"cvss3\": null,\n \"cvss3Severity\": null,\n \"published\": \"2014-12-08T11:59:00.000+00:00\"\n },\n {\n \"id\": \"CVE-2014-0133\",\n \"assigner\": \"cve@mitre.org\",\n \"description\": \"Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request.\",\n \"cvss2\": 7.5,\n \"cvss2Severity\": \"HIGH\",\n \"cvss3\": null,\n \"cvss3Severity\": null,\n \"published\": \"2014-03-28T15:55:00.000+00:00\"\n },\n {\n \"id\": \"CVE-2009-4487\",\n \"assigner\": \"cve@mitre.org\",\n \"description\": \"nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.\",\n \"cvss2\": 6.8,\n \"cvss2Severity\": \"MEDIUM\",\n \"cvss3\": null,\n \"cvss3Severity\": null,\n \"published\": \"2010-01-13T20:30:00.000+00:00\"\n },\n {\n \"id\": \"CVE-2019-20372\",\n \"assigner\": \"cve@mitre.org\",\n \"description\": \"NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.\",\n \"cvss2\": 4.3,\n \"cvss2Severity\": \"MEDIUM\",\n \"cvss3\": 5.3,\n \"cvss3Severity\": \"MEDIUM\",\n \"published\": \"2020-01-09T21:15:00.000+00:00\"\n },\n {\n \"id\": \"CVE-2016-1247\",\n \"assigner\": \"cve@mitre.org\",\n \"description\": \"The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx packages before 1.4.6-1ubuntu3.6 on Ubuntu 14.04 LTS, before 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS, and before 1.10.1-0ubuntu1.1 on Ubuntu 16.10, and the nginx ebuild before 1.10.2-r3 on Gentoo allow local users with access to the web server user account to gain root privileges via a symlink attack on the error log.\",\n \"cvss2\": 7.2,\n \"cvss2Severity\": \"HIGH\",\n \"cvss3\": 7.8,\n \"cvss3Severity\": \"HIGH\",\n \"published\": \"2016-11-29T17:59:00.000+00:00\"\n }\n ]\n }\n ],\n \"cves\": null\n },\n {\n \"isFurtherInvestigationSuggested\": null,\n \"hasCves\": false,\n \"score\": null,\n \"cvss2\": null,\n \"ports\": [\n {\n \"openedPort\": 443,\n \"protocol\": \"tcp\"\n },\n {\n \"openedPort\": 80,\n \"protocol\": \"tcp\"\n }\n ],\n \"discoveredPortsGrade\": 2,\n \"normalizedScore\": 85,\n \"ipv4\": \"54.154.32.113\",\n \"cpes\": null,\n \"cves\": null\n },\n {\n \"isFurtherInvestigationSuggested\": null,\n \"hasCves\": false,\n \"score\": null,\n \"cvss2\": null,\n \"ports\": [\n {\n \"openedPort\": 8880,\n \"protocol\": \"tcp\"\n },\n {\n \"openedPort\": 2052,\n \"protocol\": \"tcp\"\n },\n {\n \"openedPort\": 2095,\n \"protocol\": \"tcp\"\n },\n {\n \"openedPort\": 443,\n \"protocol\": \"tcp\"\n },\n {\n \"openedPort\": 8080,\n \"protocol\": \"tcp\"\n },\n {\n \"openedPort\": 80,\n \"protocol\": \"tcp\"\n },\n {\n \"openedPort\": 2083,\n \"protocol\": \"tcp\"\n },\n {\n \"openedPort\": 8443,\n \"protocol\": \"tcp\"\n },\n {\n \"openedPort\": 2087,\n \"protocol\": \"tcp\"\n },\n {\n \"openedPort\": 2082,\n \"protocol\": \"tcp\"\n },\n {\n \"openedPort\": 2086,\n \"protocol\": \"tcp\"\n }\n ],\n \"discoveredPortsGrade\": 5,\n \"normalizedScore\": 52,\n \"ipv4\": \"199.60.103.254\",\n \"cpes\": null,\n \"cves\": null\n }\n ],\n \"pulses\": [\n {\n \"pulses\": [\n {\n \"indicator_type_counts\": {\n \"IPv4\": null\n },\n \"pulse_source\": \"web\",\n \"TLP\": \"white\",\n \"description\": \"\",\n \"subscriber_count\": 114,\n \"tags\": [\n \"url https\",\n \"url http\",\n \"domain\",\n \"united\",\n \"last analyzed\",\n \"date\",\n \"pm google\",\n \"safe browsing\",\n \"file type\",\n \"html\",\n \"filemagic\",\n \"html document\"\n ],\n \"export_count\": 7,\n \"malware_families\": [],\n \"is_modified\": true,\n \"upvotes_count\": 0,\n \"modified_text\": \"16 hours ago \",\n \"is_subscribing\": null,\n \"references\": [\n \"otx: A security alert has been carried out on the Bt.bt.com website, which is a Whitelist Domain, but which has not been identified as a malicious website or malicious web address.\",\n \"Bt.bt.com\",\n \"otx: The full list of names and figures has been released by the Office of National Statistics (ONS) and the Department of Health and Social Security (DPSS) for the next two years..\"\n ],\n \"targeted_countries\": [],\n \"groups\": [],\n \"vote\": 0,\n \"validator_count\": 0,\n \"threat_hunter_scannable\": true,\n \"is_author\": false,\n \"adversary\": \"\",\n \"id\": \"5ff0f9fff786b3ad24661181\",\n \"industries\": [],\n \"locked\": false,\n \"name\": \"Bt.bt.com #telcos around the world implanted 6 years ago\",\n \"created\": \"2021-01-02T22:55:59.960000\",\n \"related_indicator_is_active\": 0,\n \"threat_hunter_has_agents\": 1,\n \"cloned_from\": null,\n \"downvotes_count\": 0,\n \"modified\": \"2021-02-02T00:02:18.248000\",\n \"comment_count\": 0,\n \"indicator_count\": 11170,\n \"attack_ids\": [],\n \"in_group\": false,\n \"follower_count\": 0,\n \"votes_count\": 0,\n \"author\": {\n \"username\": \"dorkingbeauty1\",\n \"is_subscribed\": false,\n \"avatar_url\": \"https://otx20-web-media.s3.amazonaws.com/media/avatars/user_80137/resized/80/avatar_54d0ee2979.png\",\n \"is_following\": false,\n \"id\": \"80137\"\n },\n \"related_indicator_type\": \"IPv4\",\n \"public\": 1\n },\n {\n \"indicator_type_counts\": {\n \"IPv4\": 244\n },\n \"pulse_source\": \"web\",\n \"TLP\": \"green\",\n \"description\": \"\",\n \"subscriber_count\": 115,\n \"tags\": [\n \"tls handshake\",\n \"failure\",\n \"windows nt\",\n \"msie\",\n \"wow64\",\n \"slcc2\",\n \"media center\",\n \"united\",\n \"limited\",\n \"owotrus ca\",\n \"meta\",\n \"write\",\n \"unknown\",\n \"path\",\n \"malware\",\n \"error\",\n \"copy\",\n \"facebook\",\n \"date\",\n \"3f17f3a8500864d86c5a60831f10bceb289510ae80bb3d0958e5ad8ea1eabc23\",\n \"360.cn\"\n ],\n \"export_count\": 2,\n \"malware_families\": [],\n \"is_modified\": true,\n \"upvotes_count\": 0,\n \"modified_text\": \"21 days ago \",\n \"is_subscribing\": null,\n \"references\": [\n \"A security alert has been issued following a series of attacks on websites, email addresses and other websites in the United States and Canada, which have been linked to a network of malicious software, but which has not yet been identified.\",\n \"3f17f3a8500864d86c5a60831f10bceb289510ae80bb3d0958e5ad8ea1eabc23\",\n \"ADVAPI32.dll KERNEL32.dll NTDLL.DLL GDI32.dll USER32.dll COMCTL32.dll VERSION.dll CheckTokenMembership advapi32.dll SeShutdownPrivilege DelNodeRunDLL32 advpack.dll wininit.ini Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\App Paths setupapi.dll setupx.dll AdvancedINF UPDFILE%lu IXP%03d. Technique ID: T1140 ATTACKID Technique Name: Deobfuscate/Decode Files or Information\",\n \"InternalName Wextract FileVersion 6.00.2900.5512 (xpsp.080413-2105) CompanyName Microsoft Corporation ProductName Microsoft® Windows® Operating System ProductVersion 6.00.2900.5512 FileDescription Win32 Cabinet Self-Extractor OriginalFilename WEXTRACT.EXE Screenshot Mutexes Local\\\\c:!users!administrator!appdata!roaming!microsoft!windows!ietldcache! Technique ID: T1553 ATTACKID Technique Name: Subvert Trust Controls\",\n \"Windows 95 or Windows NT is required to install Could not create folder '%s' To install this program, you need %s KB disk space on drive %s. It is recommended that you free up the required disk space before you continue. Technique ID: T1547 ATTACKID Technique Name: Boot or Logon Autostart Execution\",\n \"Ru LLC 217.69.133.145 top-fwz1.mail.ru Russia COUNTRYAS47764 Mail. Ru LLC 217.69.139.102 img.imgsmail.ru Russia COUNTRYAS47764 Mail. Ru LLC 217.69.139.211 limg.imgsmail.ru Russia COUNTRYAS47764 Mail. Ru LLC 217.69.139.244 r.mradx.net Russia COUNTRYAS47764 Mail. Ru LLC 217.69.139.58 portal.mail.ru Russia COUNTRYAS47764 Mail.\",\n \"A malicious software packer has been detected in the system by Yara, a security researcher at the University of California, New York.. and it was found to be an unauthorised file.\",\n \"360.cn\",\n \"otx: The latest in a long line of high-profile figures from the world of technology and technology has been released.. and it's been a busy week for the tech-savvy community in Australia.\"\n ],\n \"targeted_countries\": [\n \"Russian Federation\"\n ],\n \"groups\": [],\n \"vote\": 0,\n \"validator_count\": 0,\n \"threat_hunter_scannable\": true,\n \"is_author\": false,\n \"adversary\": \"\",\n \"id\": \"5ffcc7e47f5025e4d62a0612\",\n \"industries\": [],\n \"locked\": false,\n \"name\": \"3f17f3a8500864d86c5a60831f10bceb289510ae80bb3d0958e5ad8ea1eabc23\",\n \"created\": \"2021-01-11T21:49:24.837000\",\n \"related_indicator_is_active\": 1,\n \"threat_hunter_has_agents\": 1,\n \"cloned_from\": null,\n \"downvotes_count\": 0,\n \"modified\": \"2021-01-11T22:41:08.189000\",\n \"comment_count\": 0,\n \"indicator_count\": 10066,\n \"attack_ids\": [\n {\n \"id\": \"T1036\",\n \"name\": \"Masquerading\",\n \"display_name\": \"T1036 - Masquerading\"\n },\n {\n \"id\": \"T1045\",\n \"name\": \"Software Packing\",\n \"display_name\": \"T1045 - Software Packing\"\n },\n {\n \"id\": \"T1053\",\n \"name\": \"Scheduled Task/Job\",\n \"display_name\": \"T1053 - Scheduled Task/Job\"\n },\n {\n \"id\": \"T1060\",\n \"name\": \"Registry Run Keys / Startup Folder\",\n \"display_name\": \"T1060 - Registry Run Keys / Startup Folder\"\n },\n {\n \"id\": \"T1129\",\n \"name\": \"Shared Modules\",\n \"display_name\": \"T1129 - Shared Modules\"\n },\n {\n \"id\": \"T1140\",\n \"name\": \"Deobfuscate/Decode Files or Information\",\n \"display_name\": \"T1140 - Deobfuscate/Decode Files or Information\"\n },\n {\n \"id\": \"T1547\",\n \"name\": \"Boot or Logon Autostart Execution\",\n \"display_name\": \"T1547 - Boot or Logon Autostart Execution\"\n },\n {\n \"id\": \"T1553\",\n \"name\": \"Subvert Trust Controls\",\n \"display_name\": \"T1553 - Subvert Trust Controls\"\n }\n ],\n \"in_group\": false,\n \"follower_count\": 0,\n \"votes_count\": 0,\n \"author\": {\n \"username\": \"dorkingbeauty1\",\n \"is_subscribed\": false,\n \"avatar_url\": \"https://otx20-web-media.s3.amazonaws.com/media/avatars/user_80137/resized/80/avatar_54d0ee2979.png\",\n \"is_following\": false,\n \"id\": \"80137\"\n },\n \"related_indicator_type\": \"IPv4\",\n \"public\": 1\n },\n {\n \"indicator_type_counts\": {\n \"IPv4\": null\n },\n \"pulse_source\": \"web\",\n \"TLP\": \"green\",\n \"description\": \"someone needs to have a good dig around here its messy to say the least\",\n \"subscriber_count\": 115,\n \"tags\": [],\n \"export_count\": 4,\n \"malware_families\": [],\n \"is_modified\": true,\n \"upvotes_count\": 0,\n \"modified_text\": \"28 days ago \",\n \"is_subscribing\": null,\n \"references\": [\n \"www.kent.edu\\t143.204.217.99\\t143.204.217.53\\t52.84.145.120\\t... www-s3-live.kent.edu\\t54.192.66.32\\t13.225.25.36\\t13.225.25.117\\t... msauth.kent.edu\\t131.123.246.126\\t\\t\\t personal.kent.edu\\t131.123.92.17\\t131.123.250.212\\t\\t learn.kent.edu\\t131.123.246.140\\t\\t\\t mappingmay4.kent.edu\\t18.219.93.158\\t52.1.65.170\\t\\t digitalcommons.kent.edu\\t131.123.92.180\\t13.57.92.51\\t50.18.241.247\\t... flashline-qa.kent.edu\\t23.185.0.2\\t23.23.214.160\\t\\t flash-at-work.kent.edu\\t131.123.246.79\\t131.123.246.51\\t\\t flashline.kent.edu\\t23.185.0.2\\t23.23.214.160\\t5\",\n \"https://www.virustotal.com/gui/domain/pan-vpn-dev-priv.netdev.kent.edu/relations\",\n \"A look back at some of the most eye-catching stories from the past 12 months, as well as those from this year's BBC World News: www.kent.gov.com.\"\n ],\n \"targeted_countries\": [],\n \"groups\": [],\n \"vote\": 0,\n \"validator_count\": 0,\n \"threat_hunter_scannable\": true,\n \"is_author\": false,\n \"adversary\": \"\",\n \"id\": \"5fccdea3ce4e0d3dd9aedf5b\",\n \"industries\": [],\n \"locked\": false,\n \"name\": \"kent.edu -siblings list from vt - all known associated ioc's - vpn compromised\",\n \"created\": \"2020-12-06T13:37:39.650000\",\n \"related_indicator_is_active\": 0,\n \"threat_hunter_has_agents\": 1,\n \"cloned_from\": null,\n \"downvotes_count\": 0,\n \"modified\": \"2021-01-05T00:00:11.429000\",\n \"comment_count\": 0,\n \"indicator_count\": 1782,\n \"attack_ids\": [],\n \"in_group\": false,\n \"follower_count\": 0,\n \"votes_count\": 0,\n \"author\": {\n \"username\": \"dorkingbeauty1\",\n \"is_subscribed\": false,\n \"avatar_url\": \"https://otx20-web-media.s3.amazonaws.com/media/avatars/user_80137/resized/80/avatar_54d0ee2979.png\",\n \"is_following\": false,\n \"id\": \"80137\"\n },\n \"related_indicator_type\": \"IPv4\",\n \"public\": 1\n },\n {\n \"indicator_type_counts\": {\n \"IPv4\": 129\n },\n \"pulse_source\": \"web\",\n \"TLP\": \"green\",\n \"description\": \"\",\n \"subscriber_count\": 114,\n \"tags\": [\n \"geoip\",\n \"as16509\",\n \"amazon02\",\n \"seattle\",\n \"apache geoip\",\n \"ashburn\",\n \"as20940\",\n \"akamaiasn1\",\n \"as21409\",\n \"ikoula\",\n \"apache\",\n \"main\",\n \"cname\",\n \"mid701725\",\n \"rid604107\",\n \"s1588\",\n \"elqaid701725\",\n \"elqat1\",\n \"name servers\",\n \"status\",\n \"moved\",\n \"search\",\n \"date\",\n \"ip address\",\n \"united\",\n \"last analyzed\",\n \"am google\",\n \"safe browsing\",\n \"file type\",\n \"html\",\n \"filemagic\"\n ],\n \"export_count\": 3,\n \"malware_families\": [],\n \"is_modified\": true,\n \"upvotes_count\": 0,\n \"modified_text\": \"28 days ago \",\n \"is_subscribing\": null,\n \"references\": [\n \"otx: A malicious web address has been detected on Google's search engine, but it is not believed to be malicious, according to a report published in the New York Times on Tuesday.. and the BBC\",\n \"otx: The following is the full text of this article, which contains the words \\\"hobbit\\\" and \\\"dave\\\", as part of its search for the most common domain name on the internet.\",\n \"otx: This is the full text of the text below:.en25.sc.com, the website used by BBC Newsnight, BBC Radio 4 and BBC iPlayer, for the first time.\",\n \"otx: ere are the key snippets from the latest in a series of posts on Facebook, Twitter and other social media.. and the BBC News website. the first of its kind. (as well as its own).\"\n ],\n \"targeted_countries\": [],\n \"groups\": [],\n \"vote\": 0,\n \"validator_count\": 0,\n \"threat_hunter_scannable\": true,\n \"is_author\": false,\n \"adversary\": \"\",\n \"id\": \"5ff31e66f24503fbdb3e8a5e\",\n \"industries\": [],\n \"locked\": false,\n \"name\": \"numberg\",\n \"created\": \"2021-01-04T13:55:50.985000\",\n \"related_indicator_is_active\": 1,\n \"threat_hunter_has_agents\": 1,\n \"cloned_from\": null,\n \"downvotes_count\": 0,\n \"modified\": \"2021-01-04T23:22:05.558000\",\n \"comment_count\": 0,\n \"indicator_count\": 3171,\n \"attack_ids\": [],\n \"in_group\": false,\n \"follower_count\": 0,\n \"votes_count\": 0,\n \"author\": {\n \"username\": \"dorkingbeauty1\",\n \"is_subscribed\": false,\n \"avatar_url\": \"https://otx20-web-media.s3.amazonaws.com/media/avatars/user_80137/resized/80/avatar_54d0ee2979.png\",\n \"is_following\": false,\n \"id\": \"80137\"\n },\n \"related_indicator_type\": \"IPv4\",\n \"public\": 1\n },\n {\n \"indicator_type_counts\": {\n \"IPv4\": null\n },\n \"pulse_source\": \"api\",\n \"TLP\": \"white\",\n \"description\": \"Data from https://phishstats.info/phish_score.csv\",\n \"subscriber_count\": 189,\n \"tags\": [],\n \"export_count\": 1,\n \"malware_families\": [],\n \"is_modified\": true,\n \"upvotes_count\": 0,\n \"modified_text\": \"53 days ago \",\n \"is_subscribing\": null,\n \"references\": [],\n \"targeted_countries\": [],\n \"groups\": [],\n \"vote\": 0,\n \"validator_count\": 0,\n \"threat_hunter_scannable\": false,\n \"is_author\": false,\n \"adversary\": \"\",\n \"id\": \"5fc9f095d6e49586833bd3e9\",\n \"industries\": [],\n \"locked\": false,\n \"name\": \"phishstats-1-20201204-0917\",\n \"created\": \"2020-12-04T08:17:25.980000\",\n \"related_indicator_is_active\": 0,\n \"threat_hunter_has_agents\": 1,\n \"cloned_from\": null,\n \"downvotes_count\": 0,\n \"modified\": \"2020-12-11T00:03:12.661000\",\n \"comment_count\": 0,\n \"indicator_count\": 0,\n \"attack_ids\": [],\n \"in_group\": false,\n \"follower_count\": 0,\n \"votes_count\": 0,\n \"author\": {\n \"username\": \"ZENDataGE\",\n \"is_subscribed\": false,\n \"avatar_url\": \"https://otx.alienvault.com/assets/images/default-avatar.png\",\n \"is_following\": false,\n \"id\": \"94417\"\n },\n \"related_indicator_type\": \"IPv4\",\n \"public\": 1\n },\n {\n \"indicator_type_counts\": {\n \"IPv4\": null\n },\n \"pulse_source\": \"api\",\n \"TLP\": \"white\",\n \"description\": \"Data from https://phishstats.info/phish_score.csv\",\n \"subscriber_count\": 190,\n \"tags\": [],\n \"export_count\": 0,\n \"malware_families\": [],\n \"is_modified\": true,\n \"upvotes_count\": 0,\n \"modified_text\": \"54 days ago \",\n \"is_subscribing\": null,\n \"references\": [],\n \"targeted_countries\": [],\n \"groups\": [],\n \"vote\": 0,\n \"validator_count\": 0,\n \"threat_hunter_scannable\": false,\n \"is_author\": false,\n \"adversary\": \"\",\n \"id\": \"5fc8a76368df12a5ebe5fc82\",\n \"industries\": [],\n \"locked\": false,\n \"name\": \"phishstats-1-20201203-0952\",\n \"created\": \"2020-12-03T08:52:51.127000\",\n \"related_indicator_is_active\": 0,\n \"threat_hunter_has_agents\": 1,\n \"cloned_from\": null,\n \"downvotes_count\": 0,\n \"modified\": \"2020-12-10T00:01:45.464000\",\n \"comment_count\": 0,\n \"indicator_count\": 0,\n \"attack_ids\": [],\n \"in_group\": false,\n \"follower_count\": 0,\n \"votes_count\": 0,\n \"author\": {\n \"username\": \"ZENDataGE\",\n \"is_subscribed\": false,\n \"avatar_url\": \"https://otx.alienvault.com/assets/images/default-avatar.png\",\n \"is_following\": false,\n \"id\": \"94417\"\n },\n \"related_indicator_type\": \"IPv4\",\n \"public\": 1\n },\n {\n \"indicator_type_counts\": {\n \"IPv4\": null\n },\n \"pulse_source\": \"api\",\n \"TLP\": \"white\",\n \"description\": \"Data from https://phishstats.info/phish_score.csv\",\n \"subscriber_count\": 189,\n \"tags\": [],\n \"export_count\": 5,\n \"malware_families\": [],\n \"is_modified\": true,\n \"upvotes_count\": 0,\n \"modified_text\": \"55 days ago \",\n \"is_subscribing\": null,\n \"references\": [],\n \"targeted_countries\": [],\n \"groups\": [],\n \"vote\": 0,\n \"validator_count\": 0,\n \"threat_hunter_scannable\": false,\n \"is_author\": false,\n \"adversary\": \"\",\n \"id\": \"5fc4cb4fcb407ed3265e78c7\",\n \"industries\": [],\n \"locked\": false,\n \"name\": \"phishstats-1-20201130-1136\",\n \"created\": \"2020-11-30T10:37:03.167000\",\n \"related_indicator_is_active\": 0,\n \"threat_hunter_has_agents\": 1,\n \"cloned_from\": null,\n \"downvotes_count\": 0,\n \"modified\": \"2020-12-09T08:08:38.161000\",\n \"comment_count\": 0,\n \"indicator_count\": 0,\n \"attack_ids\": [],\n \"in_group\": false,\n \"follower_count\": 0,\n \"votes_count\": 0,\n \"author\": {\n \"username\": \"ZENDataGE\",\n \"is_subscribed\": false,\n \"avatar_url\": \"https://otx.alienvault.com/assets/images/default-avatar.png\",\n \"is_following\": false,\n \"id\": \"94417\"\n },\n \"related_indicator_type\": \"IPv4\",\n \"public\": 1\n },\n {\n \"indicator_type_counts\": {\n \"IPv4\": null\n },\n \"pulse_source\": \"api\",\n \"TLP\": \"white\",\n \"description\": \"Data from https://phishstats.info/phish_score.csv\",\n \"subscriber_count\": 187,\n \"tags\": [],\n \"export_count\": 2,\n \"malware_families\": [],\n \"is_modified\": true,\n \"upvotes_count\": 0,\n \"modified_text\": \"55 days ago \",\n \"is_subscribing\": null,\n \"references\": [],\n \"targeted_countries\": [],\n \"groups\": [],\n \"vote\": 0,\n \"validator_count\": 0,\n \"threat_hunter_scannable\": false,\n \"is_author\": false,\n \"adversary\": \"\",\n \"id\": \"5fc437554343be79c4bbef82\",\n \"industries\": [],\n \"locked\": false,\n \"name\": \"phishstats-1-20201130-0105\",\n \"created\": \"2020-11-30T00:05:41.941000\",\n \"related_indicator_is_active\": 0,\n \"threat_hunter_has_agents\": 1,\n \"cloned_from\": null,\n \"downvotes_count\": 0,\n \"modified\": \"2020-12-09T08:08:00.959000\",\n \"comment_count\": 0,\n \"indicator_count\": 0,\n \"attack_ids\": [],\n \"in_group\": false,\n \"follower_count\": 0,\n \"votes_count\": 0,\n \"author\": {\n \"username\": \"ZENDataGE\",\n \"is_subscribed\": false,\n \"avatar_url\": \"https://otx.alienvault.com/assets/images/default-avatar.png\",\n \"is_following\": false,\n \"id\": \"94417\"\n },\n \"related_indicator_type\": \"IPv4\",\n \"public\": 1\n },\n {\n \"indicator_type_counts\": {\n \"IPv4\": null\n },\n \"pulse_source\": \"api\",\n \"TLP\": \"white\",\n \"description\": \"Data from https://phishstats.info/phish_score.csv\",\n \"subscriber_count\": 187,\n \"tags\": [],\n \"export_count\": 0,\n \"malware_families\": [],\n \"is_modified\": true,\n \"upvotes_count\": 0,\n \"modified_text\": \"55 days ago \",\n \"is_subscribing\": null,\n \"references\": [],\n \"targeted_countries\": [],\n \"groups\": [],\n \"vote\": 0,\n \"validator_count\": 0,\n \"threat_hunter_scannable\": false,\n \"is_author\": false,\n \"adversary\": \"\",\n \"id\": \"5fc756daa8c407813fe9f211\",\n \"industries\": [],\n \"locked\": false,\n \"name\": \"phishstats-1-20201202-0956\",\n \"created\": \"2020-12-02T08:56:58.529000\",\n \"related_indicator_is_active\": 0,\n \"threat_hunter_has_agents\": 1,\n \"cloned_from\": null,\n \"downvotes_count\": 0,\n \"modified\": \"2020-12-09T00:00:39.159000\",\n \"comment_count\": 0,\n \"indicator_count\": 0,\n \"attack_ids\": [],\n \"in_group\": false,\n \"follower_count\": 0,\n \"votes_count\": 0,\n \"author\": {\n \"username\": \"ZENDataGE\",\n \"is_subscribed\": false,\n \"avatar_url\": \"https://otx.alienvault.com/assets/images/default-avatar.png\",\n \"is_following\": false,\n \"id\": \"94417\"\n },\n \"related_indicator_type\": \"IPv4\",\n \"public\": 1\n },\n {\n \"indicator_type_counts\": {\n \"IPv4\": null\n },\n \"pulse_source\": \"api\",\n \"TLP\": \"white\",\n \"description\": \"Data from https://phishstats.info/phish_score.csv\",\n \"subscriber_count\": 188,\n \"tags\": [],\n \"export_count\": 0,\n \"malware_families\": [],\n \"is_modified\": true,\n \"upvotes_count\": 0,\n \"modified_text\": \"55 days ago \",\n \"is_subscribing\": null,\n \"references\": [],\n \"targeted_countries\": [],\n \"groups\": [],\n \"vote\": 0,\n \"validator_count\": 0,\n \"threat_hunter_scannable\": false,\n \"is_author\": false,\n \"adversary\": \"\",\n \"id\": \"5fc75757f85db10a476e7f58\",\n \"industries\": [],\n \"locked\": false,\n \"name\": \"phishstats-1-20201202-0956\",\n \"created\": \"2020-12-02T08:59:03.963000\",\n \"related_indicator_is_active\": 0,\n \"threat_hunter_has_agents\": 1,\n \"cloned_from\": null,\n \"downvotes_count\": 0,\n \"modified\": \"2020-12-09T00:00:39.159000\",\n \"comment_count\": 0,\n \"indicator_count\": 0,\n \"attack_ids\": [],\n \"in_group\": false,\n \"follower_count\": 0,\n \"votes_count\": 0,\n \"author\": {\n \"username\": \"ZENDataGE\",\n \"is_subscribed\": false,\n \"avatar_url\": \"https://otx.alienvault.com/assets/images/default-avatar.png\",\n \"is_following\": false,\n \"id\": \"94417\"\n },\n \"related_indicator_type\": \"IPv4\",\n \"public\": 1\n },\n {\n \"indicator_type_counts\": {\n \"IPv4\": null\n },\n \"pulse_source\": \"api\",\n \"TLP\": \"white\",\n \"description\": \"Data from https://phishstats.info/phish_score.csv\",\n \"subscriber_count\": 189,\n \"tags\": [],\n \"export_count\": 2,\n \"malware_families\": [],\n \"is_modified\": true,\n \"upvotes_count\": 0,\n \"modified_text\": \"56 days ago \",\n \"is_subscribing\": null,\n \"references\": [],\n \"targeted_countries\": [],\n \"groups\": [],\n \"vote\": 0,\n \"validator_count\": 0,\n \"threat_hunter_scannable\": false,\n \"is_author\": false,\n \"adversary\": \"\",\n \"id\": \"5fc66ead2076a6ed9dfc4767\",\n \"industries\": [],\n \"locked\": false,\n \"name\": \"phishstats-1-20201201-1725\",\n \"created\": \"2020-12-01T16:26:21.693000\",\n \"related_indicator_is_active\": 0,\n \"threat_hunter_has_agents\": 1,\n \"cloned_from\": null,\n \"downvotes_count\": 0,\n \"modified\": \"2020-12-08T00:03:15.043000\",\n \"comment_count\": 0,\n \"indicator_count\": 0,\n \"attack_ids\": [],\n \"in_group\": false,\n \"follower_count\": 0,\n \"votes_count\": 0,\n \"author\": {\n \"username\": \"ZENDataGE\",\n \"is_subscribed\": false,\n \"avatar_url\": \"https://otx.alienvault.com/assets/images/default-avatar.png\",\n \"is_following\": false,\n \"id\": \"94417\"\n },\n \"related_indicator_type\": \"IPv4\",\n \"public\": 1\n }\n ],\n \"historical\": [],\n \"ipv4\": \"199.60.103.254\"\n }\n ]\n },\n \"summarizedFindings\": {\n \"spending\": null,\n \"totalCost\": 445,\n \"certificatesRiskGrade\": 1,\n \"certificatesRiskGradeCompletenessPercentage\": 100,\n \"domainsGlobalTrustScore\": 67,\n \"domainsGlobalTrustScoreCompletenessPercentage\": 100,\n \"ipsGlobalSecurityScore\": 64,\n \"ipsCvesAverageCvssScore\": 5.76,\n \"globalTrustScore\": 65,\n \"globalTrustScoreCompletenessPercentage\": 100,\n \"paymentPropertiesTrustScore\": null,\n \"globalOverlayedTrustScore\": 72,\n \"paymentPropertiesOverlayedTrustScore\": null,\n \"ipsCvesTotalNumber\": 11,\n \"securityHeadersViolations\": 28,\n \"isNonPopularCmsFound\": false,\n \"isPulsesAvailable\": true\n },\n \"reccomendations\": {\n \"paymentDomains\": null,\n \"scoresAndReccomendations\": {\n \"coverage\": {\n \"score\": 1,\n \"key\": \"Attack surface coverage\",\n \"reccomendation\": \"A high coverage score gives an indication that the scoring engine was able to assess all assets that were discovered being part of the attack surface. This gives a high level of confidence in terms of the accuracy of the automated assessment on the discovered properties.\",\n \"pciFail\": false\n },\n \"certificateRiskGrade\": {\n \"score\": 1,\n \"key\": \"Public certificates security\",\n \"reccomendation\": \"The merchant has implemented later versions than TLS 1.1, which is most secure and they should continue in the practice of implementing the latest versions.\",\n \"pciFail\": false\n },\n \"discoveredPortsGrade\": {\n \"score\": 5,\n \"key\": \"Visible services security\",\n \"reccomendation\": \"The scoring engine reveals the presence of ports commonly recognized as insecure and violating the PCI DSS standard. This can result in immediate risks to data confidentiality and it is suggested that the merchants evaluate its public posture with the support of technical security staff.\",\n \"pciFail\": true\n },\n \"gts\": {\n \"score\": 2,\n \"key\": \"ZeroRisk Trust Score\",\n \"reccomendation\": \"The merchant presents a low risk, and the engine derives a level of apparent trust. However, the merchant might require ad-hoc investigation depending on specific criteria and industry expectations. They should continue using the best practices they have demonstrated, but please see Recommendations section for further insights.\",\n \"pciFail\": false\n },\n \"nonPopularCmsFound\": {\n \"score\": 0,\n \"key\": \"CMSs assessment\",\n \"reccomendation\": \"The scoring engine could not determine sufficient information on potentially used CMS systems, score and reccomendations are not available.\",\n \"pciFail\": false\n },\n \"shoppingCartNotFound\": {\n \"score\": 0,\n \"key\": \"Shopping Cart detection\",\n \"reccomendation\": \"The scoring engine could not determine information on potential shopping carts being used, score and reccomendations are not available.\",\n \"pciFail\": false\n },\n \"completeness\": {\n \"score\": 1,\n \"key\": \"Completeness of test cases\",\n \"reccomendation\": \"The high completeness score gives an indication that the scoring engine was able to assess a high percentage of the merchant properties, giving a high level of confidence that most of the merchant surface was analysed.\",\n \"pciFail\": false\n },\n \"containsCategory3HeadersViolations\": {\n \"score\": 5,\n \"key\": \"Web Headers security\",\n \"reccomendation\": \"The engine reveals that severe defficiencies were revealed on security headers, indicating the potential presence of PCI DSS violations and security threats. The merchant must urgently perform a vulnerability assessment on all domains.\",\n \"pciFail\": true\n },\n \"pts\": {\n \"score\": 0,\n \"key\": \"Payment Score\",\n \"reccomendation\": \"The scoring engine could not determine this parameter, score and reccomendations are not available.\",\n \"pciFail\": false\n },\n \"deltagtspts\": {\n \"score\": 0,\n \"key\": \"Trust Score Overlay\",\n \"reccomendation\": \"The scoring engine could not determine this parameter, score and reccomendations are not available.\",\n \"pciFail\": false\n },\n \"isRootDomainExposed\": {\n \"score\": 1,\n \"key\": \"Data leaks and blacklisting\",\n \"reccomendation\": \"The engine shows that a low or minimal number or no email addresses were found leaked on previous data breaches and that the merchant is not publicly reported as balcklisted. We recommend the merchant remains vigilant.\",\n \"pciFail\": false\n },\n \"spending\": {\n \"score\": 0,\n \"key\": \"Monthly spending in IT\",\n \"reccomendation\": \"The scoring engine could not determine information about spending parameters, score and reccomendations are not available.\",\n \"pciFail\": false\n },\n \"onlineSubdomains\": {\n \"score\": 1,\n \"key\": \"Online domains\",\n \"reccomendation\": \"This merchant shows that they have appropriately configured their domains and should continue doing this.\",\n \"pciFail\": false\n },\n \"exclusiveIpsPercentage\": {\n \"score\": 3,\n \"key\": \"Sharing of IP Addresses\",\n \"reccomendation\": \"This merchant has 5 online subdomains, 0 offline subdomains, and only 3 IPs. This higher than the recommended average for this type of merchant. Sharing IPs across domains is not recommended practice and the merchant is advised to make sure that domains do not share IPs, starting with the domain(s) exhibiting payment properties.\",\n \"pciFail\": false\n },\n \"discoveredHostingProvidersGrade\": {\n \"score\": 0,\n \"key\": \"Hosting providers\",\n \"reccomendation\": \"The scoring engine could not determine sufficient information on used hosting providers, score and reccomendations are not available.\",\n \"pciFail\": false\n },\n \"isMxWeak\": {\n \"score\": 5,\n \"key\": \"MX record security\",\n \"reccomendation\": \"Whilst this is not strictly speaking a \\\"payment security\\\" indicator, it is important to look at, especially if the domain has leaked email addresses on previous data breaches. In this instance, either we couldn't find an email record confidured (mxrecord) or the merchant might be using a free email address or their email is spoofable. The merchant must urgemtly review their email configuration. We also recommend that the merchant reviews their SPF, DKIM and DMARC setup to avoid phishing attacks.\",\n \"pciFail\": false\n },\n \"containsPulses\": {\n \"score\": 5,\n \"key\": \"Threat Intelligence\",\n \"reccomendation\": \"The engine revels the presence of mentions within the Threat Intelligence records, it is strongly suggested to access the in-depth reporting section to visualize details and act accordingly by engaging with the merchant for a thorough security investigation.\",\n \"pciFail\": true\n }\n }\n },\n \"plugins\": {\n \"magento\": {\n \"isScuccessfullyExecuted\": false,\n \"isMagentoVersion1\": false,\n \"isPotentialMagecart\": false,\n \"domain\": null\n },\n \"wooDiscountPrices\": {\n \"domain\": null,\n \"isScuccessfullyExecuted\": false,\n \"isWooDiscountPricesVulnerable\": false,\n \"isWooCommerce\": false,\n \"isWooDiscountPrices\": false\n },\n \"riskyTechnologies\": {\n \"isScuccessfullyExecuted\": false,\n \"riskyTechnologies\": []\n },\n \"tlsPortsWithoutCertificate\": {\n \"isScuccessfullyExecuted\": true,\n \"missingCertificates\": []\n },\n \"ecommerceWithoutCommonCart\": {\n \"isScuccessfullyExecuted\": true,\n \"isECommerceWithoutCommonCart\": false,\n \"isECommerceWithoutPaymentProperties\": true\n },\n \"ecommerceWithoutProperSaq\": {\n \"isScuccessfullyExecuted\": true,\n \"isCommonCartDiscovered\": false,\n \"saqs\": [\n \"SAQ_A\"\n ],\n \"channels\": [\n \"E_COMMERCE\"\n ],\n \"isWrongSaq\": false\n }\n }\n },\n \"created\": \"2020-09-09T08:58:30.426+00:00\",\n \"updated\": \"2021-02-05T10:24:59.294+00:00\"\n}"}],"_postman_id":"5da96ec1-9d95-4e95-a4a0-23127d507668"},{"name":"assessment","id":"1318ca3b-eb2e-4e81-8ae0-dd37371f2ab3","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[{"key":"Content-Type","value":"application/json"},{"key":"X-Consumer-Id","value":"{{X-Consumer-Id}}","type":"text"},{"key":"X-Consumer-Key","value":"{{X-Consumer-Key}}","type":"text"}],"body":{"mode":"raw","raw":"{\r\n \"externalId\" : null,\r\n \"domain\" : \"labondiamonds.com\",\r\n \"host\" : \"\",\r\n \"company\": null,\r\n \"domainsAsBatch\": null,\r\n \"clientEndpoints\": null,\r\n \"type\": \"FILTERED\",\r\n \"frequency\": \"RECURRING\",\r\n \"targetType\" : \"URL\",\r\n \"forceReAssessment\": true,\r\n \"assessment\": {\r\n \"saqs\": null,\r\n \"channels\": [\"E_COMMERCE\"],\r\n \"merchantLevel\": null,\r\n \"plugins\": [\"MAGENTO\",\r\n \"WOO_DISCOUNT_PRICES\",\r\n \"ECOMMERCE_WITHOUT_COMMON_CART\",\r\n \"ECOMMERCE_WITHOUT_PROPER_SAQ\",\r\n \"RISKY_TECHNOLOGIES\",\r\n \"TLSPORTS_WITHOUT_CERTIFICATE\"]\r\n }\r\n}"},"url":"{{url}}/private/assessment/","description":"The methods allows for the creation of an assessment request that will trigger the execution of the security rating tests for a given domain.
\nIf a pre-existing result is found, the system will immediately return the latest report available.
\nIf the request is performed on a domain which is currently being assessed, the status of the execution is provided so that a polling mechanism can be implemented for integration matters.
\nAn error is returned for malformed URLs provided by consumers or in case of any other error concerning the format of the request body.
\n","urlObject":{"path":["private","assessment",""],"host":["{{url}}"],"query":[],"variable":[]}},"response":[{"id":"320e6741-4ae2-4cdd-81b2-1dbd16a841b1","name":"assessment","originalRequest":{"method":"POST","header":[{"key":"Content-Type","name":"Content-Type","value":"application/json","type":"text"},{"key":"X-Consumer-Id","value":"{{X-Consumer-Id}}","type":"text"},{"key":"X-Consumer-Key","value":"{{X-Consumer-Key}}","type":"text"}],"body":{"mode":"raw","raw":"{\r\n \"externalId\" : null,\r\n \"domain\" : \"certs.advantio.com\",\r\n \"host\" : null,\r\n \"domainsAsBatch\": [],\r\n \"clientEndpoints\": null,\r\n \"type\": \"FULL\",\r\n \"frequency\": \"RECURRING\",\r\n \"targetType\" : \"URL\",\r\n \"forceReAssessment\": true,\r\n \"plugins\": [\"MAGENTO\",\r\n \"WOO_DISCOUNT_PRICES\",\r\n \"ECOMMERCE_WITHOUT_COMMON_CART\",\r\n \"ECOMMERCE_WITHOUT_PROPER_SAQ\",\r\n \"RISKY_TECHNOLOGIES\",\r\n \"TLSPORTS_WITHOUT_CERTIFICATE\"],\r\n \"saqs\": null,\r\n \"channels\": [\"E_COMMERCE\"],\r\n \"level\": null\r\n}","options":{"raw":{"language":"json"}}},"url":"{{url}}/private/assessment/"},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"Content-Type","value":"application/json"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Date","value":"Fri, 05 Feb 2021 13:19:21 GMT"},{"key":"Keep-Alive","value":"timeout=60"},{"key":"Connection","value":"keep-alive"}],"cookie":[],"responseTime":null,"body":"{\n \"domain\": \"http://certs.advantio.com\",\n \"host\": \"certs.advantio.com\",\n \"externalId\": \"d280c2ee48fd443f8ece08488f38e9311599641910426\",\n \"assessmentType\": \"FULL\",\n \"assessmentStatus\": \"PENDING_REFRESH\",\n \"history\": [\n {\n \"timeStamp\": \"2020-10-26T14:34:59.539+00:00\",\n \"summarizedFindings\": {\n \"spending\": null,\n \"totalCost\": 630,\n \"certificatesRiskGrade\": 4,\n \"certificatesRiskGradeCompletenessPercentage\": 100,\n \"domainsGlobalTrustScore\": 80,\n \"domainsGlobalTrustScoreCompletenessPercentage\": 100,\n \"ipsGlobalSecurityScore\": 59,\n \"ipsCvesAverageCvssScore\": null,\n \"globalTrustScore\": 69,\n \"globalTrustScoreCompletenessPercentage\": 100,\n \"paymentPropertiesTrustScore\": null,\n \"globalOverlayedTrustScore\": 75,\n \"paymentPropertiesOverlayedTrustScore\": null,\n \"ipsCvesTotalNumber\": 0,\n \"securityHeadersViolations\": 37,\n \"isNonPopularCmsFound\": false,\n \"isPulsesAvailable\": false\n },\n \"status\": \"COMPLETED\"\n },\n {\n \"timeStamp\": \"2020-10-26T14:34:59.539+00:00\",\n \"summarizedFindings\": {\n \"spending\": null,\n \"totalCost\": 630,\n \"certificatesRiskGrade\": 4,\n \"certificatesRiskGradeCompletenessPercentage\": 100,\n \"domainsGlobalTrustScore\": 80,\n \"domainsGlobalTrustScoreCompletenessPercentage\": 100,\n \"ipsGlobalSecurityScore\": 59,\n \"ipsCvesAverageCvssScore\": null,\n \"globalTrustScore\": 69,\n \"globalTrustScoreCompletenessPercentage\": 100,\n \"paymentPropertiesTrustScore\": null,\n \"globalOverlayedTrustScore\": 75,\n \"paymentPropertiesOverlayedTrustScore\": null,\n \"ipsCvesTotalNumber\": 0,\n \"securityHeadersViolations\": 37,\n \"isNonPopularCmsFound\": false,\n \"isPulsesAvailable\": false\n },\n \"status\": \"COMPLETED\"\n },\n {\n \"timeStamp\": \"2020-10-26T14:34:59.539+00:00\",\n \"summarizedFindings\": {\n \"spending\": null,\n \"totalCost\": 630,\n \"certificatesRiskGrade\": 4,\n \"certificatesRiskGradeCompletenessPercentage\": 100,\n \"domainsGlobalTrustScore\": 80,\n \"domainsGlobalTrustScoreCompletenessPercentage\": 100,\n \"ipsGlobalSecurityScore\": 59,\n \"ipsCvesAverageCvssScore\": null,\n \"globalTrustScore\": 69,\n \"globalTrustScoreCompletenessPercentage\": 100,\n \"paymentPropertiesTrustScore\": null,\n \"globalOverlayedTrustScore\": 75,\n \"paymentPropertiesOverlayedTrustScore\": null,\n \"ipsCvesTotalNumber\": 0,\n \"securityHeadersViolations\": 37,\n \"isNonPopularCmsFound\": false,\n \"isPulsesAvailable\": false\n },\n \"status\": \"COMPLETED\"\n },\n {\n \"timeStamp\": \"2021-02-02T15:09:49.692+00:00\",\n \"summarizedFindings\": {\n \"spending\": null,\n \"totalCost\": 610,\n \"certificatesRiskGrade\": 3,\n \"certificatesRiskGradeCompletenessPercentage\": 100,\n \"domainsGlobalTrustScore\": 72,\n \"domainsGlobalTrustScoreCompletenessPercentage\": 100,\n \"ipsGlobalSecurityScore\": 72,\n \"ipsCvesAverageCvssScore\": null,\n \"globalTrustScore\": 72,\n \"globalTrustScoreCompletenessPercentage\": 100,\n \"paymentPropertiesTrustScore\": null,\n \"globalOverlayedTrustScore\": 71,\n \"paymentPropertiesOverlayedTrustScore\": null,\n \"ipsCvesTotalNumber\": 0,\n \"securityHeadersViolations\": 36,\n \"isNonPopularCmsFound\": false,\n \"isPulsesAvailable\": true\n },\n \"status\": \"COMPLETED\"\n },\n {\n \"timeStamp\": \"2021-02-02T16:19:25.653+00:00\",\n \"summarizedFindings\": null,\n \"status\": \"COMPLETED\"\n },\n {\n \"timeStamp\": \"2021-02-05T13:19:20.748+00:00\",\n \"summarizedFindings\": {\n \"spending\": null,\n \"totalCost\": 445,\n \"certificatesRiskGrade\": 1,\n \"certificatesRiskGradeCompletenessPercentage\": 100,\n \"domainsGlobalTrustScore\": 67,\n \"domainsGlobalTrustScoreCompletenessPercentage\": 100,\n \"ipsGlobalSecurityScore\": 64,\n \"ipsCvesAverageCvssScore\": 5.76,\n \"globalTrustScore\": 65,\n \"globalTrustScoreCompletenessPercentage\": 100,\n \"paymentPropertiesTrustScore\": null,\n \"globalOverlayedTrustScore\": 72,\n \"paymentPropertiesOverlayedTrustScore\": null,\n \"ipsCvesTotalNumber\": 11,\n \"securityHeadersViolations\": 28,\n \"isNonPopularCmsFound\": false,\n \"isPulsesAvailable\": true\n },\n \"status\": \"COMPLETED\"\n }\n ],\n \"report\": {\n \"businessDetails\": {\n \"spending\": null,\n \"isShoppingCartDiscovered\": null,\n \"trafficRanks\": null,\n \"domainAge\": null,\n \"webPage\": null,\n \"saqs\": [\n \"SAQ_A\"\n ],\n \"channels\": [\n \"E_COMMERCE\"\n ],\n \"merchantLevel\": null,\n \"state\": null,\n \"country\": null,\n \"city\": null,\n \"vertical\": null,\n \"postcode\": null,\n \"companyName\": null\n },\n \"accuracy\": {\n \"evaluatedPortsOnIpsPercentage\": 100,\n \"evaluatedRiskOnIpsPercentage\": 100,\n \"isTechnologyAssessed\": false,\n \"isDataLeaksAssessed\": true,\n \"isMxRecordAssessed\": false,\n \"evaluatedRiskOnSubDomainsPercentage\": 100\n },\n \"surfaceComplexity\": {\n \"onlineSubdomains\": 5,\n \"offlineSubdomains\": null,\n \"excludedSubdomains\": null,\n \"discoveredIps\": 3,\n \"exclusiveIpsPercentage\": 60,\n \"discoveredPortsGrade\": 5,\n \"discoveredHostingProvidersGrade\": null,\n \"discoveredHostingProviders\": null\n },\n \"technologyAssessments\": [],\n \"certificates\": [\n {\n \"domain\": \"go.advantio.com\",\n \"openedPort\": 443,\n \"protocol\": \"tcp\",\n \"versions\": null,\n \"expired\": false,\n \"certificateRiskGrade\": 1,\n \"issuer\": \"Cloudflare, Inc.\",\n \"isIssuerTrusted\": false,\n \"blacklisted\": false,\n \"validPeer\": true,\n \"deprecatedIssuer\": false,\n \"nameMatch\": true,\n \"valid\": true,\n \"isTlsPortWithNoCertificate\": false,\n \"analysisSource\": \"a\",\n \"ipv4\": \"199.60.103.254\"\n },\n {\n \"domain\": \"www.advantio.com\",\n \"openedPort\": 443,\n \"protocol\": \"tcp\",\n \"versions\": null,\n \"expired\": false,\n \"certificateRiskGrade\": 1,\n \"issuer\": \"Cloudflare, Inc.\",\n \"isIssuerTrusted\": false,\n \"blacklisted\": false,\n \"validPeer\": true,\n \"deprecatedIssuer\": false,\n \"nameMatch\": true,\n \"valid\": true,\n \"isTlsPortWithNoCertificate\": false,\n \"analysisSource\": \"a\",\n \"ipv4\": \"199.60.103.254\"\n },\n {\n \"domain\": \"mail.advantio.com\",\n \"openedPort\": 443,\n \"protocol\": \"tcp\",\n \"versions\": null,\n \"expired\": false,\n \"certificateRiskGrade\": 1,\n \"issuer\": \"Cloudflare, Inc.\",\n \"isIssuerTrusted\": false,\n \"blacklisted\": false,\n \"validPeer\": true,\n \"deprecatedIssuer\": false,\n \"nameMatch\": true,\n \"valid\": true,\n \"isTlsPortWithNoCertificate\": false,\n \"analysisSource\": \"a\",\n \"ipv4\": \"199.60.103.254\"\n },\n {\n \"domain\": \"blue.advantio.com\",\n \"openedPort\": 443,\n \"protocol\": \"tcp\",\n \"versions\": [\n \"-TLSv1\",\n \"-SSLv2\",\n \"-SSLv3\",\n \"-TLSv1.1\",\n \"TLSv1.2\",\n \"-TLSv1.3\"\n ],\n \"expired\": false,\n \"certificateRiskGrade\": 1,\n \"issuer\": \"GoDaddy.com, Inc.\",\n \"isIssuerTrusted\": false,\n \"blacklisted\": false,\n \"validPeer\": true,\n \"deprecatedIssuer\": false,\n \"nameMatch\": true,\n \"valid\": true,\n \"isTlsPortWithNoCertificate\": false,\n \"analysisSource\": \"a+s\",\n \"ipv4\": \"54.154.32.113\"\n },\n {\n \"domain\": \"certs.advantio.com\",\n \"openedPort\": 443,\n \"protocol\": \"tcp\",\n \"versions\": [\n \"-TLSv1\",\n \"-SSLv2\",\n \"-SSLv3\",\n \"-TLSv1.1\",\n \"TLSv1.2\",\n \"TLSv1.3\"\n ],\n \"expired\": false,\n \"certificateRiskGrade\": 1,\n \"issuer\": \"GoDaddy.com, Inc.\",\n \"isIssuerTrusted\": false,\n \"blacklisted\": false,\n \"validPeer\": true,\n \"deprecatedIssuer\": false,\n \"nameMatch\": true,\n \"valid\": true,\n \"isTlsPortWithNoCertificate\": false,\n \"analysisSource\": \"a+s\",\n \"ipv4\": \"188.166.129.254\"\n }\n ],\n \"mxRecord\": {\n \"isDmarcEnabled\": null,\n \"isDmarcEnforced\": null,\n \"isEmailConfigured\": null,\n \"isEmailSpoofable\": null,\n \"isFreeEmail\": null\n },\n \"rootDomainExposure\": {\n \"isDataLeaked\": false,\n \"isBlacklisted\": false,\n \"dataLeaks\": null,\n \"blacklists\": null\n },\n \"domainsSecurity\": {\n \"securityHeaders\": [\n {\n \"domain\": \"go.advantio.com\",\n \"violations\": [\n {\n \"headerName\": \"strict-transport-security\",\n \"violationReason\": \"Missing security header.\",\n \"violationGrade\": 3\n },\n {\n \"headerName\": \"x-content-type-options\",\n \"violationReason\": \"Missing security header.\",\n \"violationGrade\": 3\n },\n {\n \"headerName\": \"referrer-policy\",\n \"violationReason\": \"Missing security header.\",\n \"violationGrade\": 3\n },\n {\n \"headerName\": \"x-frame-options\",\n \"violationReason\": \"Missing security header.\",\n \"violationGrade\": 3\n },\n {\n \"headerName\": \"content-security-policy\",\n \"violationReason\": \"Missing security header.\",\n \"violationGrade\": 3\n },\n {\n \"headerName\": \"x-xss-protection\",\n \"violationReason\": \"Missing security header. This is deprecated by content-security-policy.\",\n \"violationGrade\": 3\n },\n {\n \"headerName\": \"x-permitted-cross-domain-policies\",\n \"violationReason\": \"Missing security header.\",\n \"violationGrade\": 3\n },\n {\n \"headerName\": \"feature-policy\",\n \"violationReason\": \"Missing security header.\",\n \"violationGrade\": 3\n }\n ],\n \"code\": 301,\n \"status\": \"HTTP/1.1 301 Moved Permanently\",\n \"date\": \"Tue, 02 Feb 2021 17:00:00 GMT\",\n \"server\": \"cloudflare\",\n \"upgrade\": null,\n \"connection\": \"keep-alive\",\n \"last-modified\": null,\n \"etag\": null,\n \"accept-ranges\": null,\n \"content-length\": null,\n \"vary\": \"Accept-Encoding\",\n \"content-type\": null,\n \"strict-transport-security\": null,\n \"x-xss-protection\": null,\n \"x-content-type-options\": null,\n \"referrer-policy\": null,\n \"x-frame-options\": null,\n \"content-security-policy\": null,\n \"x-permitted-cross-domain-policies\": null,\n \"feature-policy\": null,\n \"expect-ct\": \"max-age=604800, report-uri=\\\"https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct\\\"\",\n \"set-cookie\": \"__cfduid=d8eba999bb1b8242764011c806ad2e9ad1612285200; expires=Thu, 04-Mar-21 17:00:00 GMT; path=/; domain=.go.advantio.com; HttpOnly; SameSite=Lax __cfruid=99a85f93277acc9e56f7851af672eaf75d376b52-1612285200; path=/; domain=.go.advantio.com; HttpOnly; Secure; SameSite=None\"\n },\n {\n \"domain\": \"blue.advantio.com\",\n \"violations\": [\n {\n \"headerName\": \"strict-transport-security\",\n \"violationReason\": \"Missing security header.\",\n \"violationGrade\": 3\n },\n {\n \"headerName\": \"x-content-type-options\",\n \"violationReason\": \"Missing security header.\",\n \"violationGrade\": 3\n },\n {\n \"headerName\": \"referrer-policy\",\n \"violationReason\": \"Missing security header.\",\n \"violationGrade\": 3\n },\n {\n \"headerName\": \"x-frame-options\",\n \"violationReason\": \"Missing security header.\",\n \"violationGrade\": 3\n },\n {\n \"headerName\": \"content-security-policy\",\n \"violationReason\": \"Missing security header.\",\n \"violationGrade\": 3\n },\n {\n \"headerName\": \"x-xss-protection\",\n \"violationReason\": \"Missing security header. This is deprecated by content-security-policy.\",\n \"violationGrade\": 3\n },\n {\n \"headerName\": \"x-permitted-cross-domain-policies\",\n \"violationReason\": \"Missing security header.\",\n \"violationGrade\": 3\n },\n {\n \"headerName\": \"feature-policy\",\n \"violationReason\": \"Missing security header.\",\n \"violationGrade\": 3\n },\n {\n \"headerName\": \"expect-ct\",\n \"violationReason\": \"Missing security header.\",\n \"violationGrade\": 1\n }\n ],\n \"code\": 403,\n \"status\": \"HTTP/1.1 403 Forbidden\",\n \"date\": \"Tue, 02 Feb 2021 17:00:11 GMT\",\n \"server\": \"nginx\",\n \"upgrade\": null,\n \"connection\": \"keep-alive\",\n \"last-modified\": null,\n \"etag\": null,\n \"accept-ranges\": null,\n \"content-length\": \"162\",\n \"vary\": null,\n \"content-type\": \"text/html\",\n \"strict-transport-security\": null,\n \"x-xss-protection\": null,\n \"x-content-type-options\": null,\n \"referrer-policy\": null,\n \"x-frame-options\": null,\n \"content-security-policy\": null,\n \"x-permitted-cross-domain-policies\": null,\n \"feature-policy\": null,\n \"expect-ct\": null,\n \"set-cookie\": null\n },\n {\n \"domain\": \"www.advantio.com\",\n \"violations\": [\n {\n \"headerName\": \"x-content-type-options\",\n \"violationReason\": \"Missing security header.\",\n \"violationGrade\": 3\n },\n {\n \"headerName\": \"x-frame-options\",\n \"violationReason\": \"Missing security header.\",\n \"violationGrade\": 3\n },\n {\n \"headerName\": \"x-permitted-cross-domain-policies\",\n \"violationReason\": \"Missing security header.\",\n \"violationGrade\": 3\n },\n {\n \"headerName\": \"feature-policy\",\n \"violationReason\": \"Missing security header.\",\n \"violationGrade\": 3\n }\n ],\n \"code\": 200,\n \"status\": \"HTTP/1.1 200 OK\",\n \"date\": \"Tue, 02 Feb 2021 17:00:21 GMT\",\n \"server\": \"cloudflare\",\n \"upgrade\": null,\n \"connection\": \"keep-alive\",\n \"last-modified\": null,\n \"etag\": null,\n \"accept-ranges\": null,\n \"content-length\": null,\n \"vary\": \"Accept-Encoding\",\n \"content-type\": \"text/html;charset=utf-8\",\n \"strict-transport-security\": \"max-age=3628800\",\n \"x-xss-protection\": null,\n \"x-content-type-options\": null,\n \"referrer-policy\": \"no-referrer-when-downgrade\",\n \"x-frame-options\": null,\n \"content-security-policy\": \"upgrade-insecure-requests\",\n \"x-permitted-cross-domain-policies\": null,\n \"feature-policy\": null,\n \"expect-ct\": \"max-age=604800, report-uri=\\\"https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct\\\"\",\n \"set-cookie\": \"__cfduid=dcd2b6cfca95c6de7a9aaf12c0545c0a11612285221; expires=Thu, 04-Mar-21 17:00:21 GMT; path=/; domain=.www.advantio.com; HttpOnly; SameSite=Lax __cfruid=fea2f20552b738c32b100175d180c173b40bb98e-1612285221; path=/; domain=.www.advantio.com; HttpOnly; Secure; SameSite=None\"\n },\n {\n \"domain\": \"mail.advantio.com\",\n \"violations\": [\n {\n \"headerName\": \"x-content-type-options\",\n \"violationReason\": \"Missing security header.\",\n \"violationGrade\": 3\n },\n {\n \"headerName\": \"referrer-policy\",\n \"violationReason\": \"Missing security header.\",\n \"violationGrade\": 3\n },\n {\n \"headerName\": \"x-frame-options\",\n \"violationReason\": \"Missing security header.\",\n \"violationGrade\": 3\n },\n {\n \"headerName\": \"content-security-policy\",\n \"violationReason\": \"Missing security header.\",\n \"violationGrade\": 3\n },\n {\n \"headerName\": \"x-xss-protection\",\n \"violationReason\": \"Missing security header. This is deprecated by content-security-policy.\",\n \"violationGrade\": 3\n },\n {\n \"headerName\": \"x-permitted-cross-domain-policies\",\n \"violationReason\": \"Missing security header.\",\n \"violationGrade\": 3\n },\n {\n \"headerName\": \"feature-policy\",\n \"violationReason\": \"Missing security header.\",\n \"violationGrade\": 3\n }\n ],\n \"code\": 301,\n \"status\": \"HTTP/1.1 301 Moved Permanently\",\n \"date\": \"Tue, 02 Feb 2021 17:00:41 GMT\",\n \"server\": \"cloudflare\",\n \"upgrade\": null,\n \"connection\": \"keep-alive\",\n \"last-modified\": null,\n \"etag\": null,\n \"accept-ranges\": null,\n \"content-length\": null,\n \"vary\": \"Accept-Encoding\",\n \"content-type\": null,\n \"strict-transport-security\": \"max-age=31536000; includeSubDomains\",\n \"x-xss-protection\": null,\n \"x-content-type-options\": null,\n \"referrer-policy\": null,\n \"x-frame-options\": null,\n \"content-security-policy\": null,\n \"x-permitted-cross-domain-policies\": null,\n \"feature-policy\": null,\n \"expect-ct\": \"max-age=604800, report-uri=\\\"https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct\\\"\",\n \"set-cookie\": \"__cfduid=d5b3c76ab9f5bb7f7cafa0063a3ae30771612285241; expires=Thu, 04-Mar-21 17:00:41 GMT; path=/; domain=.mail.advantio.com; HttpOnly; SameSite=Lax __cfruid=fa15a195f3b558ecb34b464dce64c4902fe979db-1612285241; path=/; domain=.mail.advantio.com; HttpOnly; Secure; SameSite=None\"\n }\n ],\n \"securityProperties\": [\n {\n \"domain\": \"go.advantio.com\",\n \"trustScore\": 100,\n \"isSuspendedSite\": false,\n \"isMostAbusedTld\": false,\n \"isRobotsNoindex\": false,\n \"isEmptyPageTitle\": false,\n \"isDomainBlacklisted\": false,\n \"isSuspiciousDomain\": false,\n \"isSinkholedDomain\": false,\n \"isRiskyGeoLocation\": false,\n \"isChinaCountry\": false,\n \"isExternalRedirect\": true,\n \"isValidHttps\": true,\n \"isWebsitePopular\": false,\n \"isDomainRecent\": \"no\",\n \"isHeuristicPattern\": false\n },\n {\n \"domain\": \"blue.advantio.com\",\n \"trustScore\": 100,\n \"isSuspendedSite\": false,\n \"isMostAbusedTld\": false,\n \"isRobotsNoindex\": false,\n \"isEmptyPageTitle\": false,\n \"isDomainBlacklisted\": false,\n \"isSuspiciousDomain\": false,\n \"isSinkholedDomain\": false,\n \"isRiskyGeoLocation\": false,\n \"isChinaCountry\": false,\n \"isExternalRedirect\": false,\n \"isValidHttps\": true,\n \"isWebsitePopular\": false,\n \"isDomainRecent\": \"no\",\n \"isHeuristicPattern\": false\n },\n {\n \"domain\": \"www.advantio.com\",\n \"trustScore\": 100,\n \"isSuspendedSite\": false,\n \"isMostAbusedTld\": false,\n \"isRobotsNoindex\": false,\n \"isEmptyPageTitle\": false,\n \"isDomainBlacklisted\": false,\n \"isSuspiciousDomain\": false,\n \"isSinkholedDomain\": false,\n \"isRiskyGeoLocation\": false,\n \"isChinaCountry\": false,\n \"isExternalRedirect\": false,\n \"isValidHttps\": true,\n \"isWebsitePopular\": false,\n \"isDomainRecent\": \"no\",\n \"isHeuristicPattern\": false\n },\n {\n \"domain\": \"certs.advantio.com\",\n \"trustScore\": 100,\n \"isSuspendedSite\": false,\n \"isMostAbusedTld\": false,\n \"isRobotsNoindex\": false,\n \"isEmptyPageTitle\": false,\n \"isDomainBlacklisted\": false,\n \"isSuspiciousDomain\": false,\n \"isSinkholedDomain\": false,\n \"isRiskyGeoLocation\": false,\n \"isChinaCountry\": false,\n \"isExternalRedirect\": false,\n \"isValidHttps\": true,\n \"isWebsitePopular\": false,\n \"isDomainRecent\": \"no\",\n \"isHeuristicPattern\": false\n },\n {\n \"domain\": \"mail.advantio.com\",\n \"trustScore\": 100,\n \"isSuspendedSite\": false,\n \"isMostAbusedTld\": false,\n \"isRobotsNoindex\": false,\n \"isEmptyPageTitle\": false,\n \"isDomainBlacklisted\": false,\n \"isSuspiciousDomain\": false,\n \"isSinkholedDomain\": false,\n \"isRiskyGeoLocation\": false,\n \"isChinaCountry\": false,\n \"isExternalRedirect\": true,\n \"isValidHttps\": true,\n \"isWebsitePopular\": false,\n \"isDomainRecent\": \"no\",\n \"isHeuristicPattern\": false\n }\n ],\n \"normalizedDomainBasedScores\": [\n {\n \"domain\": \"blue.advantio.com\",\n \"normalizedScore\": 62,\n \"certificatesRiskGrade\": 1,\n \"containsCategory3HeadersViolations\": true\n },\n {\n \"domain\": \"mail.advantio.com\",\n \"normalizedScore\": 62,\n \"certificatesRiskGrade\": 1,\n \"containsCategory3HeadersViolations\": true\n },\n {\n \"domain\": \"www.advantio.com\",\n \"normalizedScore\": 62,\n \"certificatesRiskGrade\": 1,\n \"containsCategory3HeadersViolations\": true\n },\n {\n \"domain\": \"go.advantio.com\",\n \"normalizedScore\": 62,\n \"certificatesRiskGrade\": 1,\n \"containsCategory3HeadersViolations\": true\n },\n {\n \"domain\": \"certs.advantio.com\",\n \"normalizedScore\": 89,\n \"certificatesRiskGrade\": 1,\n \"containsCategory3HeadersViolations\": false\n }\n ],\n \"pulses\": null\n },\n \"ipsSecurity\": {\n \"securityAssessments\": [\n {\n \"isFurtherInvestigationSuggested\": null,\n \"hasCves\": true,\n \"score\": null,\n \"cvss2\": 5.76,\n \"ports\": [\n {\n \"openedPort\": 443,\n \"protocol\": \"tcp\"\n }\n ],\n \"discoveredPortsGrade\": 2,\n \"normalizedScore\": 55,\n \"ipv4\": \"188.166.129.254\",\n \"cpes\": [\n {\n \"cpe\": \"cpe:/a:nginx:nginx:1.4.6\",\n \"cves\": [\n {\n \"id\": \"CVE-2018-16845\",\n \"assigner\": \"cve@mitre.org\",\n \"description\": \"nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module.\",\n \"cvss2\": 5.8,\n \"cvss2Severity\": \"MEDIUM\",\n \"cvss3\": 6.1,\n \"cvss3Severity\": \"MEDIUM\",\n \"published\": \"2018-11-07T14:29:00.000+00:00\"\n },\n {\n \"id\": \"CVE-2017-7529\",\n \"assigner\": \"cve@mitre.org\",\n \"description\": \"Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.\",\n \"cvss2\": 5,\n \"cvss2Severity\": \"MEDIUM\",\n \"cvss3\": 7.5,\n \"cvss3Severity\": \"HIGH\",\n \"published\": \"2017-07-13T13:29:00.000+00:00\"\n },\n {\n \"id\": \"CVE-2016-4450\",\n \"assigner\": \"cve@mitre.org\",\n \"description\": \"os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary file.\",\n \"cvss2\": 5,\n \"cvss2Severity\": \"MEDIUM\",\n \"cvss3\": 7.5,\n \"cvss3Severity\": \"HIGH\",\n \"published\": \"2016-06-07T14:06:00.000+00:00\"\n },\n {\n \"id\": \"CVE-2016-0747\",\n \"assigner\": \"cve@mitre.org\",\n \"description\": \"The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution.\",\n \"cvss2\": 5,\n \"cvss2Severity\": \"MEDIUM\",\n \"cvss3\": 5.3,\n \"cvss3Severity\": \"MEDIUM\",\n \"published\": \"2016-02-15T19:59:00.000+00:00\"\n },\n {\n \"id\": \"CVE-2016-0746\",\n \"assigner\": \"cve@mitre.org\",\n \"description\": \"Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (worker process crash) or possibly have unspecified other impact via a crafted DNS response related to CNAME response processing.\",\n \"cvss2\": 7.5,\n \"cvss2Severity\": \"HIGH\",\n \"cvss3\": 9.8,\n \"cvss3Severity\": \"CRITICAL\",\n \"published\": \"2016-02-15T19:59:00.000+00:00\"\n },\n {\n \"id\": \"CVE-2016-0742\",\n \"assigner\": \"cve@mitre.org\",\n \"description\": \"The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.\",\n \"cvss2\": 5,\n \"cvss2Severity\": \"MEDIUM\",\n \"cvss3\": 7.5,\n \"cvss3Severity\": \"HIGH\",\n \"published\": \"2016-02-15T19:59:00.000+00:00\"\n },\n {\n \"id\": \"CVE-2014-3616\",\n \"assigner\": \"cve@mitre.org\",\n \"description\": \"nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct \\\"virtual host confusion\\\" attacks.\",\n \"cvss2\": 4.3,\n \"cvss2Severity\": \"MEDIUM\",\n \"cvss3\": null,\n \"cvss3Severity\": null,\n \"published\": \"2014-12-08T11:59:00.000+00:00\"\n },\n {\n \"id\": \"CVE-2014-0133\",\n \"assigner\": \"cve@mitre.org\",\n \"description\": \"Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request.\",\n \"cvss2\": 7.5,\n \"cvss2Severity\": \"HIGH\",\n \"cvss3\": null,\n \"cvss3Severity\": null,\n \"published\": \"2014-03-28T15:55:00.000+00:00\"\n },\n {\n \"id\": \"CVE-2009-4487\",\n \"assigner\": \"cve@mitre.org\",\n \"description\": \"nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.\",\n \"cvss2\": 6.8,\n \"cvss2Severity\": \"MEDIUM\",\n \"cvss3\": null,\n \"cvss3Severity\": null,\n \"published\": \"2010-01-13T20:30:00.000+00:00\"\n },\n {\n \"id\": \"CVE-2019-20372\",\n \"assigner\": \"cve@mitre.org\",\n \"description\": \"NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.\",\n \"cvss2\": 4.3,\n \"cvss2Severity\": \"MEDIUM\",\n \"cvss3\": 5.3,\n \"cvss3Severity\": \"MEDIUM\",\n \"published\": \"2020-01-09T21:15:00.000+00:00\"\n },\n {\n \"id\": \"CVE-2016-1247\",\n \"assigner\": \"cve@mitre.org\",\n \"description\": \"The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx packages before 1.4.6-1ubuntu3.6 on Ubuntu 14.04 LTS, before 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS, and before 1.10.1-0ubuntu1.1 on Ubuntu 16.10, and the nginx ebuild before 1.10.2-r3 on Gentoo allow local users with access to the web server user account to gain root privileges via a symlink attack on the error log.\",\n \"cvss2\": 7.2,\n \"cvss2Severity\": \"HIGH\",\n \"cvss3\": 7.8,\n \"cvss3Severity\": \"HIGH\",\n \"published\": \"2016-11-29T17:59:00.000+00:00\"\n }\n ]\n }\n ],\n \"cves\": null\n },\n {\n \"isFurtherInvestigationSuggested\": null,\n \"hasCves\": false,\n \"score\": null,\n \"cvss2\": null,\n \"ports\": [\n {\n \"openedPort\": 443,\n \"protocol\": \"tcp\"\n },\n {\n \"openedPort\": 80,\n \"protocol\": \"tcp\"\n }\n ],\n \"discoveredPortsGrade\": 2,\n \"normalizedScore\": 85,\n \"ipv4\": \"54.154.32.113\",\n \"cpes\": null,\n \"cves\": null\n },\n {\n \"isFurtherInvestigationSuggested\": null,\n \"hasCves\": false,\n \"score\": null,\n \"cvss2\": null,\n \"ports\": [\n {\n \"openedPort\": 8880,\n \"protocol\": \"tcp\"\n },\n {\n \"openedPort\": 2052,\n \"protocol\": \"tcp\"\n },\n {\n \"openedPort\": 2095,\n \"protocol\": \"tcp\"\n },\n {\n \"openedPort\": 443,\n \"protocol\": \"tcp\"\n },\n {\n \"openedPort\": 8080,\n \"protocol\": \"tcp\"\n },\n {\n \"openedPort\": 80,\n \"protocol\": \"tcp\"\n },\n {\n \"openedPort\": 2083,\n \"protocol\": \"tcp\"\n },\n {\n \"openedPort\": 8443,\n \"protocol\": \"tcp\"\n },\n {\n \"openedPort\": 2087,\n \"protocol\": \"tcp\"\n },\n {\n \"openedPort\": 2082,\n \"protocol\": \"tcp\"\n },\n {\n \"openedPort\": 2086,\n \"protocol\": \"tcp\"\n }\n ],\n \"discoveredPortsGrade\": 5,\n \"normalizedScore\": 52,\n \"ipv4\": \"199.60.103.254\",\n \"cpes\": null,\n \"cves\": null\n }\n ],\n \"pulses\": [\n {\n \"pulses\": [\n {\n \"indicator_type_counts\": {\n \"IPv4\": null\n },\n \"pulse_source\": \"web\",\n \"TLP\": \"white\",\n \"description\": \"\",\n \"subscriber_count\": 114,\n \"tags\": [\n \"url https\",\n \"url http\",\n \"domain\",\n \"united\",\n \"last analyzed\",\n \"date\",\n \"pm google\",\n \"safe browsing\",\n \"file type\",\n \"html\",\n \"filemagic\",\n \"html document\"\n ],\n \"export_count\": 7,\n \"malware_families\": [],\n \"is_modified\": true,\n \"upvotes_count\": 0,\n \"modified_text\": \"16 hours ago \",\n \"is_subscribing\": null,\n \"references\": [\n \"otx: A security alert has been carried out on the Bt.bt.com website, which is a Whitelist Domain, but which has not been identified as a malicious website or malicious web address.\",\n \"Bt.bt.com\",\n \"otx: The full list of names and figures has been released by the Office of National Statistics (ONS) and the Department of Health and Social Security (DPSS) for the next two years..\"\n ],\n \"targeted_countries\": [],\n \"groups\": [],\n \"vote\": 0,\n \"validator_count\": 0,\n \"threat_hunter_scannable\": true,\n \"is_author\": false,\n \"adversary\": \"\",\n \"id\": \"5ff0f9fff786b3ad24661181\",\n \"industries\": [],\n \"locked\": false,\n \"name\": \"Bt.bt.com #telcos around the world implanted 6 years ago\",\n \"created\": \"2021-01-02T22:55:59.960000\",\n \"related_indicator_is_active\": 0,\n \"threat_hunter_has_agents\": 1,\n \"cloned_from\": null,\n \"downvotes_count\": 0,\n \"modified\": \"2021-02-02T00:02:18.248000\",\n \"comment_count\": 0,\n \"indicator_count\": 11170,\n \"attack_ids\": [],\n \"in_group\": false,\n \"follower_count\": 0,\n \"votes_count\": 0,\n \"author\": {\n \"username\": \"dorkingbeauty1\",\n \"is_subscribed\": false,\n \"avatar_url\": \"https://otx20-web-media.s3.amazonaws.com/media/avatars/user_80137/resized/80/avatar_54d0ee2979.png\",\n \"is_following\": false,\n \"id\": \"80137\"\n },\n \"related_indicator_type\": \"IPv4\",\n \"public\": 1\n },\n {\n \"indicator_type_counts\": {\n \"IPv4\": 244\n },\n \"pulse_source\": \"web\",\n \"TLP\": \"green\",\n \"description\": \"\",\n \"subscriber_count\": 115,\n \"tags\": [\n \"tls handshake\",\n \"failure\",\n \"windows nt\",\n \"msie\",\n \"wow64\",\n \"slcc2\",\n \"media center\",\n \"united\",\n \"limited\",\n \"owotrus ca\",\n \"meta\",\n \"write\",\n \"unknown\",\n \"path\",\n \"malware\",\n \"error\",\n \"copy\",\n \"facebook\",\n \"date\",\n \"3f17f3a8500864d86c5a60831f10bceb289510ae80bb3d0958e5ad8ea1eabc23\",\n \"360.cn\"\n ],\n \"export_count\": 2,\n \"malware_families\": [],\n \"is_modified\": true,\n \"upvotes_count\": 0,\n \"modified_text\": \"21 days ago \",\n \"is_subscribing\": null,\n \"references\": [\n \"A security alert has been issued following a series of attacks on websites, email addresses and other websites in the United States and Canada, which have been linked to a network of malicious software, but which has not yet been identified.\",\n \"3f17f3a8500864d86c5a60831f10bceb289510ae80bb3d0958e5ad8ea1eabc23\",\n \"ADVAPI32.dll KERNEL32.dll NTDLL.DLL GDI32.dll USER32.dll COMCTL32.dll VERSION.dll CheckTokenMembership advapi32.dll SeShutdownPrivilege DelNodeRunDLL32 advpack.dll wininit.ini Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\App Paths setupapi.dll setupx.dll AdvancedINF UPDFILE%lu IXP%03d. Technique ID: T1140 ATTACKID Technique Name: Deobfuscate/Decode Files or Information\",\n \"InternalName Wextract FileVersion 6.00.2900.5512 (xpsp.080413-2105) CompanyName Microsoft Corporation ProductName Microsoft® Windows® Operating System ProductVersion 6.00.2900.5512 FileDescription Win32 Cabinet Self-Extractor OriginalFilename WEXTRACT.EXE Screenshot Mutexes Local\\\\c:!users!administrator!appdata!roaming!microsoft!windows!ietldcache! Technique ID: T1553 ATTACKID Technique Name: Subvert Trust Controls\",\n \"Windows 95 or Windows NT is required to install Could not create folder '%s' To install this program, you need %s KB disk space on drive %s. It is recommended that you free up the required disk space before you continue. Technique ID: T1547 ATTACKID Technique Name: Boot or Logon Autostart Execution\",\n \"Ru LLC 217.69.133.145 top-fwz1.mail.ru Russia COUNTRYAS47764 Mail. Ru LLC 217.69.139.102 img.imgsmail.ru Russia COUNTRYAS47764 Mail. Ru LLC 217.69.139.211 limg.imgsmail.ru Russia COUNTRYAS47764 Mail. Ru LLC 217.69.139.244 r.mradx.net Russia COUNTRYAS47764 Mail. Ru LLC 217.69.139.58 portal.mail.ru Russia COUNTRYAS47764 Mail.\",\n \"A malicious software packer has been detected in the system by Yara, a security researcher at the University of California, New York.. and it was found to be an unauthorised file.\",\n \"360.cn\",\n \"otx: The latest in a long line of high-profile figures from the world of technology and technology has been released.. and it's been a busy week for the tech-savvy community in Australia.\"\n ],\n \"targeted_countries\": [\n \"Russian Federation\"\n ],\n \"groups\": [],\n \"vote\": 0,\n \"validator_count\": 0,\n \"threat_hunter_scannable\": true,\n \"is_author\": false,\n \"adversary\": \"\",\n \"id\": \"5ffcc7e47f5025e4d62a0612\",\n \"industries\": [],\n \"locked\": false,\n \"name\": \"3f17f3a8500864d86c5a60831f10bceb289510ae80bb3d0958e5ad8ea1eabc23\",\n \"created\": \"2021-01-11T21:49:24.837000\",\n \"related_indicator_is_active\": 1,\n \"threat_hunter_has_agents\": 1,\n \"cloned_from\": null,\n \"downvotes_count\": 0,\n \"modified\": \"2021-01-11T22:41:08.189000\",\n \"comment_count\": 0,\n \"indicator_count\": 10066,\n \"attack_ids\": [\n {\n \"id\": \"T1036\",\n \"name\": \"Masquerading\",\n \"display_name\": \"T1036 - Masquerading\"\n },\n {\n \"id\": \"T1045\",\n \"name\": \"Software Packing\",\n \"display_name\": \"T1045 - Software Packing\"\n },\n {\n \"id\": \"T1053\",\n \"name\": \"Scheduled Task/Job\",\n \"display_name\": \"T1053 - Scheduled Task/Job\"\n },\n {\n \"id\": \"T1060\",\n \"name\": \"Registry Run Keys / Startup Folder\",\n \"display_name\": \"T1060 - Registry Run Keys / Startup Folder\"\n },\n {\n \"id\": \"T1129\",\n \"name\": \"Shared Modules\",\n \"display_name\": \"T1129 - Shared Modules\"\n },\n {\n \"id\": \"T1140\",\n \"name\": \"Deobfuscate/Decode Files or Information\",\n \"display_name\": \"T1140 - Deobfuscate/Decode Files or Information\"\n },\n {\n \"id\": \"T1547\",\n \"name\": \"Boot or Logon Autostart Execution\",\n \"display_name\": \"T1547 - Boot or Logon Autostart Execution\"\n },\n {\n \"id\": \"T1553\",\n \"name\": \"Subvert Trust Controls\",\n \"display_name\": \"T1553 - Subvert Trust Controls\"\n }\n ],\n \"in_group\": false,\n \"follower_count\": 0,\n \"votes_count\": 0,\n \"author\": {\n \"username\": \"dorkingbeauty1\",\n \"is_subscribed\": false,\n \"avatar_url\": \"https://otx20-web-media.s3.amazonaws.com/media/avatars/user_80137/resized/80/avatar_54d0ee2979.png\",\n \"is_following\": false,\n \"id\": \"80137\"\n },\n \"related_indicator_type\": \"IPv4\",\n \"public\": 1\n },\n {\n \"indicator_type_counts\": {\n \"IPv4\": null\n },\n \"pulse_source\": \"web\",\n \"TLP\": \"green\",\n \"description\": \"someone needs to have a good dig around here its messy to say the least\",\n \"subscriber_count\": 115,\n \"tags\": [],\n \"export_count\": 4,\n \"malware_families\": [],\n \"is_modified\": true,\n \"upvotes_count\": 0,\n \"modified_text\": \"28 days ago \",\n \"is_subscribing\": null,\n \"references\": [\n \"www.kent.edu\\t143.204.217.99\\t143.204.217.53\\t52.84.145.120\\t... www-s3-live.kent.edu\\t54.192.66.32\\t13.225.25.36\\t13.225.25.117\\t... msauth.kent.edu\\t131.123.246.126\\t\\t\\t personal.kent.edu\\t131.123.92.17\\t131.123.250.212\\t\\t learn.kent.edu\\t131.123.246.140\\t\\t\\t mappingmay4.kent.edu\\t18.219.93.158\\t52.1.65.170\\t\\t digitalcommons.kent.edu\\t131.123.92.180\\t13.57.92.51\\t50.18.241.247\\t... flashline-qa.kent.edu\\t23.185.0.2\\t23.23.214.160\\t\\t flash-at-work.kent.edu\\t131.123.246.79\\t131.123.246.51\\t\\t flashline.kent.edu\\t23.185.0.2\\t23.23.214.160\\t5\",\n \"https://www.virustotal.com/gui/domain/pan-vpn-dev-priv.netdev.kent.edu/relations\",\n \"A look back at some of the most eye-catching stories from the past 12 months, as well as those from this year's BBC World News: www.kent.gov.com.\"\n ],\n \"targeted_countries\": [],\n \"groups\": [],\n \"vote\": 0,\n \"validator_count\": 0,\n \"threat_hunter_scannable\": true,\n \"is_author\": false,\n \"adversary\": \"\",\n \"id\": \"5fccdea3ce4e0d3dd9aedf5b\",\n \"industries\": [],\n \"locked\": false,\n \"name\": \"kent.edu -siblings list from vt - all known associated ioc's - vpn compromised\",\n \"created\": \"2020-12-06T13:37:39.650000\",\n \"related_indicator_is_active\": 0,\n \"threat_hunter_has_agents\": 1,\n \"cloned_from\": null,\n \"downvotes_count\": 0,\n \"modified\": \"2021-01-05T00:00:11.429000\",\n \"comment_count\": 0,\n \"indicator_count\": 1782,\n \"attack_ids\": [],\n \"in_group\": false,\n \"follower_count\": 0,\n \"votes_count\": 0,\n \"author\": {\n \"username\": \"dorkingbeauty1\",\n \"is_subscribed\": false,\n \"avatar_url\": \"https://otx20-web-media.s3.amazonaws.com/media/avatars/user_80137/resized/80/avatar_54d0ee2979.png\",\n \"is_following\": false,\n \"id\": \"80137\"\n },\n \"related_indicator_type\": \"IPv4\",\n \"public\": 1\n },\n {\n \"indicator_type_counts\": {\n \"IPv4\": 129\n },\n \"pulse_source\": \"web\",\n \"TLP\": \"green\",\n \"description\": \"\",\n \"subscriber_count\": 114,\n \"tags\": [\n \"geoip\",\n \"as16509\",\n \"amazon02\",\n \"seattle\",\n \"apache geoip\",\n \"ashburn\",\n \"as20940\",\n \"akamaiasn1\",\n \"as21409\",\n \"ikoula\",\n \"apache\",\n \"main\",\n \"cname\",\n \"mid701725\",\n \"rid604107\",\n \"s1588\",\n \"elqaid701725\",\n \"elqat1\",\n \"name servers\",\n \"status\",\n \"moved\",\n \"search\",\n \"date\",\n \"ip address\",\n \"united\",\n \"last analyzed\",\n \"am google\",\n \"safe browsing\",\n \"file type\",\n \"html\",\n \"filemagic\"\n ],\n \"export_count\": 3,\n \"malware_families\": [],\n \"is_modified\": true,\n \"upvotes_count\": 0,\n \"modified_text\": \"28 days ago \",\n \"is_subscribing\": null,\n \"references\": [\n \"otx: A malicious web address has been detected on Google's search engine, but it is not believed to be malicious, according to a report published in the New York Times on Tuesday.. and the BBC\",\n \"otx: The following is the full text of this article, which contains the words \\\"hobbit\\\" and \\\"dave\\\", as part of its search for the most common domain name on the internet.\",\n \"otx: This is the full text of the text below:.en25.sc.com, the website used by BBC Newsnight, BBC Radio 4 and BBC iPlayer, for the first time.\",\n \"otx: ere are the key snippets from the latest in a series of posts on Facebook, Twitter and other social media.. and the BBC News website. the first of its kind. (as well as its own).\"\n ],\n \"targeted_countries\": [],\n \"groups\": [],\n \"vote\": 0,\n \"validator_count\": 0,\n \"threat_hunter_scannable\": true,\n \"is_author\": false,\n \"adversary\": \"\",\n \"id\": \"5ff31e66f24503fbdb3e8a5e\",\n \"industries\": [],\n \"locked\": false,\n \"name\": \"numberg\",\n \"created\": \"2021-01-04T13:55:50.985000\",\n \"related_indicator_is_active\": 1,\n \"threat_hunter_has_agents\": 1,\n \"cloned_from\": null,\n \"downvotes_count\": 0,\n \"modified\": \"2021-01-04T23:22:05.558000\",\n \"comment_count\": 0,\n \"indicator_count\": 3171,\n \"attack_ids\": [],\n \"in_group\": false,\n \"follower_count\": 0,\n \"votes_count\": 0,\n \"author\": {\n \"username\": \"dorkingbeauty1\",\n \"is_subscribed\": false,\n \"avatar_url\": \"https://otx20-web-media.s3.amazonaws.com/media/avatars/user_80137/resized/80/avatar_54d0ee2979.png\",\n \"is_following\": false,\n \"id\": \"80137\"\n },\n \"related_indicator_type\": \"IPv4\",\n \"public\": 1\n },\n {\n \"indicator_type_counts\": {\n \"IPv4\": null\n },\n \"pulse_source\": \"api\",\n \"TLP\": \"white\",\n \"description\": \"Data from https://phishstats.info/phish_score.csv\",\n \"subscriber_count\": 189,\n \"tags\": [],\n \"export_count\": 1,\n \"malware_families\": [],\n \"is_modified\": true,\n \"upvotes_count\": 0,\n \"modified_text\": \"53 days ago \",\n \"is_subscribing\": null,\n \"references\": [],\n \"targeted_countries\": [],\n \"groups\": [],\n \"vote\": 0,\n \"validator_count\": 0,\n \"threat_hunter_scannable\": false,\n \"is_author\": false,\n \"adversary\": \"\",\n \"id\": \"5fc9f095d6e49586833bd3e9\",\n \"industries\": [],\n \"locked\": false,\n \"name\": \"phishstats-1-20201204-0917\",\n \"created\": \"2020-12-04T08:17:25.980000\",\n \"related_indicator_is_active\": 0,\n \"threat_hunter_has_agents\": 1,\n \"cloned_from\": null,\n \"downvotes_count\": 0,\n \"modified\": \"2020-12-11T00:03:12.661000\",\n \"comment_count\": 0,\n \"indicator_count\": 0,\n \"attack_ids\": [],\n \"in_group\": false,\n \"follower_count\": 0,\n \"votes_count\": 0,\n \"author\": {\n \"username\": \"ZENDataGE\",\n \"is_subscribed\": false,\n \"avatar_url\": \"https://otx.alienvault.com/assets/images/default-avatar.png\",\n \"is_following\": false,\n \"id\": \"94417\"\n },\n \"related_indicator_type\": \"IPv4\",\n \"public\": 1\n },\n {\n \"indicator_type_counts\": {\n \"IPv4\": null\n },\n \"pulse_source\": \"api\",\n \"TLP\": \"white\",\n \"description\": \"Data from https://phishstats.info/phish_score.csv\",\n \"subscriber_count\": 190,\n \"tags\": [],\n \"export_count\": 0,\n \"malware_families\": [],\n \"is_modified\": true,\n \"upvotes_count\": 0,\n \"modified_text\": \"54 days ago \",\n \"is_subscribing\": null,\n \"references\": [],\n \"targeted_countries\": [],\n \"groups\": [],\n \"vote\": 0,\n \"validator_count\": 0,\n \"threat_hunter_scannable\": false,\n \"is_author\": false,\n \"adversary\": \"\",\n \"id\": \"5fc8a76368df12a5ebe5fc82\",\n \"industries\": [],\n \"locked\": false,\n \"name\": \"phishstats-1-20201203-0952\",\n \"created\": \"2020-12-03T08:52:51.127000\",\n \"related_indicator_is_active\": 0,\n \"threat_hunter_has_agents\": 1,\n \"cloned_from\": null,\n \"downvotes_count\": 0,\n \"modified\": \"2020-12-10T00:01:45.464000\",\n \"comment_count\": 0,\n \"indicator_count\": 0,\n \"attack_ids\": [],\n \"in_group\": false,\n \"follower_count\": 0,\n \"votes_count\": 0,\n \"author\": {\n \"username\": \"ZENDataGE\",\n \"is_subscribed\": false,\n \"avatar_url\": \"https://otx.alienvault.com/assets/images/default-avatar.png\",\n \"is_following\": false,\n \"id\": \"94417\"\n },\n \"related_indicator_type\": \"IPv4\",\n \"public\": 1\n },\n {\n \"indicator_type_counts\": {\n \"IPv4\": null\n },\n \"pulse_source\": \"api\",\n \"TLP\": \"white\",\n \"description\": \"Data from https://phishstats.info/phish_score.csv\",\n \"subscriber_count\": 189,\n \"tags\": [],\n \"export_count\": 5,\n \"malware_families\": [],\n \"is_modified\": true,\n \"upvotes_count\": 0,\n \"modified_text\": \"55 days ago \",\n \"is_subscribing\": null,\n \"references\": [],\n \"targeted_countries\": [],\n \"groups\": [],\n \"vote\": 0,\n \"validator_count\": 0,\n \"threat_hunter_scannable\": false,\n \"is_author\": false,\n \"adversary\": \"\",\n \"id\": \"5fc4cb4fcb407ed3265e78c7\",\n \"industries\": [],\n \"locked\": false,\n \"name\": \"phishstats-1-20201130-1136\",\n \"created\": \"2020-11-30T10:37:03.167000\",\n \"related_indicator_is_active\": 0,\n \"threat_hunter_has_agents\": 1,\n \"cloned_from\": null,\n \"downvotes_count\": 0,\n \"modified\": \"2020-12-09T08:08:38.161000\",\n \"comment_count\": 0,\n \"indicator_count\": 0,\n \"attack_ids\": [],\n \"in_group\": false,\n \"follower_count\": 0,\n \"votes_count\": 0,\n \"author\": {\n \"username\": \"ZENDataGE\",\n \"is_subscribed\": false,\n \"avatar_url\": \"https://otx.alienvault.com/assets/images/default-avatar.png\",\n \"is_following\": false,\n \"id\": \"94417\"\n },\n \"related_indicator_type\": \"IPv4\",\n \"public\": 1\n },\n {\n \"indicator_type_counts\": {\n \"IPv4\": null\n },\n \"pulse_source\": \"api\",\n \"TLP\": \"white\",\n \"description\": \"Data from https://phishstats.info/phish_score.csv\",\n \"subscriber_count\": 187,\n \"tags\": [],\n \"export_count\": 2,\n \"malware_families\": [],\n \"is_modified\": true,\n \"upvotes_count\": 0,\n \"modified_text\": \"55 days ago \",\n \"is_subscribing\": null,\n \"references\": [],\n \"targeted_countries\": [],\n \"groups\": [],\n \"vote\": 0,\n \"validator_count\": 0,\n \"threat_hunter_scannable\": false,\n \"is_author\": false,\n \"adversary\": \"\",\n \"id\": \"5fc437554343be79c4bbef82\",\n \"industries\": [],\n \"locked\": false,\n \"name\": \"phishstats-1-20201130-0105\",\n \"created\": \"2020-11-30T00:05:41.941000\",\n \"related_indicator_is_active\": 0,\n \"threat_hunter_has_agents\": 1,\n \"cloned_from\": null,\n \"downvotes_count\": 0,\n \"modified\": \"2020-12-09T08:08:00.959000\",\n \"comment_count\": 0,\n \"indicator_count\": 0,\n \"attack_ids\": [],\n \"in_group\": false,\n \"follower_count\": 0,\n \"votes_count\": 0,\n \"author\": {\n \"username\": \"ZENDataGE\",\n \"is_subscribed\": false,\n \"avatar_url\": \"https://otx.alienvault.com/assets/images/default-avatar.png\",\n \"is_following\": false,\n \"id\": \"94417\"\n },\n \"related_indicator_type\": \"IPv4\",\n \"public\": 1\n },\n {\n \"indicator_type_counts\": {\n \"IPv4\": null\n },\n \"pulse_source\": \"api\",\n \"TLP\": \"white\",\n \"description\": \"Data from https://phishstats.info/phish_score.csv\",\n \"subscriber_count\": 187,\n \"tags\": [],\n \"export_count\": 0,\n \"malware_families\": [],\n \"is_modified\": true,\n \"upvotes_count\": 0,\n \"modified_text\": \"55 days ago \",\n \"is_subscribing\": null,\n \"references\": [],\n \"targeted_countries\": [],\n \"groups\": [],\n \"vote\": 0,\n \"validator_count\": 0,\n \"threat_hunter_scannable\": false,\n \"is_author\": false,\n \"adversary\": \"\",\n \"id\": \"5fc756daa8c407813fe9f211\",\n \"industries\": [],\n \"locked\": false,\n \"name\": \"phishstats-1-20201202-0956\",\n \"created\": \"2020-12-02T08:56:58.529000\",\n \"related_indicator_is_active\": 0,\n \"threat_hunter_has_agents\": 1,\n \"cloned_from\": null,\n \"downvotes_count\": 0,\n \"modified\": \"2020-12-09T00:00:39.159000\",\n \"comment_count\": 0,\n \"indicator_count\": 0,\n \"attack_ids\": [],\n \"in_group\": false,\n \"follower_count\": 0,\n \"votes_count\": 0,\n \"author\": {\n \"username\": \"ZENDataGE\",\n \"is_subscribed\": false,\n \"avatar_url\": \"https://otx.alienvault.com/assets/images/default-avatar.png\",\n \"is_following\": false,\n \"id\": \"94417\"\n },\n \"related_indicator_type\": \"IPv4\",\n \"public\": 1\n },\n {\n \"indicator_type_counts\": {\n \"IPv4\": null\n },\n \"pulse_source\": \"api\",\n \"TLP\": \"white\",\n \"description\": \"Data from https://phishstats.info/phish_score.csv\",\n \"subscriber_count\": 188,\n \"tags\": [],\n \"export_count\": 0,\n \"malware_families\": [],\n \"is_modified\": true,\n \"upvotes_count\": 0,\n \"modified_text\": \"55 days ago \",\n \"is_subscribing\": null,\n \"references\": [],\n \"targeted_countries\": [],\n \"groups\": [],\n \"vote\": 0,\n \"validator_count\": 0,\n \"threat_hunter_scannable\": false,\n \"is_author\": false,\n \"adversary\": \"\",\n \"id\": \"5fc75757f85db10a476e7f58\",\n \"industries\": [],\n \"locked\": false,\n \"name\": \"phishstats-1-20201202-0956\",\n \"created\": \"2020-12-02T08:59:03.963000\",\n \"related_indicator_is_active\": 0,\n \"threat_hunter_has_agents\": 1,\n \"cloned_from\": null,\n \"downvotes_count\": 0,\n \"modified\": \"2020-12-09T00:00:39.159000\",\n \"comment_count\": 0,\n \"indicator_count\": 0,\n \"attack_ids\": [],\n \"in_group\": false,\n \"follower_count\": 0,\n \"votes_count\": 0,\n \"author\": {\n \"username\": \"ZENDataGE\",\n \"is_subscribed\": false,\n \"avatar_url\": \"https://otx.alienvault.com/assets/images/default-avatar.png\",\n \"is_following\": false,\n \"id\": \"94417\"\n },\n \"related_indicator_type\": \"IPv4\",\n \"public\": 1\n },\n {\n \"indicator_type_counts\": {\n \"IPv4\": null\n },\n \"pulse_source\": \"api\",\n \"TLP\": \"white\",\n \"description\": \"Data from https://phishstats.info/phish_score.csv\",\n \"subscriber_count\": 189,\n \"tags\": [],\n \"export_count\": 2,\n \"malware_families\": [],\n \"is_modified\": true,\n \"upvotes_count\": 0,\n \"modified_text\": \"56 days ago \",\n \"is_subscribing\": null,\n \"references\": [],\n \"targeted_countries\": [],\n \"groups\": [],\n \"vote\": 0,\n \"validator_count\": 0,\n \"threat_hunter_scannable\": false,\n \"is_author\": false,\n \"adversary\": \"\",\n \"id\": \"5fc66ead2076a6ed9dfc4767\",\n \"industries\": [],\n \"locked\": false,\n \"name\": \"phishstats-1-20201201-1725\",\n \"created\": \"2020-12-01T16:26:21.693000\",\n \"related_indicator_is_active\": 0,\n \"threat_hunter_has_agents\": 1,\n \"cloned_from\": null,\n \"downvotes_count\": 0,\n \"modified\": \"2020-12-08T00:03:15.043000\",\n \"comment_count\": 0,\n \"indicator_count\": 0,\n \"attack_ids\": [],\n \"in_group\": false,\n \"follower_count\": 0,\n \"votes_count\": 0,\n \"author\": {\n \"username\": \"ZENDataGE\",\n \"is_subscribed\": false,\n \"avatar_url\": \"https://otx.alienvault.com/assets/images/default-avatar.png\",\n \"is_following\": false,\n \"id\": \"94417\"\n },\n \"related_indicator_type\": \"IPv4\",\n \"public\": 1\n }\n ],\n \"historical\": [],\n \"ipv4\": \"199.60.103.254\"\n }\n ]\n },\n \"summarizedFindings\": {\n \"spending\": null,\n \"totalCost\": 445,\n \"certificatesRiskGrade\": 1,\n \"certificatesRiskGradeCompletenessPercentage\": 100,\n \"domainsGlobalTrustScore\": 67,\n \"domainsGlobalTrustScoreCompletenessPercentage\": 100,\n \"ipsGlobalSecurityScore\": 64,\n \"ipsCvesAverageCvssScore\": 5.76,\n \"globalTrustScore\": 65,\n \"globalTrustScoreCompletenessPercentage\": 100,\n \"paymentPropertiesTrustScore\": null,\n \"globalOverlayedTrustScore\": 72,\n \"paymentPropertiesOverlayedTrustScore\": null,\n \"ipsCvesTotalNumber\": 11,\n \"securityHeadersViolations\": 28,\n \"isNonPopularCmsFound\": false,\n \"isPulsesAvailable\": true\n },\n \"reccomendations\": {\n \"paymentDomains\": null,\n \"scoresAndReccomendations\": {\n \"coverage\": {\n \"score\": 1,\n \"key\": \"Attack surface coverage\",\n \"reccomendation\": \"A high coverage score gives an indication that the scoring engine was able to assess all assets that were discovered being part of the attack surface. This gives a high level of confidence in terms of the accuracy of the automated assessment on the discovered properties.\",\n \"pciFail\": false\n },\n \"certificateRiskGrade\": {\n \"score\": 1,\n \"key\": \"Public certificates security\",\n \"reccomendation\": \"The merchant has implemented later versions than TLS 1.1, which is most secure and they should continue in the practice of implementing the latest versions.\",\n \"pciFail\": false\n },\n \"discoveredPortsGrade\": {\n \"score\": 5,\n \"key\": \"Visible services security\",\n \"reccomendation\": \"The scoring engine reveals the presence of ports commonly recognized as insecure and violating the PCI DSS standard. This can result in immediate risks to data confidentiality and it is suggested that the merchants evaluate its public posture with the support of technical security staff.\",\n \"pciFail\": true\n },\n \"gts\": {\n \"score\": 2,\n \"key\": \"ZeroRisk Trust Score\",\n \"reccomendation\": \"The merchant presents a low risk, and the engine derives a level of apparent trust. However, the merchant might require ad-hoc investigation depending on specific criteria and industry expectations. They should continue using the best practices they have demonstrated, but please see Recommendations section for further insights.\",\n \"pciFail\": false\n },\n \"nonPopularCmsFound\": {\n \"score\": 0,\n \"key\": \"CMSs assessment\",\n \"reccomendation\": \"The scoring engine could not determine sufficient information on potentially used CMS systems, score and reccomendations are not available.\",\n \"pciFail\": false\n },\n \"shoppingCartNotFound\": {\n \"score\": 0,\n \"key\": \"Shopping Cart detection\",\n \"reccomendation\": \"The scoring engine could not determine information on potential shopping carts being used, score and reccomendations are not available.\",\n \"pciFail\": false\n },\n \"completeness\": {\n \"score\": 1,\n \"key\": \"Completeness of test cases\",\n \"reccomendation\": \"The high completeness score gives an indication that the scoring engine was able to assess a high percentage of the merchant properties, giving a high level of confidence that most of the merchant surface was analysed.\",\n \"pciFail\": false\n },\n \"containsCategory3HeadersViolations\": {\n \"score\": 5,\n \"key\": \"Web Headers security\",\n \"reccomendation\": \"The engine reveals that severe defficiencies were revealed on security headers, indicating the potential presence of PCI DSS violations and security threats. The merchant must urgently perform a vulnerability assessment on all domains.\",\n \"pciFail\": true\n },\n \"pts\": {\n \"score\": 0,\n \"key\": \"Payment Score\",\n \"reccomendation\": \"The scoring engine could not determine this parameter, score and reccomendations are not available.\",\n \"pciFail\": false\n },\n \"deltagtspts\": {\n \"score\": 0,\n \"key\": \"Trust Score Overlay\",\n \"reccomendation\": \"The scoring engine could not determine this parameter, score and reccomendations are not available.\",\n \"pciFail\": false\n },\n \"isRootDomainExposed\": {\n \"score\": 1,\n \"key\": \"Data leaks and blacklisting\",\n \"reccomendation\": \"The engine shows that a low or minimal number or no email addresses were found leaked on previous data breaches and that the merchant is not publicly reported as balcklisted. We recommend the merchant remains vigilant.\",\n \"pciFail\": false\n },\n \"spending\": {\n \"score\": 0,\n \"key\": \"Monthly spending in IT\",\n \"reccomendation\": \"The scoring engine could not determine information about spending parameters, score and reccomendations are not available.\",\n \"pciFail\": false\n },\n \"onlineSubdomains\": {\n \"score\": 1,\n \"key\": \"Online domains\",\n \"reccomendation\": \"This merchant shows that they have appropriately configured their domains and should continue doing this.\",\n \"pciFail\": false\n },\n \"exclusiveIpsPercentage\": {\n \"score\": 3,\n \"key\": \"Sharing of IP Addresses\",\n \"reccomendation\": \"This merchant has 5 online subdomains, 0 offline subdomains, and only 3 IPs. This higher than the recommended average for this type of merchant. Sharing IPs across domains is not recommended practice and the merchant is advised to make sure that domains do not share IPs, starting with the domain(s) exhibiting payment properties.\",\n \"pciFail\": false\n },\n \"discoveredHostingProvidersGrade\": {\n \"score\": 0,\n \"key\": \"Hosting providers\",\n \"reccomendation\": \"The scoring engine could not determine sufficient information on used hosting providers, score and reccomendations are not available.\",\n \"pciFail\": false\n },\n \"isMxWeak\": {\n \"score\": 5,\n \"key\": \"MX record security\",\n \"reccomendation\": \"Whilst this is not strictly speaking a \\\"payment security\\\" indicator, it is important to look at, especially if the domain has leaked email addresses on previous data breaches. In this instance, either we couldn't find an email record confidured (mxrecord) or the merchant might be using a free email address or their email is spoofable. The merchant must urgemtly review their email configuration. We also recommend that the merchant reviews their SPF, DKIM and DMARC setup to avoid phishing attacks.\",\n \"pciFail\": false\n },\n \"containsPulses\": {\n \"score\": 5,\n \"key\": \"Threat Intelligence\",\n \"reccomendation\": \"The engine revels the presence of mentions within the Threat Intelligence records, it is strongly suggested to access the in-depth reporting section to visualize details and act accordingly by engaging with the merchant for a thorough security investigation.\",\n \"pciFail\": true\n }\n }\n },\n \"plugins\": {\n \"magento\": {\n \"isScuccessfullyExecuted\": false,\n \"isMagentoVersion1\": false,\n \"isPotentialMagecart\": false,\n \"domain\": null\n },\n \"wooDiscountPrices\": {\n \"domain\": null,\n \"isScuccessfullyExecuted\": false,\n \"isWooDiscountPricesVulnerable\": false,\n \"isWooCommerce\": false,\n \"isWooDiscountPrices\": false\n },\n \"riskyTechnologies\": {\n \"isScuccessfullyExecuted\": false,\n \"riskyTechnologies\": []\n },\n \"tlsPortsWithoutCertificate\": {\n \"isScuccessfullyExecuted\": true,\n \"missingCertificates\": []\n },\n \"ecommerceWithoutCommonCart\": {\n \"isScuccessfullyExecuted\": true,\n \"isECommerceWithoutCommonCart\": false,\n \"isECommerceWithoutPaymentProperties\": true\n },\n \"ecommerceWithoutProperSaq\": {\n \"isScuccessfullyExecuted\": true,\n \"isCommonCartDiscovered\": false,\n \"saqs\": [\n \"SAQ_A\"\n ],\n \"channels\": [\n \"E_COMMERCE\"\n ],\n \"isWrongSaq\": false\n }\n }\n },\n \"created\": \"2020-09-09T08:58:30.426+00:00\",\n \"updated\": \"2021-02-05T13:19:20.748+00:00\"\n}"},{"id":"6f2afc1a-121d-4b88-bd43-e7e65658fa74","name":"assessment","originalRequest":{"method":"POST","header":[{"key":"Content-Type","value":"application/json"},{"key":"X-Consumer-Id","value":"{{X-Consumer-Id}}","type":"text"},{"key":"X-Consumer-Key","value":"{{X-Consumer-Key}}","type":"text"}],"body":{"mode":"raw","raw":"{\r\n \"externalId\" : null,\r\n \"domain\" : \"wrong.advantio.com\",\r\n \"host\" : null,\r\n \"domainsAsBatch\": [],\r\n \"clientEndpoints\": null,\r\n \"type\": \"FULL\",\r\n \"frequency\": \"RECURRING\",\r\n \"targetType\" : \"URL\",\r\n \"forceReAssessment\": true,\r\n \"plugins\": [\"MAGENTO\",\r\n \"WOO_DISCOUNT_PRICES\",\r\n \"ECOMMERCE_WITHOUT_COMMON_CART\",\r\n \"ECOMMERCE_WITHOUT_PROPER_SAQ\",\r\n \"RISKY_TECHNOLOGIES\",\r\n \"TLSPORTS_WITHOUT_CERTIFICATE\"],\r\n \"saqs\": null,\r\n \"channels\": [\"E_COMMERCE\"],\r\n \"level\": null\r\n}"},"url":"{{url}}/private/assessment/"},"status":"Bad Request","code":400,"_postman_previewlanguage":"json","header":[{"key":"Content-Type","value":"application/json"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Date","value":"Fri, 05 Feb 2021 13:19:57 GMT"},{"key":"Connection","value":"close"}],"cookie":[],"responseTime":null,"body":"{\n \"status\": \"BAD_REQUEST\",\n \"timestamp\": \"05-02-2021 01:19:57\",\n \"message\": \"Domain url is not valid: wrong.advantio.com\",\n \"debugMessage\": null,\n \"subErrors\": null\n}"}],"_postman_id":"1318ca3b-eb2e-4e81-8ae0-dd37371f2ab3"}],"id":"f895c719-83a7-4050-9b1a-cd4ec11b4e9c","_postman_id":"f895c719-83a7-4050-9b1a-cd4ec11b4e9c","description":""},{"name":"cves","item":[{"name":"Top 20 CVEs","id":"ec048750-78da-4b76-82a3-13cf1b4f8a7a","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[{"key":"Content-Type","value":"application/json"},{"key":"X-Consumer-Id","value":"{{X-Consumer-Id}}"},{"key":"X-Consumer-Key","value":"{{X-Consumer-Key}}","type":"text"}],"url":"{{url}}/private/cves","description":"This method returns the list of the most recent 20 CVEs as added to the public NIST database.
\n","urlObject":{"path":["private","cves"],"host":["{{url}}"],"query":[],"variable":[]}},"response":[{"id":"03f9b593-4e00-4c70-96ea-8e64a6c10154","name":"Top 20 CVEs","originalRequest":{"method":"GET","header":[{"key":"Content-Type","value":"application/json"},{"key":"X-Consumer-Id","value":"{{X-Consumer-Id}}"},{"key":"X-Consumer-Key","value":"{{X-Consumer-Key}}","type":"text"}],"url":"{{url}}/private/cves"},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"Content-Type","value":"application/json"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Connection","value":"keep-alive"},{"key":"Date","value":"Wed, 28 Sep 2022 08:01:19 GMT"},{"key":"X-Cache","value":"Miss from cloudfront"},{"key":"Via","value":"1.1 fbbaf051f1b6e237fbee09c998e075cc.cloudfront.net (CloudFront)"},{"key":"X-Amz-Cf-Pop","value":"MXP64-P1"},{"key":"Alt-Svc","value":"h3=\":443\"; ma=86400"},{"key":"X-Amz-Cf-Id","value":"GaIp2Ieo27X9kFw6W6KIE8uJ2Hnf4AH3Ug24WcJopQXs5MZe0RZjWQ=="}],"cookie":[],"responseTime":null,"body":"[\n {\n \"id\": \"CVE-2022-39835\",\n \"cveItem\": {\n \"cve\": {\n \"data_type\": \"CVE\",\n \"data_format\": \"MITRE\",\n \"data_version\": \"4.0\",\n \"CVE_data_meta\": {\n \"ID\": \"CVE-2022-39835\",\n \"ASSIGNER\": \"cve@mitre.org\"\n },\n \"problemtype\": {\n \"problemtype_data\": [\n {\n \"description\": []\n }\n ]\n },\n \"references\": {\n \"reference_data\": [\n {\n \"url\": \"https://dev.gajim.org/gajim/gajim/-/tags\",\n \"name\": \"https://dev.gajim.org/gajim/gajim/-/tags\",\n \"refsource\": \"MISC\",\n \"tags\": []\n },\n {\n \"url\": \"https://dev.gajim.org/gajim/gajim/-/blob/master/ChangeLog\",\n \"name\": \"https://dev.gajim.org/gajim/gajim/-/blob/master/ChangeLog\",\n \"refsource\": \"MISC\",\n \"tags\": []\n }\n ]\n },\n \"description\": {\n \"description_data\": [\n {\n \"lang\": \"en\",\n \"value\": \"An issue was discovered in Gajim through 1.4.7. The vulnerability allows attackers, via crafted XML stanzas, to correct messages that were not sent by them. The attacker needs to be part of the group chat or single chat. The fixed version is 1.5.0.\"\n }\n ]\n }\n },\n \"configurations\": {\n \"CVE_data_version\": \"4.0\",\n \"nodes\": []\n },\n \"impact\": {\n \"baseMetricV3\": null,\n \"baseMetricV2\": null\n },\n \"publishedDate\": \"2022-09-27T23:15:00.000+00:00\",\n \"lastModifiedDate\": \"2022-09-28T06:15:00.000+00:00\"\n }\n },\n {\n \"id\": \"CVE-2022-3332\",\n \"cveItem\": {\n \"cve\": {\n \"data_type\": \"CVE\",\n \"data_format\": \"MITRE\",\n \"data_version\": \"4.0\",\n \"CVE_data_meta\": {\n \"ID\": \"CVE-2022-3332\",\n \"ASSIGNER\": \"cna@vuldb.com\"\n },\n \"problemtype\": {\n \"problemtype_data\": [\n {\n \"description\": [\n {\n \"lang\": \"en\",\n \"value\": \"CWE-89\"\n },\n {\n \"lang\": \"en\",\n \"value\": \"CWE-74\"\n },\n {\n \"lang\": \"en\",\n \"value\": \"CWE-707\"\n }\n ]\n }\n ]\n },\n \"references\": {\n \"reference_data\": [\n {\n \"url\": \"https://github.com/vuls/vuls/blob/main/Food%20Ordering%20Management%20System%20router.php%20SQL%20Injection.pdf\",\n \"name\": \"https://github.com/vuls/vuls/blob/main/Food%20Ordering%20Management%20System%20router.php%20SQL%20Injection.pdf\",\n \"refsource\": \"MISC\",\n \"tags\": []\n },\n {\n \"url\": \"https://vuldb.com/?id.209583\",\n \"name\": \"https://vuldb.com/?id.209583\",\n \"refsource\": \"MISC\",\n \"tags\": []\n }\n ]\n },\n \"description\": {\n \"description_data\": [\n {\n \"lang\": \"en\",\n \"value\": \"A vulnerability classified as critical has been found in SourceCodester Food Ordering Management System. This affects an unknown part of the file router.php of the component POST Parameter Handler. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-209583.\"\n }\n ]\n }\n },\n \"configurations\": {\n \"CVE_data_version\": \"4.0\",\n \"nodes\": []\n },\n \"impact\": {\n \"baseMetricV3\": null,\n \"baseMetricV2\": null\n },\n \"publishedDate\": \"2022-09-28T05:15:00.000+00:00\",\n \"lastModifiedDate\": \"2022-09-28T05:15:00.000+00:00\"\n }\n },\n {\n \"id\": \"CVE-2022-3333\",\n \"cveItem\": {\n \"cve\": {\n \"data_type\": \"CVE\",\n \"data_format\": \"MITRE\",\n \"data_version\": \"4.0\",\n \"CVE_data_meta\": {\n \"ID\": \"CVE-2022-3333\",\n \"ASSIGNER\": \"cna@vuldb.com\"\n },\n \"problemtype\": {\n \"problemtype_data\": [\n {\n \"description\": [\n {\n \"lang\": \"en\",\n \"value\": \"CWE-79\"\n },\n {\n \"lang\": \"en\",\n \"value\": \"CWE-74\"\n },\n {\n \"lang\": \"en\",\n \"value\": \"CWE-707\"\n }\n ]\n }\n ]\n },\n \"references\": {\n \"reference_data\": [\n {\n \"url\": \"https://vuldb.com/?id.209370\",\n \"name\": \"https://vuldb.com/?id.209370\",\n \"refsource\": \"MISC\",\n \"tags\": []\n },\n {\n \"url\": \"https://wpscan.com/vulnerability/bfd8a7aa-5977-4fe5-b2fc-12bf93caf3ed\",\n \"name\": \"https://wpscan.com/vulnerability/bfd8a7aa-5977-4fe5-b2fc-12bf93caf3ed\",\n \"refsource\": \"MISC\",\n \"tags\": []\n }\n ]\n },\n \"description\": {\n \"description_data\": [\n {\n \"lang\": \"en\",\n \"value\": \"A vulnerability, which was classified as problematic, was found in Zephyr Project Manager up to 3.2.4. Affected is an unknown function of the file /v1/tasks/create/ of the component REST Call Handler. The manipulation of the argument onanimationstart leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 3.2.5 is able to address this issue. It is recommended to upgrade the affected component. VDB-209370 is the identifier assigned to this vulnerability.\"\n }\n ]\n }\n },\n \"configurations\": {\n \"CVE_data_version\": \"4.0\",\n \"nodes\": []\n },\n \"impact\": {\n \"baseMetricV3\": null,\n \"baseMetricV2\": null\n },\n \"publishedDate\": \"2022-09-28T05:15:00.000+00:00\",\n \"lastModifiedDate\": \"2022-09-28T05:15:00.000+00:00\"\n }\n },\n {\n \"id\": \"CVE-2022-38699\",\n \"cveItem\": {\n \"cve\": {\n \"data_type\": \"CVE\",\n \"data_format\": \"MITRE\",\n \"data_version\": \"4.0\",\n \"CVE_data_meta\": {\n \"ID\": \"CVE-2022-38699\",\n \"ASSIGNER\": \"cve@cert.org.tw\"\n },\n \"problemtype\": {\n \"problemtype_data\": [\n {\n \"description\": []\n }\n ]\n },\n \"references\": {\n \"reference_data\": [\n {\n \"url\": \"https://www.twcert.org.tw/tw/cp-132-6522-4eacb-1.html\",\n \"name\": \"https://www.twcert.org.tw/tw/cp-132-6522-4eacb-1.html\",\n \"refsource\": \"MISC\",\n \"tags\": []\n }\n ]\n },\n \"description\": {\n \"description_data\": [\n {\n \"lang\": \"en\",\n \"value\": \"Armoury Crate Service’s logging function has insufficient validation to check if the log file is a symbolic link. A physical attacker with general user privilege can modify the log file property to a symbolic link that points to arbitrary system file, causing the logging function to overwrite the system file and disrupt the system.\"\n }\n ]\n }\n },\n \"configurations\": {\n \"CVE_data_version\": \"4.0\",\n \"nodes\": []\n },\n \"impact\": {\n \"baseMetricV3\": {\n \"cvssV3\": {\n \"version\": \"3.1\",\n \"vectorString\": \"CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H\",\n \"attackVector\": \"PHYSICAL\",\n \"attackComplexity\": \"LOW\",\n \"privilegesRequired\": \"LOW\",\n \"userInteraction\": \"NONE\",\n \"scope\": \"UNCHANGED\",\n \"confidentialityImpact\": \"NONE\",\n \"integrityImpact\": \"HIGH\",\n \"availabilityImpact\": \"HIGH\",\n \"baseScore\": 5.9,\n \"baseSeverity\": \"MEDIUM\"\n },\n \"exploitabilityScore\": 0.7,\n \"impactScore\": 5.2\n },\n \"baseMetricV2\": null\n },\n \"publishedDate\": \"2022-09-28T04:15:00.000+00:00\",\n \"lastModifiedDate\": \"2022-09-28T04:15:00.000+00:00\"\n }\n },\n {\n \"id\": \"CVE-2022-39030\",\n \"cveItem\": {\n \"cve\": {\n \"data_type\": \"CVE\",\n \"data_format\": \"MITRE\",\n \"data_version\": \"4.0\",\n \"CVE_data_meta\": {\n \"ID\": \"CVE-2022-39030\",\n \"ASSIGNER\": \"cve@cert.org.tw\"\n },\n \"problemtype\": {\n \"problemtype_data\": [\n {\n \"description\": []\n }\n ]\n },\n \"references\": {\n \"reference_data\": [\n {\n \"url\": \"https://www.twcert.org.tw/tw/cp-132-6567-01fa3-1.html\",\n \"name\": \"https://www.twcert.org.tw/tw/cp-132-6567-01fa3-1.html\",\n \"refsource\": \"MISC\",\n \"tags\": []\n }\n ]\n },\n \"description\": {\n \"description_data\": [\n {\n \"lang\": \"en\",\n \"value\": \"smart eVision has inadequate authorization for system information query function. An unauthenticated remote attacker, who is not explicitly authorized to access the information, can access sensitive information.\"\n }\n ]\n }\n },\n \"configurations\": {\n \"CVE_data_version\": \"4.0\",\n \"nodes\": []\n },\n \"impact\": {\n \"baseMetricV3\": {\n \"cvssV3\": {\n \"version\": \"3.1\",\n \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\n \"attackVector\": \"NETWORK\",\n \"attackComplexity\": \"LOW\",\n \"privilegesRequired\": \"NONE\",\n \"userInteraction\": \"NONE\",\n \"scope\": \"UNCHANGED\",\n \"confidentialityImpact\": \"HIGH\",\n \"integrityImpact\": \"NONE\",\n \"availabilityImpact\": \"NONE\",\n \"baseScore\": 7.5,\n \"baseSeverity\": \"HIGH\"\n },\n \"exploitabilityScore\": 3.9,\n \"impactScore\": 3.6\n },\n \"baseMetricV2\": null\n },\n \"publishedDate\": \"2022-09-28T04:15:00.000+00:00\",\n \"lastModifiedDate\": \"2022-09-28T04:15:00.000+00:00\"\n }\n },\n {\n \"id\": \"CVE-2022-39053\",\n \"cveItem\": {\n \"cve\": {\n \"data_type\": \"CVE\",\n \"data_format\": \"MITRE\",\n \"data_version\": \"4.0\",\n \"CVE_data_meta\": {\n \"ID\": \"CVE-2022-39053\",\n \"ASSIGNER\": \"cve@cert.org.tw\"\n },\n \"problemtype\": {\n \"problemtype_data\": [\n {\n \"description\": []\n }\n ]\n },\n \"references\": {\n \"reference_data\": [\n {\n \"url\": \"https://www.twcert.org.tw/tw/cp-132-6523-d4c60-1.html\",\n \"name\": \"https://www.twcert.org.tw/tw/cp-132-6523-d4c60-1.html\",\n \"refsource\": \"MISC\",\n \"tags\": []\n }\n ]\n },\n \"description\": {\n \"description_data\": [\n {\n \"lang\": \"en\",\n \"value\": \"Heimavista Rpage has insufficient filtering for platform web URL. An unauthenticated remote attacker can inject JavaScript and perform XSS (Reflected Cross-Site Scripting) attack.\"\n }\n ]\n }\n },\n \"configurations\": {\n \"CVE_data_version\": \"4.0\",\n \"nodes\": []\n },\n \"impact\": {\n \"baseMetricV3\": null,\n \"baseMetricV2\": null\n },\n \"publishedDate\": \"2022-09-28T04:15:00.000+00:00\",\n \"lastModifiedDate\": \"2022-09-28T04:15:00.000+00:00\"\n }\n },\n {\n \"id\": \"CVE-2022-39034\",\n \"cveItem\": {\n \"cve\": {\n \"data_type\": \"CVE\",\n \"data_format\": \"MITRE\",\n \"data_version\": \"4.0\",\n \"CVE_data_meta\": {\n \"ID\": \"CVE-2022-39034\",\n \"ASSIGNER\": \"cve@cert.org.tw\"\n },\n \"problemtype\": {\n \"problemtype_data\": [\n {\n \"description\": []\n }\n ]\n },\n \"references\": {\n \"reference_data\": [\n {\n \"url\": \"https://www.twcert.org.tw/tw/cp-132-6571-fc930-1.html\",\n \"name\": \"https://www.twcert.org.tw/tw/cp-132-6571-fc930-1.html\",\n \"refsource\": \"MISC\",\n \"tags\": []\n }\n ]\n },\n \"description\": {\n \"description_data\": [\n {\n \"lang\": \"en\",\n \"value\": \"Smart eVision has a path traversal vulnerability in the Report API function due to insufficient filtering for special characters in URLs. A remote attacker with general user privilege can exploit this vulnerability to bypass authentication, access restricted paths and download system files.\"\n }\n ]\n }\n },\n \"configurations\": {\n \"CVE_data_version\": \"4.0\",\n \"nodes\": []\n },\n \"impact\": {\n \"baseMetricV3\": {\n \"cvssV3\": {\n \"version\": \"3.1\",\n \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\n \"attackVector\": \"NETWORK\",\n \"attackComplexity\": \"LOW\",\n \"privilegesRequired\": \"LOW\",\n \"userInteraction\": \"NONE\",\n \"scope\": \"UNCHANGED\",\n \"confidentialityImpact\": \"HIGH\",\n \"integrityImpact\": \"NONE\",\n \"availabilityImpact\": \"NONE\",\n \"baseScore\": 6.5,\n \"baseSeverity\": \"MEDIUM\"\n },\n \"exploitabilityScore\": 2.8,\n \"impactScore\": 3.6\n },\n \"baseMetricV2\": null\n },\n \"publishedDate\": \"2022-09-28T04:15:00.000+00:00\",\n \"lastModifiedDate\": \"2022-09-28T04:15:00.000+00:00\"\n }\n },\n {\n \"id\": \"CVE-2022-39033\",\n \"cveItem\": {\n \"cve\": {\n \"data_type\": \"CVE\",\n \"data_format\": \"MITRE\",\n \"data_version\": \"4.0\",\n \"CVE_data_meta\": {\n \"ID\": \"CVE-2022-39033\",\n \"ASSIGNER\": \"cve@cert.org.tw\"\n },\n \"problemtype\": {\n \"problemtype_data\": [\n {\n \"description\": []\n }\n ]\n },\n \"references\": {\n \"reference_data\": [\n {\n \"url\": \"https://www.twcert.org.tw/tw/cp-132-6570-9c632-1.html\",\n \"name\": \"https://www.twcert.org.tw/tw/cp-132-6570-9c632-1.html\",\n \"refsource\": \"MISC\",\n \"tags\": []\n }\n ]\n },\n \"description\": {\n \"description_data\": [\n {\n \"lang\": \"en\",\n \"value\": \"Smart eVision’s file acquisition function has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication, access restricted paths to download and delete arbitrary system files to disrupt service.\"\n }\n ]\n }\n },\n \"configurations\": {\n \"CVE_data_version\": \"4.0\",\n \"nodes\": []\n },\n \"impact\": {\n \"baseMetricV3\": {\n \"cvssV3\": {\n \"version\": \"3.1\",\n \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\n \"attackVector\": \"NETWORK\",\n \"attackComplexity\": \"LOW\",\n \"privilegesRequired\": \"NONE\",\n \"userInteraction\": \"NONE\",\n \"scope\": \"UNCHANGED\",\n \"confidentialityImpact\": \"HIGH\",\n \"integrityImpact\": \"HIGH\",\n \"availabilityImpact\": \"HIGH\",\n \"baseScore\": 9.8,\n \"baseSeverity\": \"CRITICAL\"\n },\n \"exploitabilityScore\": 3.9,\n \"impactScore\": 5.9\n },\n \"baseMetricV2\": null\n },\n \"publishedDate\": \"2022-09-28T04:15:00.000+00:00\",\n \"lastModifiedDate\": \"2022-09-28T04:15:00.000+00:00\"\n }\n },\n {\n \"id\": \"CVE-2022-39032\",\n \"cveItem\": {\n \"cve\": {\n \"data_type\": \"CVE\",\n \"data_format\": \"MITRE\",\n \"data_version\": \"4.0\",\n \"CVE_data_meta\": {\n \"ID\": \"CVE-2022-39032\",\n \"ASSIGNER\": \"cve@cert.org.tw\"\n },\n \"problemtype\": {\n \"problemtype_data\": [\n {\n \"description\": []\n }\n ]\n },\n \"references\": {\n \"reference_data\": [\n {\n \"url\": \"https://www.twcert.org.tw/tw/cp-132-6569-9fcf4-1.html\",\n \"name\": \"https://www.twcert.org.tw/tw/cp-132-6569-9fcf4-1.html\",\n \"refsource\": \"MISC\",\n \"tags\": []\n }\n ]\n },\n \"description\": {\n \"description_data\": [\n {\n \"lang\": \"en\",\n \"value\": \"Smart eVision has an improper privilege management vulnerability. A remote attacker with general user privilege can exploit this vulnerability to escalate to administrator privilege, and then perform arbitrary system command or disrupt service.\"\n }\n ]\n }\n },\n \"configurations\": {\n \"CVE_data_version\": \"4.0\",\n \"nodes\": []\n },\n \"impact\": {\n \"baseMetricV3\": {\n \"cvssV3\": {\n \"version\": \"3.1\",\n \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\n \"attackVector\": \"NETWORK\",\n \"attackComplexity\": \"LOW\",\n \"privilegesRequired\": \"LOW\",\n \"userInteraction\": \"NONE\",\n \"scope\": \"UNCHANGED\",\n \"confidentialityImpact\": \"HIGH\",\n \"integrityImpact\": \"HIGH\",\n \"availabilityImpact\": \"HIGH\",\n \"baseScore\": 8.8,\n \"baseSeverity\": \"HIGH\"\n },\n \"exploitabilityScore\": 2.8,\n \"impactScore\": 5.9\n },\n \"baseMetricV2\": null\n },\n \"publishedDate\": \"2022-09-28T04:15:00.000+00:00\",\n \"lastModifiedDate\": \"2022-09-28T04:15:00.000+00:00\"\n }\n },\n {\n \"id\": \"CVE-2022-39031\",\n \"cveItem\": {\n \"cve\": {\n \"data_type\": \"CVE\",\n \"data_format\": \"MITRE\",\n \"data_version\": \"4.0\",\n \"CVE_data_meta\": {\n \"ID\": \"CVE-2022-39031\",\n \"ASSIGNER\": \"cve@cert.org.tw\"\n },\n \"problemtype\": {\n \"problemtype_data\": [\n {\n \"description\": []\n }\n ]\n },\n \"references\": {\n \"reference_data\": [\n {\n \"url\": \"https://www.twcert.org.tw/tw/cp-132-6568-331c1-1.html\",\n \"name\": \"https://www.twcert.org.tw/tw/cp-132-6568-331c1-1.html\",\n \"refsource\": \"MISC\",\n \"tags\": []\n }\n ]\n },\n \"description\": {\n \"description_data\": [\n {\n \"lang\": \"en\",\n \"value\": \"Smart eVision has insufficient authorization for task acquisition function. An unauthorized remote attacker can exploit this vulnerability to acquire the Session IDs of other general users only.\"\n }\n ]\n }\n },\n \"configurations\": {\n \"CVE_data_version\": \"4.0\",\n \"nodes\": []\n },\n \"impact\": {\n \"baseMetricV3\": {\n \"cvssV3\": {\n \"version\": \"3.1\",\n \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\n \"attackVector\": \"NETWORK\",\n \"attackComplexity\": \"LOW\",\n \"privilegesRequired\": \"NONE\",\n \"userInteraction\": \"NONE\",\n \"scope\": \"UNCHANGED\",\n \"confidentialityImpact\": \"LOW\",\n \"integrityImpact\": \"NONE\",\n \"availabilityImpact\": \"NONE\",\n \"baseScore\": 5.3,\n \"baseSeverity\": \"MEDIUM\"\n },\n \"exploitabilityScore\": 3.9,\n \"impactScore\": 1.4\n },\n \"baseMetricV2\": null\n },\n \"publishedDate\": \"2022-09-28T04:15:00.000+00:00\",\n \"lastModifiedDate\": \"2022-09-28T04:15:00.000+00:00\"\n }\n },\n {\n \"id\": \"CVE-2022-39029\",\n \"cveItem\": {\n \"cve\": {\n \"data_type\": \"CVE\",\n \"data_format\": \"MITRE\",\n \"data_version\": \"4.0\",\n \"CVE_data_meta\": {\n \"ID\": \"CVE-2022-39029\",\n \"ASSIGNER\": \"cve@cert.org.tw\"\n },\n \"problemtype\": {\n \"problemtype_data\": [\n {\n \"description\": []\n }\n ]\n },\n \"references\": {\n \"reference_data\": [\n {\n \"url\": \"https://www.twcert.org.tw/tw/cp-132-6566-3805b-1.html\",\n \"name\": \"https://www.twcert.org.tw/tw/cp-132-6566-3805b-1.html\",\n \"refsource\": \"MISC\",\n \"tags\": []\n }\n ]\n },\n \"description\": {\n \"description_data\": [\n {\n \"lang\": \"en\",\n \"value\": \"Smart eVision has inadequate authorization for the database query function. A remote attacker with general user privilege, who is not explicitly authorized to access the information, can access sensitive information.\"\n }\n ]\n }\n },\n \"configurations\": {\n \"CVE_data_version\": \"4.0\",\n \"nodes\": []\n },\n \"impact\": {\n \"baseMetricV3\": {\n \"cvssV3\": {\n \"version\": \"3.1\",\n \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\n \"attackVector\": \"NETWORK\",\n \"attackComplexity\": \"LOW\",\n \"privilegesRequired\": \"LOW\",\n \"userInteraction\": \"NONE\",\n \"scope\": \"UNCHANGED\",\n \"confidentialityImpact\": \"HIGH\",\n \"integrityImpact\": \"NONE\",\n \"availabilityImpact\": \"NONE\",\n \"baseScore\": 6.5,\n \"baseSeverity\": \"MEDIUM\"\n },\n \"exploitabilityScore\": 2.8,\n \"impactScore\": 3.6\n },\n \"baseMetricV2\": null\n },\n \"publishedDate\": \"2022-09-28T04:15:00.000+00:00\",\n \"lastModifiedDate\": \"2022-09-28T04:15:00.000+00:00\"\n }\n },\n {\n \"id\": \"CVE-2022-39054\",\n \"cveItem\": {\n \"cve\": {\n \"data_type\": \"CVE\",\n \"data_format\": \"MITRE\",\n \"data_version\": \"4.0\",\n \"CVE_data_meta\": {\n \"ID\": \"CVE-2022-39054\",\n \"ASSIGNER\": \"cve@cert.org.tw\"\n },\n \"problemtype\": {\n \"problemtype_data\": [\n {\n \"description\": []\n }\n ]\n },\n \"references\": {\n \"reference_data\": [\n {\n \"url\": \"https://www.twcert.org.tw/tw/cp-132-6524-74530-1.html\",\n \"name\": \"https://www.twcert.org.tw/tw/cp-132-6524-74530-1.html\",\n \"refsource\": \"MISC\",\n \"tags\": []\n }\n ]\n },\n \"description\": {\n \"description_data\": [\n {\n \"lang\": \"en\",\n \"value\": \"Cowell enterprise travel management system has insufficient filtering for special characters within web URL. An unauthenticated remote attacker can inject JavaScript and perform XSS (Reflected Cross-Site Scripting) attack.\"\n }\n ]\n }\n },\n \"configurations\": {\n \"CVE_data_version\": \"4.0\",\n \"nodes\": []\n },\n \"impact\": {\n \"baseMetricV3\": {\n \"cvssV3\": {\n \"version\": \"3.1\",\n \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\n \"attackVector\": \"NETWORK\",\n \"attackComplexity\": \"LOW\",\n \"privilegesRequired\": \"NONE\",\n \"userInteraction\": \"REQUIRED\",\n \"scope\": \"CHANGED\",\n \"confidentialityImpact\": \"LOW\",\n \"integrityImpact\": \"LOW\",\n \"availabilityImpact\": \"NONE\",\n \"baseScore\": 6.1,\n \"baseSeverity\": \"MEDIUM\"\n },\n \"exploitabilityScore\": 2.8,\n \"impactScore\": 2.7\n },\n \"baseMetricV2\": null\n },\n \"publishedDate\": \"2022-09-28T04:15:00.000+00:00\",\n \"lastModifiedDate\": \"2022-09-28T04:15:00.000+00:00\"\n }\n },\n {\n \"id\": \"CVE-2021-45943\",\n \"cveItem\": {\n \"cve\": {\n \"data_type\": \"CVE\",\n \"data_format\": \"MITRE\",\n \"data_version\": \"4.0\",\n \"CVE_data_meta\": {\n \"ID\": \"CVE-2021-45943\",\n \"ASSIGNER\": \"cve@mitre.org\"\n },\n \"problemtype\": {\n \"problemtype_data\": [\n {\n \"description\": [\n {\n \"lang\": \"en\",\n \"value\": \"CWE-787\"\n }\n ]\n }\n ]\n },\n \"references\": {\n \"reference_data\": [\n {\n \"url\": \"https://github.com/OSGeo/gdal/pull/4944\",\n \"name\": \"https://github.com/OSGeo/gdal/pull/4944\",\n \"refsource\": \"MISC\",\n \"tags\": [\n \"Exploit\",\n \"Patch\",\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/gdal/OSV-2021-1651.yaml\",\n \"name\": \"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/gdal/OSV-2021-1651.yaml\",\n \"refsource\": \"MISC\",\n \"tags\": [\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41993\",\n \"name\": \"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41993\",\n \"refsource\": \"MISC\",\n \"tags\": [\n \"Exploit\",\n \"Issue Tracking\",\n \"Mailing List\",\n \"Patch\",\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"https://github.com/OSGeo/gdal/commit/1ca6a3e5168c200763fa46d8aa7e698d0b757e7e\",\n \"name\": \"https://github.com/OSGeo/gdal/commit/1ca6a3e5168c200763fa46d8aa7e698d0b757e7e\",\n \"refsource\": \"MISC\",\n \"tags\": [\n \"Patch\",\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"https://lists.debian.org/debian-lts-announce/2022/01/msg00004.html\",\n \"name\": \"[debian-lts-announce] 20220112 [SECURITY] [DLA 2877-1] gdal security update\",\n \"refsource\": \"MLIST\",\n \"tags\": [\n \"Mailing List\",\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBPJGXY7IYY65NVJBLP3RONXE7ZBVCNU/\",\n \"name\": \"FEDORA-2022-e85e37206b\",\n \"refsource\": \"FEDORA\",\n \"tags\": [\n \"Mailing List\",\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P23E4DEHY5FJCR5VJ46I6TO32DT7Y3T4/\",\n \"name\": \"FEDORA-2022-cffca5dbf4\",\n \"refsource\": \"FEDORA\",\n \"tags\": [\n \"Mailing List\",\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"https://www.oracle.com/security-alerts/cpujul2022.html\",\n \"name\": \"N/A\",\n \"refsource\": \"N/A\",\n \"tags\": []\n },\n {\n \"url\": \"https://www.debian.org/security/2022/dsa-5239\",\n \"name\": \"DSA-5239\",\n \"refsource\": \"DEBIAN\",\n \"tags\": []\n }\n ]\n },\n \"description\": {\n \"description_data\": [\n {\n \"lang\": \"en\",\n \"value\": \"GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCIDSK::CPCIDSKFile::ReadFromFile (called from PCIDSK::CPCIDSKSegment::ReadFromFile and PCIDSK::CPCIDSKBinarySegment::CPCIDSKBinarySegment).\"\n }\n ]\n }\n },\n \"configurations\": {\n \"CVE_data_version\": \"4.0\",\n \"nodes\": [\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:osgeo:gdal:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": \"3.3.0\",\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": \"3.4.0\"\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n }\n ]\n },\n \"impact\": {\n \"baseMetricV3\": {\n \"cvssV3\": {\n \"version\": \"3.1\",\n \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\",\n \"attackVector\": \"LOCAL\",\n \"attackComplexity\": \"LOW\",\n \"privilegesRequired\": \"NONE\",\n \"userInteraction\": \"REQUIRED\",\n \"scope\": \"UNCHANGED\",\n \"confidentialityImpact\": \"NONE\",\n \"integrityImpact\": \"NONE\",\n \"availabilityImpact\": \"HIGH\",\n \"baseScore\": 5.5,\n \"baseSeverity\": \"MEDIUM\"\n },\n \"exploitabilityScore\": 1.8,\n \"impactScore\": 3.6\n },\n \"baseMetricV2\": {\n \"cvssV2\": {\n \"version\": \"2.0\",\n \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:N/A:P\",\n \"accessVector\": \"NETWORK\",\n \"accessComplexity\": \"MEDIUM\",\n \"authentication\": \"NONE\",\n \"confidentialityImpact\": \"NONE\",\n \"integrityImpact\": \"NONE\",\n \"availabilityImpact\": \"PARTIAL\",\n \"baseScore\": 4.3\n },\n \"severity\": \"MEDIUM\",\n \"exploitabilityScore\": 8,\n \"impactScore\": 2.9,\n \"acInsufInfo\": false,\n \"obtainAllPrivilege\": false,\n \"obtainUserPrivilege\": false,\n \"obtainOtherPrivilege\": false,\n \"userInteractionRequired\": true\n }\n },\n \"publishedDate\": \"2022-01-01T01:15:00.000+00:00\",\n \"lastModifiedDate\": \"2022-09-28T04:15:00.000+00:00\"\n }\n },\n {\n \"id\": \"CVE-2022-39035\",\n \"cveItem\": {\n \"cve\": {\n \"data_type\": \"CVE\",\n \"data_format\": \"MITRE\",\n \"data_version\": \"4.0\",\n \"CVE_data_meta\": {\n \"ID\": \"CVE-2022-39035\",\n \"ASSIGNER\": \"cve@cert.org.tw\"\n },\n \"problemtype\": {\n \"problemtype_data\": [\n {\n \"description\": []\n }\n ]\n },\n \"references\": {\n \"reference_data\": [\n {\n \"url\": \"https://www.twcert.org.tw/tw/cp-132-6572-5c2c8-1.html\",\n \"name\": \"https://www.twcert.org.tw/tw/cp-132-6572-5c2c8-1.html\",\n \"refsource\": \"MISC\",\n \"tags\": []\n }\n ]\n },\n \"description\": {\n \"description_data\": [\n {\n \"lang\": \"en\",\n \"value\": \"Smart eVision has insufficient filtering for special characters in the POST Data parameter in the specific function. An unauthenticated remote attacker can inject JavaScript to perform XSS (Stored Cross-Site Scripting) attack.\"\n }\n ]\n }\n },\n \"configurations\": {\n \"CVE_data_version\": \"4.0\",\n \"nodes\": []\n },\n \"impact\": {\n \"baseMetricV3\": {\n \"cvssV3\": {\n \"version\": \"3.1\",\n \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\n \"attackVector\": \"NETWORK\",\n \"attackComplexity\": \"LOW\",\n \"privilegesRequired\": \"NONE\",\n \"userInteraction\": \"REQUIRED\",\n \"scope\": \"CHANGED\",\n \"confidentialityImpact\": \"LOW\",\n \"integrityImpact\": \"LOW\",\n \"availabilityImpact\": \"NONE\",\n \"baseScore\": 6.1,\n \"baseSeverity\": \"MEDIUM\"\n },\n \"exploitabilityScore\": 2.8,\n \"impactScore\": 2.7\n },\n \"baseMetricV2\": null\n },\n \"publishedDate\": \"2022-09-28T04:15:00.000+00:00\",\n \"lastModifiedDate\": \"2022-09-28T04:15:00.000+00:00\"\n }\n },\n {\n \"id\": \"CVE-2022-40497\",\n \"cveItem\": {\n \"cve\": {\n \"data_type\": \"CVE\",\n \"data_format\": \"MITRE\",\n \"data_version\": \"4.0\",\n \"CVE_data_meta\": {\n \"ID\": \"CVE-2022-40497\",\n \"ASSIGNER\": \"cve@mitre.org\"\n },\n \"problemtype\": {\n \"problemtype_data\": [\n {\n \"description\": []\n }\n ]\n },\n \"references\": {\n \"reference_data\": [\n {\n \"url\": \"https://github.com/wazuh/wazuh/pull/14801\",\n \"name\": \"https://github.com/wazuh/wazuh/pull/14801\",\n \"refsource\": \"MISC\",\n \"tags\": []\n }\n ]\n },\n \"description\": {\n \"description_data\": [\n {\n \"lang\": \"en\",\n \"value\": \"Wazuh v3.6.1 - v3.13.5, v4.0.0 - v4.2.7, and v4.3.0 - v4.3.7 were discovered to contain an authenticated remote code execution (RCE) vulnerability via the Active Response endpoint.\"\n }\n ]\n }\n },\n \"configurations\": {\n \"CVE_data_version\": \"4.0\",\n \"nodes\": []\n },\n \"impact\": {\n \"baseMetricV3\": null,\n \"baseMetricV2\": null\n },\n \"publishedDate\": \"2022-09-28T00:15:00.000+00:00\",\n \"lastModifiedDate\": \"2022-09-28T00:15:00.000+00:00\"\n }\n },\n {\n \"id\": \"CVE-2022-34326\",\n \"cveItem\": {\n \"cve\": {\n \"data_type\": \"CVE\",\n \"data_format\": \"MITRE\",\n \"data_version\": \"4.0\",\n \"CVE_data_meta\": {\n \"ID\": \"CVE-2022-34326\",\n \"ASSIGNER\": \"cve@mitre.org\"\n },\n \"problemtype\": {\n \"problemtype_data\": [\n {\n \"description\": []\n }\n ]\n },\n \"references\": {\n \"reference_data\": [\n {\n \"url\": \"https://www.realtek.com/en\",\n \"name\": \"https://www.realtek.com/en\",\n \"refsource\": \"MISC\",\n \"tags\": []\n },\n {\n \"url\": \"https://www.amebaiot.com/en/security_bulletin/cve-2022-34326/\",\n \"name\": \"https://www.amebaiot.com/en/security_bulletin/cve-2022-34326/\",\n \"refsource\": \"MISC\",\n \"tags\": []\n }\n ]\n },\n \"description\": {\n \"description_data\": [\n {\n \"lang\": \"en\",\n \"value\": \"On Realtek RTL8195AM devices before 284241d70308ff2519e40afd7b284ba892c730a3, the timer task can be locked when there are frequent and continuous Wi-Fi connection failures for the Soft AP mode.\"\n }\n ]\n }\n },\n \"configurations\": {\n \"CVE_data_version\": \"4.0\",\n \"nodes\": []\n },\n \"impact\": {\n \"baseMetricV3\": null,\n \"baseMetricV2\": null\n },\n \"publishedDate\": \"2022-09-27T23:15:00.000+00:00\",\n \"lastModifiedDate\": \"2022-09-27T23:15:00.000+00:00\"\n }\n },\n {\n \"id\": \"CVE-2022-40816\",\n \"cveItem\": {\n \"cve\": {\n \"data_type\": \"CVE\",\n \"data_format\": \"MITRE\",\n \"data_version\": \"4.0\",\n \"CVE_data_meta\": {\n \"ID\": \"CVE-2022-40816\",\n \"ASSIGNER\": \"cve@mitre.org\"\n },\n \"problemtype\": {\n \"problemtype_data\": [\n {\n \"description\": []\n }\n ]\n },\n \"references\": {\n \"reference_data\": [\n {\n \"url\": \"https://zammad.com/de/advisories/zaa-2022-09\",\n \"name\": \"https://zammad.com/de/advisories/zaa-2022-09\",\n \"refsource\": \"MISC\",\n \"tags\": []\n }\n ]\n },\n \"description\": {\n \"description_data\": [\n {\n \"lang\": \"en\",\n \"value\": \"Zammad 5.2.1 is vulnerable to Incorrect Access Control. Zammad's asset handling mechanism has logic to ensure that customer users are not able to see personal information of other users. This logic was not effective when used through a web socket connection, so that a logged-in attacker would be able to fetch personal data of other users by querying the Zammad API. This issue is fixed in , 5.2.2.\"\n }\n ]\n }\n },\n \"configurations\": {\n \"CVE_data_version\": \"4.0\",\n \"nodes\": []\n },\n \"impact\": {\n \"baseMetricV3\": null,\n \"baseMetricV2\": null\n },\n \"publishedDate\": \"2022-09-27T23:15:00.000+00:00\",\n \"lastModifiedDate\": \"2022-09-27T23:15:00.000+00:00\"\n }\n },\n {\n \"id\": \"CVE-2022-40353\",\n \"cveItem\": {\n \"cve\": {\n \"data_type\": \"CVE\",\n \"data_format\": \"MITRE\",\n \"data_version\": \"4.0\",\n \"CVE_data_meta\": {\n \"ID\": \"CVE-2022-40353\",\n \"ASSIGNER\": \"cve@mitre.org\"\n },\n \"problemtype\": {\n \"problemtype_data\": [\n {\n \"description\": []\n }\n ]\n },\n \"references\": {\n \"reference_data\": [\n {\n \"url\": \"https://github.com/songbingxue/Bug_report/blob/main/vendors/mayuri_k/online-tours-travels-management-system/SQLi-2.md\",\n \"name\": \"https://github.com/songbingxue/Bug_report/blob/main/vendors/mayuri_k/online-tours-travels-management-system/SQLi-2.md\",\n \"refsource\": \"MISC\",\n \"tags\": []\n }\n ]\n },\n \"description\": {\n \"description_data\": [\n {\n \"lang\": \"en\",\n \"value\": \"Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/up_booking.php.\"\n }\n ]\n }\n },\n \"configurations\": {\n \"CVE_data_version\": \"4.0\",\n \"nodes\": []\n },\n \"impact\": {\n \"baseMetricV3\": null,\n \"baseMetricV2\": null\n },\n \"publishedDate\": \"2022-09-27T23:15:00.000+00:00\",\n \"lastModifiedDate\": \"2022-09-27T23:15:00.000+00:00\"\n }\n },\n {\n \"id\": \"CVE-2022-35957\",\n \"cveItem\": {\n \"cve\": {\n \"data_type\": \"CVE\",\n \"data_format\": \"MITRE\",\n \"data_version\": \"4.0\",\n \"CVE_data_meta\": {\n \"ID\": \"CVE-2022-35957\",\n \"ASSIGNER\": \"security-advisories@github.com\"\n },\n \"problemtype\": {\n \"problemtype_data\": [\n {\n \"description\": [\n {\n \"lang\": \"en\",\n \"value\": \"CWE-290\"\n }\n ]\n }\n ]\n },\n \"references\": {\n \"reference_data\": [\n {\n \"url\": \"https://github.com/grafana/grafana/security/advisories/GHSA-ff5c-938w-8c9q\",\n \"name\": \"https://github.com/grafana/grafana/security/advisories/GHSA-ff5c-938w-8c9q\",\n \"refsource\": \"CONFIRM\",\n \"tags\": [\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WYU5C2RITLHVZSTCWNGQWA6KSPYNXM2H/\",\n \"name\": \"FEDORA-2022-2eb4418018\",\n \"refsource\": \"FEDORA\",\n \"tags\": []\n }\n ]\n },\n \"description\": {\n \"description_data\": [\n {\n \"lang\": \"en\",\n \"value\": \"Grafana is an open-source platform for monitoring and observability. Versions prior to 9.1.6 and 8.5.13 are vulnerable to an escalation from admin to server admin when auth proxy is used, allowing an admin to take over the server admin account and gain full control of the grafana instance. All installations should be upgraded as soon as possible. As a workaround deactivate auth proxy following the instructions at: https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/auth-proxy/\"\n }\n ]\n }\n },\n \"configurations\": {\n \"CVE_data_version\": \"4.0\",\n \"nodes\": [\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": \"9.1.0\",\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": \"9.1.6\",\n \"versionEndIncluding\": null\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": \"9.0.0\",\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": \"9.0.9\",\n \"versionEndIncluding\": null\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": \"8.5.13\",\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n }\n ]\n },\n \"impact\": {\n \"baseMetricV3\": {\n \"cvssV3\": {\n \"version\": \"3.1\",\n \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H\",\n \"attackVector\": \"NETWORK\",\n \"attackComplexity\": \"HIGH\",\n \"privilegesRequired\": \"HIGH\",\n \"userInteraction\": \"NONE\",\n \"scope\": \"UNCHANGED\",\n \"confidentialityImpact\": \"HIGH\",\n \"integrityImpact\": \"HIGH\",\n \"availabilityImpact\": \"HIGH\",\n \"baseScore\": 6.6,\n \"baseSeverity\": \"MEDIUM\"\n },\n \"exploitabilityScore\": 0.7,\n \"impactScore\": 5.9\n },\n \"baseMetricV2\": null\n },\n \"publishedDate\": \"2022-09-20T23:15:00.000+00:00\",\n \"lastModifiedDate\": \"2022-09-27T23:15:00.000+00:00\"\n }\n },\n {\n \"id\": \"CVE-2022-40877\",\n \"cveItem\": {\n \"cve\": {\n \"data_type\": \"CVE\",\n \"data_format\": \"MITRE\",\n \"data_version\": \"4.0\",\n \"CVE_data_meta\": {\n \"ID\": \"CVE-2022-40877\",\n \"ASSIGNER\": \"cve@mitre.org\"\n },\n \"problemtype\": {\n \"problemtype_data\": [\n {\n \"description\": []\n }\n ]\n },\n \"references\": {\n \"reference_data\": [\n {\n \"url\": \"https://www.exploit-db.com/exploits/50725\",\n \"name\": \"https://www.exploit-db.com/exploits/50725\",\n \"refsource\": \"MISC\",\n \"tags\": []\n }\n ]\n },\n \"description\": {\n \"description_data\": [\n {\n \"lang\": \"en\",\n \"value\": \"Exam Reviewer Management System 1.0 is vulnerable to SQL Injection via the ‘id’ parameter.\"\n }\n ]\n }\n },\n \"configurations\": {\n \"CVE_data_version\": \"4.0\",\n \"nodes\": []\n },\n \"impact\": {\n \"baseMetricV3\": null,\n \"baseMetricV2\": null\n },\n \"publishedDate\": \"2022-09-27T23:15:00.000+00:00\",\n \"lastModifiedDate\": \"2022-09-27T23:15:00.000+00:00\"\n }\n }\n]"}],"_postman_id":"ec048750-78da-4b76-82a3-13cf1b4f8a7a"},{"name":"Top 20 CVEs by Keyword","id":"764a3126-e6d9-4fd5-8b39-a1b5d5688f29","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[{"key":"Content-Type","value":"application/json"},{"key":"X-Consumer-Id","value":"{{X-Consumer-Id}}"},{"key":"X-Consumer-Key","value":"{{X-Consumer-Key}}","type":"text"}],"body":{"mode":"raw","raw":"{\n \"keywords\": [\n \"microsoft\",\n \"nginx\"\n ] \n}"},"url":"{{url}}/private/cves","description":"This method returns the list of the most recent 20 CVEs as added to the public NIST database.
\nSpecifically, this method allows the inclusion of up to 5 keywords to use for filtering purposes. Only the top 20 CVEs matching the filters will be returned.
\nThe keywords are used to emulate the \"OR\" operator so that they will used for the independent filters.
\n","urlObject":{"path":["private","cves"],"host":["{{url}}"],"query":[],"variable":[]}},"response":[{"id":"907ec02a-65c5-4dbe-840c-773352233ab0","name":"Top 20 CVEs by Keyword","originalRequest":{"method":"POST","header":[{"key":"Content-Type","value":"application/json"},{"key":"X-Consumer-Id","value":"{{X-Consumer-Id}}"},{"key":"X-Consumer-Key","value":"{{X-Consumer-Key}}","type":"text"}],"body":{"mode":"raw","raw":"{\n \"keywords\": [\n \"microsoft\",\n \"nginx\"\n ] \n}"},"url":"{{url}}/private/cves"},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"Content-Type","value":"application/json"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Connection","value":"keep-alive"},{"key":"Date","value":"Wed, 28 Sep 2022 08:01:39 GMT"},{"key":"X-Cache","value":"Miss from cloudfront"},{"key":"Via","value":"1.1 fbbaf051f1b6e237fbee09c998e075cc.cloudfront.net (CloudFront)"},{"key":"X-Amz-Cf-Pop","value":"MXP64-P1"},{"key":"Alt-Svc","value":"h3=\":443\"; ma=86400"},{"key":"X-Amz-Cf-Id","value":"Vfi2npUy9V_dJ8B9Ohfsc-VVxClrObZZkNnY5ayTgoNix3of9E-paw=="}],"cookie":[],"responseTime":null,"body":"[\n {\n \"id\": \"CVE-2021-23017\",\n \"cveItem\": {\n \"cve\": {\n \"data_type\": \"CVE\",\n \"data_format\": \"MITRE\",\n \"data_version\": \"4.0\",\n \"CVE_data_meta\": {\n \"ID\": \"CVE-2021-23017\",\n \"ASSIGNER\": \"f5sirt@f5.com\"\n },\n \"problemtype\": {\n \"problemtype_data\": [\n {\n \"description\": [\n {\n \"lang\": \"en\",\n \"value\": \"CWE-193\"\n }\n ]\n }\n ]\n },\n \"references\": {\n \"reference_data\": [\n {\n \"url\": \"http://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html\",\n \"name\": \"http://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html\",\n \"refsource\": \"MISC\",\n \"tags\": [\n \"Mailing List\",\n \"Patch\",\n \"Vendor Advisory\"\n ]\n },\n {\n \"url\": \"https://support.f5.com/csp/article/K12331123,\",\n \"name\": \"https://support.f5.com/csp/article/K12331123,\",\n \"refsource\": \"MISC\",\n \"tags\": [\n \"Broken Link\"\n ]\n },\n {\n \"url\": \"https://lists.apache.org/thread.html/r6fc5c57b38e93e36213e9a18c8a4e5dbd5ced1c7e57f08a1735975ba@%3Cnotifications.apisix.apache.org%3E\",\n \"name\": \"[apisix-notifications] 20210607 [GitHub] [apisix-website] Serendipity96 opened a new pull request #362: feat: add new blog\",\n \"refsource\": \"MLIST\",\n \"tags\": [\n \"Mailing List\",\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"https://lists.apache.org/thread.html/rf318aeeb4d7a3a312734780b47de83cefb7e6995da0b2cae5c28675c@%3Cnotifications.apisix.apache.org%3E\",\n \"name\": \"[apisix-notifications] 20210608 [GitHub] [apisix-website] netlify[bot] edited a comment on pull request #362: docs: added \\\"Apache APISIX not affected by NGINX CVE-2021-23017\\\"\",\n \"refsource\": \"MLIST\",\n \"tags\": [\n \"Mailing List\",\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"https://lists.apache.org/thread.html/r37e6b2165f7c910d8e15fd54f4697857619ad2625f56583802004009@%3Cnotifications.apisix.apache.org%3E\",\n \"name\": \"[apisix-notifications] 20210608 [GitHub] [apisix-website] liuxiran commented on a change in pull request #362: docs: added \\\"Apache APISIX not affected by NGINX CVE-2021-23017\\\"\",\n \"refsource\": \"MLIST\",\n \"tags\": [\n \"Mailing List\",\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"https://lists.apache.org/thread.html/rf232eecd47fdc44520192810560303073cefd684b321f85e311bad31@%3Cnotifications.apisix.apache.org%3E\",\n \"name\": \"[apisix-notifications] 20210608 [apisix-website] branch master updated: docs: added \\\"Apache APISIX not affected by NGINX CVE-2021-23017\\\" (#362)\",\n \"refsource\": \"MLIST\",\n \"tags\": [\n \"Mailing List\",\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"https://lists.apache.org/thread.html/r4d4966221ca399ce948ef34884652265729d7d9ef8179c78d7f17e7f@%3Cnotifications.apisix.apache.org%3E\",\n \"name\": \"[apisix-notifications] 20210608 [GitHub] [apisix-website] liuxiran merged pull request #362: docs: added \\\"Apache APISIX not affected by NGINX CVE-2021-23017\\\"\",\n \"refsource\": \"MLIST\",\n \"tags\": [\n \"Mailing List\",\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7SFVYHC7OXTEO4SMBWXDVK6E5IMEYMEE/\",\n \"name\": \"FEDORA-2021-393d698493\",\n \"refsource\": \"FEDORA\",\n \"tags\": [\n \"Mailing List\",\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNKOP2JR5L7KCIZTJRZDCUPJTUONMC5I/\",\n \"name\": \"FEDORA-2021-b37cffac0d\",\n \"refsource\": \"FEDORA\",\n \"tags\": [\n \"Mailing List\",\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"https://security.netapp.com/advisory/ntap-20210708-0006/\",\n \"name\": \"https://security.netapp.com/advisory/ntap-20210708-0006/\",\n \"refsource\": \"CONFIRM\",\n \"tags\": [\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"https://www.oracle.com/security-alerts/cpuoct2021.html\",\n \"name\": \"https://www.oracle.com/security-alerts/cpuoct2021.html\",\n \"refsource\": \"MISC\",\n \"tags\": [\n \"Patch\",\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"https://www.oracle.com/security-alerts/cpujan2022.html\",\n \"name\": \"https://www.oracle.com/security-alerts/cpujan2022.html\",\n \"refsource\": \"MISC\",\n \"tags\": [\n \"Patch\",\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"https://www.oracle.com/security-alerts/cpuapr2022.html\",\n \"name\": \"https://www.oracle.com/security-alerts/cpuapr2022.html\",\n \"refsource\": \"MISC\",\n \"tags\": [\n \"Patch\",\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"http://packetstormsecurity.com/files/167720/Nginx-1.20.0-Denial-Of-Service.html\",\n \"name\": \"http://packetstormsecurity.com/files/167720/Nginx-1.20.0-Denial-Of-Service.html\",\n \"refsource\": \"MISC\",\n \"tags\": [\n \"Third Party Advisory\",\n \"VDB Entry\"\n ]\n }\n ]\n },\n \"description\": {\n \"description_data\": [\n {\n \"lang\": \"en\",\n \"value\": \"A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.\"\n }\n ]\n }\n },\n \"configurations\": {\n \"CVE_data_version\": \"4.0\",\n \"nodes\": [\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": \"0.6.18\",\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": \"1.20.1\",\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:openresty:openresty:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": \"1.19.3.2\",\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:oracle:communications_operations_monitor:4.2:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:oracle:communications_session_border_controller:8.4:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:oracle:enterprise_session_border_controller:9.0:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:oracle:communications_session_border_controller:9.0:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:oracle:enterprise_communications_broker:3.3.0:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:oracle:enterprise_telephony_fraud_monitor:4.2:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:oracle:enterprise_telephony_fraud_monitor:4.3:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:oracle:enterprise_telephony_fraud_monitor:4.4:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:oracle:enterprise_telephony_fraud_monitor:3.4:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:oracle:communications_fraud_monitor:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": \"3.4\",\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": \"4.4\"\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:oracle:communications_control_plane_monitor:4.2:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:oracle:communications_control_plane_monitor:4.3:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:oracle:communications_control_plane_monitor:4.4:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:oracle:communications_control_plane_monitor:3.4:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": \"21.4.0.0.0\",\n \"versionEndIncluding\": null\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": \"21.1.2\",\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n }\n ]\n },\n \"impact\": {\n \"baseMetricV3\": {\n \"cvssV3\": {\n \"version\": \"3.1\",\n \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L\",\n \"attackVector\": \"NETWORK\",\n \"attackComplexity\": \"HIGH\",\n \"privilegesRequired\": \"NONE\",\n \"userInteraction\": \"NONE\",\n \"scope\": \"UNCHANGED\",\n \"confidentialityImpact\": \"HIGH\",\n \"integrityImpact\": \"HIGH\",\n \"availabilityImpact\": \"LOW\",\n \"baseScore\": 7.7,\n \"baseSeverity\": \"HIGH\"\n },\n \"exploitabilityScore\": 2.2,\n \"impactScore\": 5.5\n },\n \"baseMetricV2\": {\n \"cvssV2\": {\n \"version\": \"2.0\",\n \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\n \"accessVector\": \"NETWORK\",\n \"accessComplexity\": \"MEDIUM\",\n \"authentication\": \"NONE\",\n \"confidentialityImpact\": \"PARTIAL\",\n \"integrityImpact\": \"PARTIAL\",\n \"availabilityImpact\": \"PARTIAL\",\n \"baseScore\": 6.8\n },\n \"severity\": \"MEDIUM\",\n \"exploitabilityScore\": 8,\n \"impactScore\": 6.4,\n \"acInsufInfo\": false,\n \"obtainAllPrivilege\": false,\n \"obtainUserPrivilege\": false,\n \"obtainOtherPrivilege\": false,\n \"userInteractionRequired\": false\n }\n },\n \"publishedDate\": \"2021-06-01T13:15:00.000+00:00\",\n \"lastModifiedDate\": \"2022-09-14T15:49:00.000+00:00\"\n }\n },\n {\n \"id\": \"CVE-2022-27008\",\n \"cveItem\": {\n \"cve\": {\n \"data_type\": \"CVE\",\n \"data_format\": \"MITRE\",\n \"data_version\": \"4.0\",\n \"CVE_data_meta\": {\n \"ID\": \"CVE-2022-27008\",\n \"ASSIGNER\": \"cve@mitre.org\"\n },\n \"problemtype\": {\n \"problemtype_data\": [\n {\n \"description\": [\n {\n \"lang\": \"en\",\n \"value\": \"CWE-120\"\n }\n ]\n }\n ]\n },\n \"references\": {\n \"reference_data\": [\n {\n \"url\": \"https://github.com/nginx/njs/issues/471\",\n \"name\": \"https://github.com/nginx/njs/issues/471\",\n \"refsource\": \"MISC\",\n \"tags\": [\n \"Exploit\",\n \"Issue Tracking\",\n \"Patch\",\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"https://github.com/nginx/njs/commit/e673ae41a998d1391bd562edb2ed6d49db7cc716\",\n \"name\": \"https://github.com/nginx/njs/commit/e673ae41a998d1391bd562edb2ed6d49db7cc716\",\n \"refsource\": \"MISC\",\n \"tags\": [\n \"Patch\",\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"https://security.netapp.com/advisory/ntap-20220519-0008/\",\n \"name\": \"https://security.netapp.com/advisory/ntap-20220519-0008/\",\n \"refsource\": \"CONFIRM\",\n \"tags\": [\n \"Third Party Advisory\"\n ]\n }\n ]\n },\n \"description\": {\n \"description_data\": [\n {\n \"lang\": \"en\",\n \"value\": \"nginx njs 0.7.2 is vulnerable to Buffer Overflow. Type confused in Array.prototype.concat() when a slow array appended element is fast array.\"\n }\n ]\n }\n },\n \"configurations\": {\n \"CVE_data_version\": \"4.0\",\n \"nodes\": [\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:f5:njs:0.7.2:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n }\n ]\n },\n \"impact\": {\n \"baseMetricV3\": {\n \"cvssV3\": {\n \"version\": \"3.1\",\n \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\n \"attackVector\": \"NETWORK\",\n \"attackComplexity\": \"LOW\",\n \"privilegesRequired\": \"NONE\",\n \"userInteraction\": \"NONE\",\n \"scope\": \"UNCHANGED\",\n \"confidentialityImpact\": \"NONE\",\n \"integrityImpact\": \"NONE\",\n \"availabilityImpact\": \"HIGH\",\n \"baseScore\": 7.5,\n \"baseSeverity\": \"HIGH\"\n },\n \"exploitabilityScore\": 3.9,\n \"impactScore\": 3.6\n },\n \"baseMetricV2\": {\n \"cvssV2\": {\n \"version\": \"2.0\",\n \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\n \"accessVector\": \"NETWORK\",\n \"accessComplexity\": \"LOW\",\n \"authentication\": \"NONE\",\n \"confidentialityImpact\": \"NONE\",\n \"integrityImpact\": \"NONE\",\n \"availabilityImpact\": \"PARTIAL\",\n \"baseScore\": 5\n },\n \"severity\": \"MEDIUM\",\n \"exploitabilityScore\": 10,\n \"impactScore\": 2.9,\n \"acInsufInfo\": false,\n \"obtainAllPrivilege\": false,\n \"obtainUserPrivilege\": false,\n \"obtainOtherPrivilege\": false,\n \"userInteractionRequired\": false\n }\n },\n \"publishedDate\": \"2022-04-14T15:15:00.000+00:00\",\n \"lastModifiedDate\": \"2022-09-09T16:53:00.000+00:00\"\n }\n },\n {\n \"id\": \"CVE-2022-27007\",\n \"cveItem\": {\n \"cve\": {\n \"data_type\": \"CVE\",\n \"data_format\": \"MITRE\",\n \"data_version\": \"4.0\",\n \"CVE_data_meta\": {\n \"ID\": \"CVE-2022-27007\",\n \"ASSIGNER\": \"cve@mitre.org\"\n },\n \"problemtype\": {\n \"problemtype_data\": [\n {\n \"description\": [\n {\n \"lang\": \"en\",\n \"value\": \"CWE-416\"\n }\n ]\n }\n ]\n },\n \"references\": {\n \"reference_data\": [\n {\n \"url\": \"https://github.com/nginx/njs/commit/ad48705bf1f04b4221a5f5b07715ac48b3160d53\",\n \"name\": \"https://github.com/nginx/njs/commit/ad48705bf1f04b4221a5f5b07715ac48b3160d53\",\n \"refsource\": \"MISC\",\n \"tags\": [\n \"Patch\",\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"https://github.com/nginx/njs/issues/469\",\n \"name\": \"https://github.com/nginx/njs/issues/469\",\n \"refsource\": \"MISC\",\n \"tags\": [\n \"Exploit\",\n \"Issue Tracking\",\n \"Patch\",\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"https://security.netapp.com/advisory/ntap-20220519-0008/\",\n \"name\": \"https://security.netapp.com/advisory/ntap-20220519-0008/\",\n \"refsource\": \"CONFIRM\",\n \"tags\": [\n \"Third Party Advisory\"\n ]\n }\n ]\n },\n \"description\": {\n \"description_data\": [\n {\n \"lang\": \"en\",\n \"value\": \"nginx njs 0.7.2 is affected suffers from Use-after-free in njs_function_frame_alloc() when it try to invoke from a restored frame saved with njs_function_frame_save().\"\n }\n ]\n }\n },\n \"configurations\": {\n \"CVE_data_version\": \"4.0\",\n \"nodes\": [\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:f5:njs:0.7.2:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n }\n ]\n },\n \"impact\": {\n \"baseMetricV3\": {\n \"cvssV3\": {\n \"version\": \"3.1\",\n \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\n \"attackVector\": \"NETWORK\",\n \"attackComplexity\": \"LOW\",\n \"privilegesRequired\": \"NONE\",\n \"userInteraction\": \"NONE\",\n \"scope\": \"UNCHANGED\",\n \"confidentialityImpact\": \"HIGH\",\n \"integrityImpact\": \"HIGH\",\n \"availabilityImpact\": \"HIGH\",\n \"baseScore\": 9.8,\n \"baseSeverity\": \"CRITICAL\"\n },\n \"exploitabilityScore\": 3.9,\n \"impactScore\": 5.9\n },\n \"baseMetricV2\": {\n \"cvssV2\": {\n \"version\": \"2.0\",\n \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\n \"accessVector\": \"NETWORK\",\n \"accessComplexity\": \"LOW\",\n \"authentication\": \"NONE\",\n \"confidentialityImpact\": \"PARTIAL\",\n \"integrityImpact\": \"PARTIAL\",\n \"availabilityImpact\": \"PARTIAL\",\n \"baseScore\": 7.5\n },\n \"severity\": \"HIGH\",\n \"exploitabilityScore\": 10,\n \"impactScore\": 6.4,\n \"acInsufInfo\": false,\n \"obtainAllPrivilege\": false,\n \"obtainUserPrivilege\": false,\n \"obtainOtherPrivilege\": false,\n \"userInteractionRequired\": false\n }\n },\n \"publishedDate\": \"2022-04-14T15:15:00.000+00:00\",\n \"lastModifiedDate\": \"2022-09-09T16:53:00.000+00:00\"\n }\n },\n {\n \"id\": \"CVE-2022-29062\",\n \"cveItem\": {\n \"cve\": {\n \"data_type\": \"CVE\",\n \"data_format\": \"MITRE\",\n \"data_version\": \"4.0\",\n \"CVE_data_meta\": {\n \"ID\": \"CVE-2022-29062\",\n \"ASSIGNER\": \"psirt@fortinet.com\"\n },\n \"problemtype\": {\n \"problemtype_data\": [\n {\n \"description\": [\n {\n \"lang\": \"en\",\n \"value\": \"CWE-22\"\n }\n ]\n }\n ]\n },\n \"references\": {\n \"reference_data\": [\n {\n \"url\": \"https://fortiguard.com/psirt/FG-IR-22-154\",\n \"name\": \"https://fortiguard.com/psirt/FG-IR-22-154\",\n \"refsource\": \"CONFIRM\",\n \"tags\": [\n \"Vendor Advisory\"\n ]\n }\n ]\n },\n \"description\": {\n \"description_data\": [\n {\n \"lang\": \"en\",\n \"value\": \"Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiSOAR before 7.2.1 allows an authenticated attacker to write to the underlying filesystem with nginx permissions via crafted HTTP requests.\"\n }\n ]\n }\n },\n \"configurations\": {\n \"CVE_data_version\": \"4.0\",\n \"nodes\": [\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:fortinet:fortisoar:7.2.0:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:fortinet:fortisoar:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": \"7.0.0\",\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": \"7.0.3\",\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n }\n ]\n },\n \"impact\": {\n \"baseMetricV3\": {\n \"cvssV3\": {\n \"version\": \"3.1\",\n \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\",\n \"attackVector\": \"NETWORK\",\n \"attackComplexity\": \"LOW\",\n \"privilegesRequired\": \"LOW\",\n \"userInteraction\": \"NONE\",\n \"scope\": \"UNCHANGED\",\n \"confidentialityImpact\": \"NONE\",\n \"integrityImpact\": \"HIGH\",\n \"availabilityImpact\": \"NONE\",\n \"baseScore\": 6.5,\n \"baseSeverity\": \"MEDIUM\"\n },\n \"exploitabilityScore\": 2.8,\n \"impactScore\": 3.6\n },\n \"baseMetricV2\": null\n },\n \"publishedDate\": \"2022-09-06T18:15:00.000+00:00\",\n \"lastModifiedDate\": \"2022-09-09T02:54:00.000+00:00\"\n }\n },\n {\n \"id\": \"CVE-2021-29509\",\n \"cveItem\": {\n \"cve\": {\n \"data_type\": \"CVE\",\n \"data_format\": \"MITRE\",\n \"data_version\": \"4.0\",\n \"CVE_data_meta\": {\n \"ID\": \"CVE-2021-29509\",\n \"ASSIGNER\": \"security-advisories@github.com\"\n },\n \"problemtype\": {\n \"problemtype_data\": [\n {\n \"description\": [\n {\n \"lang\": \"en\",\n \"value\": \"CWE-400\"\n }\n ]\n }\n ]\n },\n \"references\": {\n \"reference_data\": [\n {\n \"url\": \"https://rubygems.org/gems/puma\",\n \"name\": \"https://rubygems.org/gems/puma\",\n \"refsource\": \"MISC\",\n \"tags\": [\n \"Product\",\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"https://github.com/puma/puma/security/policy\",\n \"name\": \"https://github.com/puma/puma/security/policy\",\n \"refsource\": \"MISC\",\n \"tags\": [\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"https://github.com/puma/puma/security/advisories/GHSA-q28m-8xjw-8vr5\",\n \"name\": \"https://github.com/puma/puma/security/advisories/GHSA-q28m-8xjw-8vr5\",\n \"refsource\": \"CONFIRM\",\n \"tags\": [\n \"Patch\",\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"https://gist.github.com/nateberkopec/4b3ea5676c0d70cbb37c82d54be25837\",\n \"name\": \"https://gist.github.com/nateberkopec/4b3ea5676c0d70cbb37c82d54be25837\",\n \"refsource\": \"MISC\",\n \"tags\": [\n \"Patch\",\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"https://security.gentoo.org/glsa/202208-28\",\n \"name\": \"GLSA-202208-28\",\n \"refsource\": \"GENTOO\",\n \"tags\": []\n },\n {\n \"url\": \"https://lists.debian.org/debian-lts-announce/2022/08/msg00015.html\",\n \"name\": \"[debian-lts-announce] 20220827 [SECURITY] [DLA 3083-1] puma security update\",\n \"refsource\": \"MLIST\",\n \"tags\": []\n }\n ]\n },\n \"description\": {\n \"description_data\": [\n {\n \"lang\": \"en\",\n \"value\": \"Puma is a concurrent HTTP 1.1 server for Ruby/Rack applications. The fix for CVE-2019-16770 was incomplete. The original fix only protected existing connections that had already been accepted from having their requests starved by greedy persistent-connections saturating all threads in the same process. However, new connections may still be starved by greedy persistent-connections saturating all threads in all processes in the cluster. A `puma` server which received more concurrent `keep-alive` connections than the server had threads in its threadpool would service only a subset of connections, denying service to the unserved connections. This problem has been fixed in `puma` 4.3.8 and 5.3.1. Setting `queue_requests false` also fixes the issue. This is not advised when using `puma` without a reverse proxy, such as `nginx` or `apache`, because you will open yourself to slow client attacks (e.g. slowloris). The fix is very small and a git patch is available for those using unsupported versions of Puma.\"\n }\n ]\n }\n },\n \"configurations\": {\n \"CVE_data_version\": \"4.0\",\n \"nodes\": [\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:puma:puma:*:*:*:*:*:ruby:*:*\",\n \"versionStartIncluding\": \"5.0.0\",\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": \"5.3.1\",\n \"versionEndIncluding\": null\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:puma:puma:*:*:*:*:*:ruby:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": \"4.3.8\",\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n }\n ]\n },\n \"impact\": {\n \"baseMetricV3\": {\n \"cvssV3\": {\n \"version\": \"3.1\",\n \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\n \"attackVector\": \"NETWORK\",\n \"attackComplexity\": \"LOW\",\n \"privilegesRequired\": \"NONE\",\n \"userInteraction\": \"NONE\",\n \"scope\": \"UNCHANGED\",\n \"confidentialityImpact\": \"NONE\",\n \"integrityImpact\": \"NONE\",\n \"availabilityImpact\": \"HIGH\",\n \"baseScore\": 7.5,\n \"baseSeverity\": \"HIGH\"\n },\n \"exploitabilityScore\": 3.9,\n \"impactScore\": 3.6\n },\n \"baseMetricV2\": {\n \"cvssV2\": {\n \"version\": \"2.0\",\n \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\n \"accessVector\": \"NETWORK\",\n \"accessComplexity\": \"LOW\",\n \"authentication\": \"NONE\",\n \"confidentialityImpact\": \"NONE\",\n \"integrityImpact\": \"NONE\",\n \"availabilityImpact\": \"PARTIAL\",\n \"baseScore\": 5\n },\n \"severity\": \"MEDIUM\",\n \"exploitabilityScore\": 10,\n \"impactScore\": 2.9,\n \"acInsufInfo\": false,\n \"obtainAllPrivilege\": false,\n \"obtainUserPrivilege\": false,\n \"obtainOtherPrivilege\": false,\n \"userInteractionRequired\": false\n }\n },\n \"publishedDate\": \"2021-05-11T17:15:00.000+00:00\",\n \"lastModifiedDate\": \"2022-08-27T21:15:00.000+00:00\"\n }\n },\n {\n \"id\": \"CVE-2022-35925\",\n \"cveItem\": {\n \"cve\": {\n \"data_type\": \"CVE\",\n \"data_format\": \"MITRE\",\n \"data_version\": \"4.0\",\n \"CVE_data_meta\": {\n \"ID\": \"CVE-2022-35925\",\n \"ASSIGNER\": \"security-advisories@github.com\"\n },\n \"problemtype\": {\n \"problemtype_data\": [\n {\n \"description\": [\n {\n \"lang\": \"en\",\n \"value\": \"CWE-287\"\n }\n ]\n }\n ]\n },\n \"references\": {\n \"reference_data\": [\n {\n \"url\": \"https://www.github.com/bookwyrm-social/bookwyrm/commit/7bbe42fb30a79a26115524d18b697d895563c92f\",\n \"name\": \"https://www.github.com/bookwyrm-social/bookwyrm/commit/7bbe42fb30a79a26115524d18b697d895563c92f\",\n \"refsource\": \"MISC\",\n \"tags\": [\n \"Patch\",\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"https://github.com/bookwyrm-social/bookwyrm/security/advisories/GHSA-jvp3-mqv8-5rjw\",\n \"name\": \"https://github.com/bookwyrm-social/bookwyrm/security/advisories/GHSA-jvp3-mqv8-5rjw\",\n \"refsource\": \"CONFIRM\",\n \"tags\": [\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"https://huntr.dev/bounties/ebee593d-3fd0-4985-bf5e-7e7927e08bf6/\",\n \"name\": \"https://huntr.dev/bounties/ebee593d-3fd0-4985-bf5e-7e7927e08bf6/\",\n \"refsource\": \"MISC\",\n \"tags\": [\n \"Exploit\",\n \"Third Party Advisory\"\n ]\n }\n ]\n },\n \"description\": {\n \"description_data\": [\n {\n \"lang\": \"en\",\n \"value\": \"BookWyrm is a social network for tracking reading. Versions prior to 0.4.5 were found to lack rate limiting on authentication views which allows brute-force attacks. This issue has been patched in version 0.4.5. Admins with existing instances will need to update their `nginx.conf` file that was created when the instance was set up. Users are advised advised to upgrade. Users unable to upgrade may update their nginx.conf files with the changes manually.\"\n }\n ]\n }\n },\n \"configurations\": {\n \"CVE_data_version\": \"4.0\",\n \"nodes\": [\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:joinbookwyrm:bookwyrm:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": \"0.4.5\",\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n }\n ]\n },\n \"impact\": {\n \"baseMetricV3\": {\n \"cvssV3\": {\n \"version\": \"3.1\",\n \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\n \"attackVector\": \"NETWORK\",\n \"attackComplexity\": \"LOW\",\n \"privilegesRequired\": \"NONE\",\n \"userInteraction\": \"NONE\",\n \"scope\": \"UNCHANGED\",\n \"confidentialityImpact\": \"HIGH\",\n \"integrityImpact\": \"HIGH\",\n \"availabilityImpact\": \"HIGH\",\n \"baseScore\": 9.8,\n \"baseSeverity\": \"CRITICAL\"\n },\n \"exploitabilityScore\": 3.9,\n \"impactScore\": 5.9\n },\n \"baseMetricV2\": null\n },\n \"publishedDate\": \"2022-08-02T21:15:00.000+00:00\",\n \"lastModifiedDate\": \"2022-08-08T19:52:00.000+00:00\"\n }\n },\n {\n \"id\": \"CVE-2021-40150\",\n \"cveItem\": {\n \"cve\": {\n \"data_type\": \"CVE\",\n \"data_format\": \"MITRE\",\n \"data_version\": \"4.0\",\n \"CVE_data_meta\": {\n \"ID\": \"CVE-2021-40150\",\n \"ASSIGNER\": \"cve@mitre.org\"\n },\n \"problemtype\": {\n \"problemtype_data\": [\n {\n \"description\": [\n {\n \"lang\": \"en\",\n \"value\": \"CWE-552\"\n }\n ]\n }\n ]\n },\n \"references\": {\n \"reference_data\": [\n {\n \"url\": \"https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2021-40150.txt\",\n \"name\": \"https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2021-40150.txt\",\n \"refsource\": \"MISC\",\n \"tags\": [\n \"Exploit\",\n \"Third Party Advisory\"\n ]\n }\n ]\n },\n \"description\": {\n \"description_data\": [\n {\n \"lang\": \"en\",\n \"value\": \"The web server of the E1 Zoom camera through 3.0.0.716 discloses its configuration via the /conf/ directory that is mapped to a publicly accessible path. In this way an attacker can download the entire NGINX/FastCGI configurations by querying the /conf/nginx.conf or /conf/fastcgi.conf URI.\"\n }\n ]\n }\n },\n \"configurations\": {\n \"CVE_data_version\": \"4.0\",\n \"nodes\": [\n {\n \"operator\": \"AND\",\n \"cpe_match\": [],\n \"children\": [\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:reolink:e1_zoom_firmware:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": \"3.0.0.716\"\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": false,\n \"cpe23Uri\": \"cpe:2.3:h:reolink:e1_zoom:-:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n }\n ]\n }\n ]\n },\n \"impact\": {\n \"baseMetricV3\": {\n \"cvssV3\": {\n \"version\": \"3.1\",\n \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\n \"attackVector\": \"NETWORK\",\n \"attackComplexity\": \"LOW\",\n \"privilegesRequired\": \"NONE\",\n \"userInteraction\": \"NONE\",\n \"scope\": \"UNCHANGED\",\n \"confidentialityImpact\": \"HIGH\",\n \"integrityImpact\": \"NONE\",\n \"availabilityImpact\": \"NONE\",\n \"baseScore\": 7.5,\n \"baseSeverity\": \"HIGH\"\n },\n \"exploitabilityScore\": 3.9,\n \"impactScore\": 3.6\n },\n \"baseMetricV2\": null\n },\n \"publishedDate\": \"2022-07-17T23:15:00.000+00:00\",\n \"lastModifiedDate\": \"2022-07-22T13:26:00.000+00:00\"\n }\n },\n {\n \"id\": \"CVE-2021-25746\",\n \"cveItem\": {\n \"cve\": {\n \"data_type\": \"CVE\",\n \"data_format\": \"MITRE\",\n \"data_version\": \"4.0\",\n \"CVE_data_meta\": {\n \"ID\": \"CVE-2021-25746\",\n \"ASSIGNER\": \"security@kubernetes.io\"\n },\n \"problemtype\": {\n \"problemtype_data\": [\n {\n \"description\": [\n {\n \"lang\": \"en\",\n \"value\": \"CWE-20\"\n }\n ]\n }\n ]\n },\n \"references\": {\n \"reference_data\": [\n {\n \"url\": \"https://groups.google.com/g/kubernetes-security-announce/c/hv2-SfdqcfQ\",\n \"name\": \"https://groups.google.com/g/kubernetes-security-announce/c/hv2-SfdqcfQ\",\n \"refsource\": \"MISC\",\n \"tags\": [\n \"Issue Tracking\",\n \"Mitigation\",\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"https://github.com/kubernetes/ingress-nginx/issues/8503\",\n \"name\": \"https://github.com/kubernetes/ingress-nginx/issues/8503\",\n \"refsource\": \"MISC\",\n \"tags\": [\n \"Issue Tracking\",\n \"Mitigation\",\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"https://security.netapp.com/advisory/ntap-20220609-0006/\",\n \"name\": \"https://security.netapp.com/advisory/ntap-20220609-0006/\",\n \"refsource\": \"CONFIRM\",\n \"tags\": []\n }\n ]\n },\n \"description\": {\n \"description_data\": [\n {\n \"lang\": \"en\",\n \"value\": \"A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use .metadata.annotations in an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.\"\n }\n ]\n }\n },\n \"configurations\": {\n \"CVE_data_version\": \"4.0\",\n \"nodes\": [\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:kubernetes:ingress-nginx:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": \"1.2.0\",\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n }\n ]\n },\n \"impact\": {\n \"baseMetricV3\": {\n \"cvssV3\": {\n \"version\": \"3.1\",\n \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N\",\n \"attackVector\": \"NETWORK\",\n \"attackComplexity\": \"LOW\",\n \"privilegesRequired\": \"LOW\",\n \"userInteraction\": \"NONE\",\n \"scope\": \"UNCHANGED\",\n \"confidentialityImpact\": \"HIGH\",\n \"integrityImpact\": \"LOW\",\n \"availabilityImpact\": \"NONE\",\n \"baseScore\": 7.1,\n \"baseSeverity\": \"HIGH\"\n },\n \"exploitabilityScore\": 2.8,\n \"impactScore\": 4.2\n },\n \"baseMetricV2\": {\n \"cvssV2\": {\n \"version\": \"2.0\",\n \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:P/A:N\",\n \"accessVector\": \"NETWORK\",\n \"accessComplexity\": \"LOW\",\n \"authentication\": \"SINGLE\",\n \"confidentialityImpact\": \"PARTIAL\",\n \"integrityImpact\": \"PARTIAL\",\n \"availabilityImpact\": \"NONE\",\n \"baseScore\": 5.5\n },\n \"severity\": \"MEDIUM\",\n \"exploitabilityScore\": 8,\n \"impactScore\": 4.9,\n \"acInsufInfo\": false,\n \"obtainAllPrivilege\": false,\n \"obtainUserPrivilege\": false,\n \"obtainOtherPrivilege\": false,\n \"userInteractionRequired\": false\n }\n },\n \"publishedDate\": \"2022-05-06T01:15:00.000+00:00\",\n \"lastModifiedDate\": \"2022-06-09T19:15:00.000+00:00\"\n }\n },\n {\n \"id\": \"CVE-2021-25745\",\n \"cveItem\": {\n \"cve\": {\n \"data_type\": \"CVE\",\n \"data_format\": \"MITRE\",\n \"data_version\": \"4.0\",\n \"CVE_data_meta\": {\n \"ID\": \"CVE-2021-25745\",\n \"ASSIGNER\": \"security@kubernetes.io\"\n },\n \"problemtype\": {\n \"problemtype_data\": [\n {\n \"description\": [\n {\n \"lang\": \"en\",\n \"value\": \"CWE-20\"\n }\n ]\n }\n ]\n },\n \"references\": {\n \"reference_data\": [\n {\n \"url\": \"https://github.com/kubernetes/ingress-nginx/issues/8502\",\n \"name\": \"https://github.com/kubernetes/ingress-nginx/issues/8502\",\n \"refsource\": \"MISC\",\n \"tags\": [\n \"Issue Tracking\",\n \"Mitigation\",\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"https://groups.google.com/g/kubernetes-security-announce/c/7vQrpDZeBlc\",\n \"name\": \"https://groups.google.com/g/kubernetes-security-announce/c/7vQrpDZeBlc\",\n \"refsource\": \"MISC\",\n \"tags\": [\n \"Issue Tracking\",\n \"Mailing List\",\n \"Mitigation\",\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"https://security.netapp.com/advisory/ntap-20220609-0006/\",\n \"name\": \"https://security.netapp.com/advisory/ntap-20220609-0006/\",\n \"refsource\": \"CONFIRM\",\n \"tags\": []\n }\n ]\n },\n \"description\": {\n \"description_data\": [\n {\n \"lang\": \"en\",\n \"value\": \"A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the spec.rules[].http.paths[].path field of an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.\"\n }\n ]\n }\n },\n \"configurations\": {\n \"CVE_data_version\": \"4.0\",\n \"nodes\": [\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:kubernetes:ingress-nginx:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": \"1.2.0\",\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n }\n ]\n },\n \"impact\": {\n \"baseMetricV3\": {\n \"cvssV3\": {\n \"version\": \"3.1\",\n \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\",\n \"attackVector\": \"NETWORK\",\n \"attackComplexity\": \"LOW\",\n \"privilegesRequired\": \"LOW\",\n \"userInteraction\": \"NONE\",\n \"scope\": \"UNCHANGED\",\n \"confidentialityImpact\": \"HIGH\",\n \"integrityImpact\": \"HIGH\",\n \"availabilityImpact\": \"NONE\",\n \"baseScore\": 8.1,\n \"baseSeverity\": \"HIGH\"\n },\n \"exploitabilityScore\": 2.8,\n \"impactScore\": 5.2\n },\n \"baseMetricV2\": {\n \"cvssV2\": {\n \"version\": \"2.0\",\n \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:P/A:N\",\n \"accessVector\": \"NETWORK\",\n \"accessComplexity\": \"LOW\",\n \"authentication\": \"SINGLE\",\n \"confidentialityImpact\": \"PARTIAL\",\n \"integrityImpact\": \"PARTIAL\",\n \"availabilityImpact\": \"NONE\",\n \"baseScore\": 5.5\n },\n \"severity\": \"MEDIUM\",\n \"exploitabilityScore\": 8,\n \"impactScore\": 4.9,\n \"acInsufInfo\": false,\n \"obtainAllPrivilege\": false,\n \"obtainUserPrivilege\": false,\n \"obtainOtherPrivilege\": false,\n \"userInteractionRequired\": false\n }\n },\n \"publishedDate\": \"2022-05-06T01:15:00.000+00:00\",\n \"lastModifiedDate\": \"2022-06-09T19:15:00.000+00:00\"\n }\n },\n {\n \"id\": \"CVE-2022-29588\",\n \"cveItem\": {\n \"cve\": {\n \"data_type\": \"CVE\",\n \"data_format\": \"MITRE\",\n \"data_version\": \"4.0\",\n \"CVE_data_meta\": {\n \"ID\": \"CVE-2022-29588\",\n \"ASSIGNER\": \"cve@mitre.org\"\n },\n \"problemtype\": {\n \"problemtype_data\": [\n {\n \"description\": [\n {\n \"lang\": \"en\",\n \"value\": \"CWE-522\"\n }\n ]\n }\n ]\n },\n \"references\": {\n \"reference_data\": [\n {\n \"url\": \"http://packetstormsecurity.com/files/167166/Konica-Minolta-bizhub-MFP-Printer-Terminal-Sandbox-Escape.html\",\n \"name\": \"http://packetstormsecurity.com/files/167166/Konica-Minolta-bizhub-MFP-Printer-Terminal-Sandbox-Escape.html\",\n \"refsource\": \"MISC\",\n \"tags\": [\n \"Third Party Advisory\",\n \"VDB Entry\"\n ]\n },\n {\n \"url\": \"https://sec-consult.com/vulnerability-lab/\",\n \"name\": \"https://sec-consult.com/vulnerability-lab/\",\n \"refsource\": \"MISC\",\n \"tags\": [\n \"Third Party Advisory\"\n ]\n }\n ]\n },\n \"description\": {\n \"description_data\": [\n {\n \"lang\": \"en\",\n \"value\": \"Konica Minolta bizhub MFP devices before 2022-04-14 use cleartext password storage for the /var/log/nginx/html/ADMINPASS and /etc/shadow files.\"\n }\n ]\n }\n },\n \"configurations\": {\n \"CVE_data_version\": \"4.0\",\n \"nodes\": [\n {\n \"operator\": \"AND\",\n \"cpe_match\": [],\n \"children\": [\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:konicaminolta:bizhub_226i_firmware:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": \"2022-04-14\",\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": false,\n \"cpe23Uri\": \"cpe:2.3:h:konicaminolta:bizhub_226i:-:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n }\n ]\n },\n {\n \"operator\": \"AND\",\n \"cpe_match\": [],\n \"children\": [\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:konicaminolta:bizhub_227_firmware:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": \"2022-04-14\",\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": false,\n \"cpe23Uri\": \"cpe:2.3:h:konicaminolta:bizhub_227:-:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n }\n ]\n },\n {\n \"operator\": \"AND\",\n \"cpe_match\": [],\n \"children\": [\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:konicaminolta:bizhub_246i_firmware:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": \"2022-04-14\",\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": false,\n \"cpe23Uri\": \"cpe:2.3:h:konicaminolta:bizhub_246i:-:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n }\n ]\n },\n {\n \"operator\": \"AND\",\n \"cpe_match\": [],\n \"children\": [\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:konicaminolta:bizhub_287_firmware:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": \"2022-04-14\",\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": false,\n \"cpe23Uri\": \"cpe:2.3:h:konicaminolta:bizhub_287:-:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n }\n ]\n },\n {\n \"operator\": \"AND\",\n \"cpe_match\": [],\n \"children\": [\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:konicaminolta:bizhub_306i_firmware:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": \"2022-04-14\",\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": false,\n \"cpe23Uri\": \"cpe:2.3:h:konicaminolta:bizhub_306i:-:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n }\n ]\n },\n {\n \"operator\": \"AND\",\n \"cpe_match\": [],\n \"children\": [\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:konicaminolta:bizhub_308_firmware:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": \"2022-04-14\",\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": false,\n \"cpe23Uri\": \"cpe:2.3:h:konicaminolta:bizhub_308:-:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n }\n ]\n },\n {\n \"operator\": \"AND\",\n \"cpe_match\": [],\n \"children\": [\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:konicaminolta:bizhub_308e_firmware:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": \"2022-04-14\",\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": false,\n \"cpe23Uri\": \"cpe:2.3:h:konicaminolta:bizhub_308e:-:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n }\n ]\n },\n {\n \"operator\": \"AND\",\n \"cpe_match\": [],\n \"children\": [\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:konicaminolta:bizhub_367_firmware:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": \"2022-04-14\",\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": false,\n \"cpe23Uri\": \"cpe:2.3:h:konicaminolta:bizhub_367:-:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n }\n ]\n },\n {\n \"operator\": \"AND\",\n \"cpe_match\": [],\n \"children\": [\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:konicaminolta:bizhub_368_firmware:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": \"2022-04-14\",\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": false,\n \"cpe23Uri\": \"cpe:2.3:h:konicaminolta:bizhub_368:-:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n }\n ]\n },\n {\n \"operator\": \"AND\",\n \"cpe_match\": [],\n \"children\": [\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:konicaminolta:bizhub_368e_firmware:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": \"2022-04-14\",\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": false,\n \"cpe23Uri\": \"cpe:2.3:h:konicaminolta:bizhub_368e:-:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n }\n ]\n },\n {\n \"operator\": \"AND\",\n \"cpe_match\": [],\n \"children\": [\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:konicaminolta:bizhub_4052_firmware:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": \"2022-04-14\",\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": false,\n \"cpe23Uri\": \"cpe:2.3:h:konicaminolta:bizhub_4052:-:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n }\n ]\n },\n {\n \"operator\": \"AND\",\n \"cpe_match\": [],\n \"children\": [\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:konicaminolta:bizhub_458_firmware:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": \"2022-04-14\",\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": false,\n \"cpe23Uri\": \"cpe:2.3:h:konicaminolta:bizhub_458:-:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n }\n ]\n },\n {\n \"operator\": \"AND\",\n \"cpe_match\": [],\n \"children\": [\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:konicaminolta:bizhub_458e_firmware:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": \"2022-04-14\",\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": false,\n \"cpe23Uri\": \"cpe:2.3:h:konicaminolta:bizhub_458e:-:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n }\n ]\n },\n {\n \"operator\": \"AND\",\n \"cpe_match\": [],\n \"children\": [\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:konicaminolta:bizhub_4752_firmware:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": \"2022-04-14\",\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": false,\n \"cpe23Uri\": \"cpe:2.3:h:konicaminolta:bizhub_4752:-:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n }\n ]\n },\n {\n \"operator\": \"AND\",\n \"cpe_match\": [],\n \"children\": [\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:konicaminolta:bizhub_558_firmware:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": \"2022-04-14\",\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": false,\n \"cpe23Uri\": \"cpe:2.3:h:konicaminolta:bizhub_558:-:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n }\n ]\n },\n {\n \"operator\": \"AND\",\n \"cpe_match\": [],\n \"children\": [\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:konicaminolta:bizhub_558e_firmware:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": \"2022-04-14\",\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": false,\n \"cpe23Uri\": \"cpe:2.3:h:konicaminolta:bizhub_558e:-:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n }\n ]\n },\n {\n \"operator\": \"AND\",\n \"cpe_match\": [],\n \"children\": [\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:konicaminolta:bizhub_658e_firmware:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": \"2022-04-14\",\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": false,\n \"cpe23Uri\": \"cpe:2.3:h:konicaminolta:bizhub_658e:-:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n }\n ]\n },\n {\n \"operator\": \"AND\",\n \"cpe_match\": [],\n \"children\": [\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:konicaminolta:bizhub_758_firmware:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": \"2022-04-14\",\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": false,\n \"cpe23Uri\": \"cpe:2.3:h:konicaminolta:bizhub_758:-:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n }\n ]\n },\n {\n \"operator\": \"AND\",\n \"cpe_match\": [],\n \"children\": [\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:konicaminolta:bizhub_808_firmware:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": \"2022-04-14\",\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": false,\n \"cpe23Uri\": \"cpe:2.3:h:konicaminolta:bizhub_808:-:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n }\n ]\n },\n {\n \"operator\": \"AND\",\n \"cpe_match\": [],\n \"children\": [\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:konicaminolta:bizhub_958_firmware:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": \"2022-04-14\",\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": false,\n \"cpe23Uri\": \"cpe:2.3:h:konicaminolta:bizhub_958:-:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n }\n ]\n },\n {\n \"operator\": \"AND\",\n \"cpe_match\": [],\n \"children\": [\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:konicaminolta:bizhub_c227_firmware:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": \"2022-04-14\",\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": false,\n \"cpe23Uri\": \"cpe:2.3:h:konicaminolta:bizhub_c227:-:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n }\n ]\n },\n {\n \"operator\": \"AND\",\n \"cpe_match\": [],\n \"children\": [\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:konicaminolta:bizhub_c250i_firmware:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": \"2022-04-14\",\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": false,\n \"cpe23Uri\": \"cpe:2.3:h:konicaminolta:bizhub_c250i:-:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n }\n ]\n },\n {\n \"operator\": \"AND\",\n \"cpe_match\": [],\n \"children\": [\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:konicaminolta:bizhub_c258_firmware:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": \"2022-04-14\",\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": false,\n \"cpe23Uri\": \"cpe:2.3:h:konicaminolta:bizhub_c258:-:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n }\n ]\n },\n {\n \"operator\": \"AND\",\n \"cpe_match\": [],\n \"children\": [\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:konicaminolta:bizhub_c287_firmware:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": \"2022-04-14\",\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": false,\n \"cpe23Uri\": \"cpe:2.3:h:konicaminolta:bizhub_c287:-:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n }\n ]\n },\n {\n \"operator\": \"AND\",\n \"cpe_match\": [],\n \"children\": [\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:konicaminolta:bizhub_c300i_firmware:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": \"2022-04-14\",\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": false,\n \"cpe23Uri\": \"cpe:2.3:h:konicaminolta:bizhub_c300i:-:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n }\n ]\n },\n {\n \"operator\": \"AND\",\n \"cpe_match\": [],\n \"children\": [\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:konicaminolta:bizhub_c308_firmware:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": \"2022-04-14\",\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": false,\n \"cpe23Uri\": \"cpe:2.3:h:konicaminolta:bizhub_c308:-:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n }\n ]\n },\n {\n \"operator\": \"AND\",\n \"cpe_match\": [],\n \"children\": [\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:konicaminolta:bizhub_c3300i_firmware:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": \"2022-04-14\",\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": false,\n \"cpe23Uri\": \"cpe:2.3:h:konicaminolta:bizhub_c3300i:-:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n }\n ]\n },\n {\n \"operator\": \"AND\",\n \"cpe_match\": [],\n \"children\": [\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:konicaminolta:bizhub_c3320i_firmware:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": \"2022-04-14\",\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": false,\n \"cpe23Uri\": \"cpe:2.3:h:konicaminolta:bizhub_c3320i:-:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n }\n ]\n },\n {\n \"operator\": \"AND\",\n \"cpe_match\": [],\n \"children\": [\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:konicaminolta:bizhub_c3350i_firmware:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": \"2022-04-14\",\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": false,\n \"cpe23Uri\": \"cpe:2.3:h:konicaminolta:bizhub_c3350i:-:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n }\n ]\n },\n {\n \"operator\": \"AND\",\n \"cpe_match\": [],\n \"children\": [\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:konicaminolta:bizhub_c3351_firmware:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": \"2022-04-14\",\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": false,\n \"cpe23Uri\": \"cpe:2.3:h:konicaminolta:bizhub_c3351:-:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n }\n ]\n },\n {\n \"operator\": \"AND\",\n \"cpe_match\": [],\n \"children\": [\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:konicaminolta:bizhub_c360i_firmware:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": \"2022-04-14\",\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": false,\n \"cpe23Uri\": \"cpe:2.3:h:konicaminolta:bizhub_c360i:-:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n }\n ]\n },\n {\n \"operator\": \"AND\",\n \"cpe_match\": [],\n \"children\": [\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:konicaminolta:bizhub_c368_firmware:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": \"2022-04-14\",\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": false,\n \"cpe23Uri\": \"cpe:2.3:h:konicaminolta:bizhub_c368:-:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n }\n ]\n },\n {\n \"operator\": \"AND\",\n \"cpe_match\": [],\n \"children\": [\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:konicaminolta:bizhub_c3851_firmware:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": \"2022-04-14\",\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": false,\n \"cpe23Uri\": \"cpe:2.3:h:konicaminolta:bizhub_c3851:-:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n }\n ]\n },\n {\n \"operator\": \"AND\",\n \"cpe_match\": [],\n \"children\": [\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:konicaminolta:bizhub_c3851fs_firmware:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": \"2022-04-14\",\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": false,\n \"cpe23Uri\": \"cpe:2.3:h:konicaminolta:bizhub_c3851fs:-:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n }\n ]\n },\n {\n \"operator\": \"AND\",\n \"cpe_match\": [],\n \"children\": [\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:konicaminolta:bizhub_c4000i_firmware:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": \"2022-04-14\",\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": false,\n \"cpe23Uri\": \"cpe:2.3:h:konicaminolta:bizhub_c4000i:-:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n }\n ]\n },\n {\n \"operator\": \"AND\",\n \"cpe_match\": [],\n \"children\": [\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:konicaminolta:bizhub_c4050i_firmware:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": \"2022-04-14\",\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": false,\n \"cpe23Uri\": \"cpe:2.3:h:konicaminolta:bizhub_c4050i:-:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n }\n ]\n },\n {\n \"operator\": \"AND\",\n \"cpe_match\": [],\n \"children\": [\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:konicaminolta:bizhub_c450i_firmware:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": \"2022-04-14\",\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": false,\n \"cpe23Uri\": \"cpe:2.3:h:konicaminolta:bizhub_c450i:-:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n }\n ]\n },\n {\n \"operator\": \"AND\",\n \"cpe_match\": [],\n \"children\": [\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:konicaminolta:bizhub_c458_firmware:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": \"2022-04-14\",\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": false,\n \"cpe23Uri\": \"cpe:2.3:h:konicaminolta:bizhub_c458:-:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n }\n ]\n },\n {\n \"operator\": \"AND\",\n \"cpe_match\": [],\n \"children\": [\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:konicaminolta:bizhub_c550i_firmware:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": \"2022-04-14\",\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": false,\n \"cpe23Uri\": \"cpe:2.3:h:konicaminolta:bizhub_c550i:-:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n }\n ]\n },\n {\n \"operator\": \"AND\",\n \"cpe_match\": [],\n \"children\": [\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:konicaminolta:bizhub_c558_firmware:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": \"2022-04-14\",\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": false,\n \"cpe23Uri\": \"cpe:2.3:h:konicaminolta:bizhub_c558:-:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n }\n ]\n },\n {\n \"operator\": \"AND\",\n \"cpe_match\": [],\n \"children\": [\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:konicaminolta:bizhub_c650i_firmware:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": \"2022-04-14\",\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": false,\n \"cpe23Uri\": \"cpe:2.3:h:konicaminolta:bizhub_c650i:-:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n }\n ]\n },\n {\n \"operator\": \"AND\",\n \"cpe_match\": [],\n \"children\": [\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:konicaminolta:bizhub_c658_firmware:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": \"2022-04-14\",\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": false,\n \"cpe23Uri\": \"cpe:2.3:h:konicaminolta:bizhub_c658:-:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n }\n ]\n },\n {\n \"operator\": \"AND\",\n \"cpe_match\": [],\n \"children\": [\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:konicaminolta:bizhub_c659_firmware:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": \"2022-04-14\",\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": false,\n \"cpe23Uri\": \"cpe:2.3:h:konicaminolta:bizhub_c659:-:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n }\n ]\n },\n {\n \"operator\": \"AND\",\n \"cpe_match\": [],\n \"children\": [\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:konicaminolta:bizhub_c759_firmware:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": \"2022-04-14\",\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": false,\n \"cpe23Uri\": \"cpe:2.3:h:konicaminolta:bizhub_c759:-:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n }\n ]\n },\n {\n \"operator\": \"AND\",\n \"cpe_match\": [],\n \"children\": [\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:konicaminolta:bizhub_pro958_firmware:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": \"2022-04-14\",\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": false,\n \"cpe23Uri\": \"cpe:2.3:h:konicaminolta:bizhub_pro958:-:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n }\n ]\n }\n ]\n },\n \"impact\": {\n \"baseMetricV3\": {\n \"cvssV3\": {\n \"version\": \"3.1\",\n \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\n \"attackVector\": \"NETWORK\",\n \"attackComplexity\": \"LOW\",\n \"privilegesRequired\": \"NONE\",\n \"userInteraction\": \"NONE\",\n \"scope\": \"UNCHANGED\",\n \"confidentialityImpact\": \"HIGH\",\n \"integrityImpact\": \"NONE\",\n \"availabilityImpact\": \"NONE\",\n \"baseScore\": 7.5,\n \"baseSeverity\": \"HIGH\"\n },\n \"exploitabilityScore\": 3.9,\n \"impactScore\": 3.6\n },\n \"baseMetricV2\": {\n \"cvssV2\": {\n \"version\": \"2.0\",\n \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\n \"accessVector\": \"NETWORK\",\n \"accessComplexity\": \"LOW\",\n \"authentication\": \"NONE\",\n \"confidentialityImpact\": \"PARTIAL\",\n \"integrityImpact\": \"NONE\",\n \"availabilityImpact\": \"NONE\",\n \"baseScore\": 5\n },\n \"severity\": \"MEDIUM\",\n \"exploitabilityScore\": 10,\n \"impactScore\": 2.9,\n \"acInsufInfo\": false,\n \"obtainAllPrivilege\": false,\n \"obtainUserPrivilege\": false,\n \"obtainOtherPrivilege\": false,\n \"userInteractionRequired\": false\n }\n },\n \"publishedDate\": \"2022-05-16T06:15:00.000+00:00\",\n \"lastModifiedDate\": \"2022-05-30T00:19:00.000+00:00\"\n }\n },\n {\n \"id\": \"CVE-2018-16844\",\n \"cveItem\": {\n \"cve\": {\n \"data_type\": \"CVE\",\n \"data_format\": \"MITRE\",\n \"data_version\": \"4.0\",\n \"CVE_data_meta\": {\n \"ID\": \"CVE-2018-16844\",\n \"ASSIGNER\": \"secalert@redhat.com\"\n },\n \"problemtype\": {\n \"problemtype_data\": [\n {\n \"description\": [\n {\n \"lang\": \"en\",\n \"value\": \"CWE-400\"\n }\n ]\n }\n ]\n },\n \"references\": {\n \"reference_data\": [\n {\n \"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16844\",\n \"name\": \"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16844\",\n \"refsource\": \"CONFIRM\",\n \"tags\": [\n \"Issue Tracking\"\n ]\n },\n {\n \"url\": \"http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html\",\n \"name\": \"http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html\",\n \"refsource\": \"MISC\",\n \"tags\": [\n \"Mailing List\",\n \"Vendor Advisory\"\n ]\n },\n {\n \"url\": \"https://usn.ubuntu.com/3812-1/\",\n \"name\": \"USN-3812-1\",\n \"refsource\": \"UBUNTU\",\n \"tags\": [\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"http://www.securitytracker.com/id/1042038\",\n \"name\": \"1042038\",\n \"refsource\": \"SECTRACK\",\n \"tags\": [\n \"Third Party Advisory\",\n \"VDB Entry\"\n ]\n },\n {\n \"url\": \"https://www.debian.org/security/2018/dsa-4335\",\n \"name\": \"DSA-4335\",\n \"refsource\": \"DEBIAN\",\n \"tags\": [\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"http://www.securityfocus.com/bid/105868\",\n \"name\": \"105868\",\n \"refsource\": \"BID\",\n \"tags\": [\n \"Third Party Advisory\",\n \"VDB Entry\"\n ]\n },\n {\n \"url\": \"https://access.redhat.com/errata/RHSA-2018:3681\",\n \"name\": \"RHSA-2018:3681\",\n \"refsource\": \"REDHAT\",\n \"tags\": [\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"https://access.redhat.com/errata/RHSA-2018:3680\",\n \"name\": \"RHSA-2018:3680\",\n \"refsource\": \"REDHAT\",\n \"tags\": [\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html\",\n \"name\": \"openSUSE-SU-2019:2120\",\n \"refsource\": \"SUSE\",\n \"tags\": [\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"https://support.apple.com/kb/HT212818\",\n \"name\": \"https://support.apple.com/kb/HT212818\",\n \"refsource\": \"CONFIRM\",\n \"tags\": [\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"http://seclists.org/fulldisclosure/2021/Sep/36\",\n \"name\": \"20210921 APPLE-SA-2021-09-20-4 Xcode 13\",\n \"refsource\": \"FULLDISC\",\n \"tags\": [\n \"Mailing List\",\n \"Third Party Advisory\"\n ]\n }\n ]\n },\n \"description\": {\n \"description_data\": [\n {\n \"lang\": \"en\",\n \"value\": \"nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file.\"\n }\n ]\n }\n },\n \"configurations\": {\n \"CVE_data_version\": \"4.0\",\n \"nodes\": [\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": \"1.9.5\",\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": \"1.14.1\",\n \"versionEndIncluding\": null\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": \"1.15.0\",\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": \"1.15.6\",\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": \"13.0\",\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n }\n ]\n },\n \"impact\": {\n \"baseMetricV3\": {\n \"cvssV3\": {\n \"version\": \"3.1\",\n \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\n \"attackVector\": \"NETWORK\",\n \"attackComplexity\": \"LOW\",\n \"privilegesRequired\": \"NONE\",\n \"userInteraction\": \"NONE\",\n \"scope\": \"UNCHANGED\",\n \"confidentialityImpact\": \"NONE\",\n \"integrityImpact\": \"NONE\",\n \"availabilityImpact\": \"HIGH\",\n \"baseScore\": 7.5,\n \"baseSeverity\": \"HIGH\"\n },\n \"exploitabilityScore\": 3.9,\n \"impactScore\": 3.6\n },\n \"baseMetricV2\": {\n \"cvssV2\": {\n \"version\": \"2.0\",\n \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:C\",\n \"accessVector\": \"NETWORK\",\n \"accessComplexity\": \"LOW\",\n \"authentication\": \"NONE\",\n \"confidentialityImpact\": \"NONE\",\n \"integrityImpact\": \"NONE\",\n \"availabilityImpact\": \"COMPLETE\",\n \"baseScore\": 7.8\n },\n \"severity\": \"HIGH\",\n \"exploitabilityScore\": 10,\n \"impactScore\": 6.9,\n \"acInsufInfo\": false,\n \"obtainAllPrivilege\": false,\n \"obtainUserPrivilege\": false,\n \"obtainOtherPrivilege\": false,\n \"userInteractionRequired\": false\n }\n },\n \"publishedDate\": \"2018-11-07T14:29:00.000+00:00\",\n \"lastModifiedDate\": \"2022-02-22T19:27:00.000+00:00\"\n }\n },\n {\n \"id\": \"CVE-2018-16843\",\n \"cveItem\": {\n \"cve\": {\n \"data_type\": \"CVE\",\n \"data_format\": \"MITRE\",\n \"data_version\": \"4.0\",\n \"CVE_data_meta\": {\n \"ID\": \"CVE-2018-16843\",\n \"ASSIGNER\": \"secalert@redhat.com\"\n },\n \"problemtype\": {\n \"problemtype_data\": [\n {\n \"description\": [\n {\n \"lang\": \"en\",\n \"value\": \"CWE-400\"\n }\n ]\n }\n ]\n },\n \"references\": {\n \"reference_data\": [\n {\n \"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16843\",\n \"name\": \"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16843\",\n \"refsource\": \"CONFIRM\",\n \"tags\": [\n \"Issue Tracking\",\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html\",\n \"name\": \"http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html\",\n \"refsource\": \"MISC\",\n \"tags\": [\n \"Mailing List\",\n \"Vendor Advisory\"\n ]\n },\n {\n \"url\": \"https://usn.ubuntu.com/3812-1/\",\n \"name\": \"USN-3812-1\",\n \"refsource\": \"UBUNTU\",\n \"tags\": [\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"http://www.securitytracker.com/id/1042038\",\n \"name\": \"1042038\",\n \"refsource\": \"SECTRACK\",\n \"tags\": [\n \"Third Party Advisory\",\n \"VDB Entry\"\n ]\n },\n {\n \"url\": \"https://www.debian.org/security/2018/dsa-4335\",\n \"name\": \"DSA-4335\",\n \"refsource\": \"DEBIAN\",\n \"tags\": [\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"http://www.securityfocus.com/bid/105868\",\n \"name\": \"105868\",\n \"refsource\": \"BID\",\n \"tags\": [\n \"Third Party Advisory\",\n \"VDB Entry\"\n ]\n },\n {\n \"url\": \"https://access.redhat.com/errata/RHSA-2018:3653\",\n \"name\": \"RHSA-2018:3653\",\n \"refsource\": \"REDHAT\",\n \"tags\": [\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"https://access.redhat.com/errata/RHSA-2018:3681\",\n \"name\": \"RHSA-2018:3681\",\n \"refsource\": \"REDHAT\",\n \"tags\": [\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"https://access.redhat.com/errata/RHSA-2018:3680\",\n \"name\": \"RHSA-2018:3680\",\n \"refsource\": \"REDHAT\",\n \"tags\": [\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html\",\n \"name\": \"openSUSE-SU-2019:2120\",\n \"refsource\": \"SUSE\",\n \"tags\": [\n \"Mailing List\",\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"https://support.apple.com/kb/HT212818\",\n \"name\": \"https://support.apple.com/kb/HT212818\",\n \"refsource\": \"CONFIRM\",\n \"tags\": [\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"http://seclists.org/fulldisclosure/2021/Sep/36\",\n \"name\": \"20210921 APPLE-SA-2021-09-20-4 Xcode 13\",\n \"refsource\": \"FULLDISC\",\n \"tags\": [\n \"Mailing List\",\n \"Third Party Advisory\"\n ]\n }\n ]\n },\n \"description\": {\n \"description_data\": [\n {\n \"lang\": \"en\",\n \"value\": \"nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file.\"\n }\n ]\n }\n },\n \"configurations\": {\n \"CVE_data_version\": \"4.0\",\n \"nodes\": [\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": \"1.9.5\",\n \"versionEndExcluding\": \"1.14.1\",\n \"versionEndIncluding\": null\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": \"1.15.0\",\n \"versionEndExcluding\": \"1.15.6\",\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": \"13.0\",\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n }\n ]\n },\n \"impact\": {\n \"baseMetricV3\": {\n \"cvssV3\": {\n \"version\": \"3.1\",\n \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\n \"attackVector\": \"NETWORK\",\n \"attackComplexity\": \"LOW\",\n \"privilegesRequired\": \"NONE\",\n \"userInteraction\": \"NONE\",\n \"scope\": \"UNCHANGED\",\n \"confidentialityImpact\": \"NONE\",\n \"integrityImpact\": \"NONE\",\n \"availabilityImpact\": \"HIGH\",\n \"baseScore\": 7.5,\n \"baseSeverity\": \"HIGH\"\n },\n \"exploitabilityScore\": 3.9,\n \"impactScore\": 3.6\n },\n \"baseMetricV2\": {\n \"cvssV2\": {\n \"version\": \"2.0\",\n \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:C\",\n \"accessVector\": \"NETWORK\",\n \"accessComplexity\": \"LOW\",\n \"authentication\": \"NONE\",\n \"confidentialityImpact\": \"NONE\",\n \"integrityImpact\": \"NONE\",\n \"availabilityImpact\": \"COMPLETE\",\n \"baseScore\": 7.8\n },\n \"severity\": \"HIGH\",\n \"exploitabilityScore\": 10,\n \"impactScore\": 6.9,\n \"acInsufInfo\": false,\n \"obtainAllPrivilege\": false,\n \"obtainUserPrivilege\": false,\n \"obtainOtherPrivilege\": false,\n \"userInteractionRequired\": false\n }\n },\n \"publishedDate\": \"2018-11-07T14:29:00.000+00:00\",\n \"lastModifiedDate\": \"2022-02-22T19:27:00.000+00:00\"\n }\n },\n {\n \"id\": \"CVE-2018-16845\",\n \"cveItem\": {\n \"cve\": {\n \"data_type\": \"CVE\",\n \"data_format\": \"MITRE\",\n \"data_version\": \"4.0\",\n \"CVE_data_meta\": {\n \"ID\": \"CVE-2018-16845\",\n \"ASSIGNER\": \"secalert@redhat.com\"\n },\n \"problemtype\": {\n \"problemtype_data\": [\n {\n \"description\": [\n {\n \"lang\": \"en\",\n \"value\": \"CWE-400\"\n }\n ]\n }\n ]\n },\n \"references\": {\n \"reference_data\": [\n {\n \"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16845\",\n \"name\": \"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16845\",\n \"refsource\": \"CONFIRM\",\n \"tags\": [\n \"Issue Tracking\",\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"http://mailman.nginx.org/pipermail/nginx-announce/2018/000221.html\",\n \"name\": \"http://mailman.nginx.org/pipermail/nginx-announce/2018/000221.html\",\n \"refsource\": \"MISC\",\n \"tags\": [\n \"Mailing List\",\n \"Patch\",\n \"Vendor Advisory\"\n ]\n },\n {\n \"url\": \"https://usn.ubuntu.com/3812-1/\",\n \"name\": \"USN-3812-1\",\n \"refsource\": \"UBUNTU\",\n \"tags\": [\n \"Patch\",\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"http://www.securitytracker.com/id/1042039\",\n \"name\": \"1042039\",\n \"refsource\": \"SECTRACK\",\n \"tags\": [\n \"Third Party Advisory\",\n \"VDB Entry\"\n ]\n },\n {\n \"url\": \"https://www.debian.org/security/2018/dsa-4335\",\n \"name\": \"DSA-4335\",\n \"refsource\": \"DEBIAN\",\n \"tags\": [\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"https://lists.debian.org/debian-lts-announce/2018/11/msg00010.html\",\n \"name\": \"[debian-lts-announce] 20181108 [SECURITY] [DLA 1572-1] nginx security update\",\n \"refsource\": \"MLIST\",\n \"tags\": [\n \"Mailing List\",\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"http://www.securityfocus.com/bid/105868\",\n \"name\": \"105868\",\n \"refsource\": \"BID\",\n \"tags\": [\n \"Third Party Advisory\",\n \"VDB Entry\"\n ]\n },\n {\n \"url\": \"https://access.redhat.com/errata/RHSA-2018:3653\",\n \"name\": \"RHSA-2018:3653\",\n \"refsource\": \"REDHAT\",\n \"tags\": [\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"https://access.redhat.com/errata/RHSA-2018:3652\",\n \"name\": \"RHSA-2018:3652\",\n \"refsource\": \"REDHAT\",\n \"tags\": [\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"https://access.redhat.com/errata/RHSA-2018:3681\",\n \"name\": \"RHSA-2018:3681\",\n \"refsource\": \"REDHAT\",\n \"tags\": [\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"https://access.redhat.com/errata/RHSA-2018:3680\",\n \"name\": \"RHSA-2018:3680\",\n \"refsource\": \"REDHAT\",\n \"tags\": [\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html\",\n \"name\": \"openSUSE-SU-2019:2120\",\n \"refsource\": \"SUSE\",\n \"tags\": [\n \"Mailing List\",\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"https://support.apple.com/kb/HT212818\",\n \"name\": \"https://support.apple.com/kb/HT212818\",\n \"refsource\": \"CONFIRM\",\n \"tags\": [\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"http://seclists.org/fulldisclosure/2021/Sep/36\",\n \"name\": \"20210921 APPLE-SA-2021-09-20-4 Xcode 13\",\n \"refsource\": \"FULLDISC\",\n \"tags\": [\n \"Mailing List\",\n \"Third Party Advisory\"\n ]\n }\n ]\n },\n \"description\": {\n \"description_data\": [\n {\n \"lang\": \"en\",\n \"value\": \"nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module.\"\n }\n ]\n }\n },\n \"configurations\": {\n \"CVE_data_version\": \"4.0\",\n \"nodes\": [\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": \"1.0.7\",\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": \"1.0.15\"\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": \"1.1.3\",\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": \"1.15.5\"\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": \"13.0\",\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n }\n ]\n },\n \"impact\": {\n \"baseMetricV3\": {\n \"cvssV3\": {\n \"version\": \"3.1\",\n \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H\",\n \"attackVector\": \"LOCAL\",\n \"attackComplexity\": \"LOW\",\n \"privilegesRequired\": \"NONE\",\n \"userInteraction\": \"REQUIRED\",\n \"scope\": \"UNCHANGED\",\n \"confidentialityImpact\": \"LOW\",\n \"integrityImpact\": \"NONE\",\n \"availabilityImpact\": \"HIGH\",\n \"baseScore\": 6.1,\n \"baseSeverity\": \"MEDIUM\"\n },\n \"exploitabilityScore\": 1.8,\n \"impactScore\": 4.2\n },\n \"baseMetricV2\": {\n \"cvssV2\": {\n \"version\": \"2.0\",\n \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:N/A:P\",\n \"accessVector\": \"NETWORK\",\n \"accessComplexity\": \"MEDIUM\",\n \"authentication\": \"NONE\",\n \"confidentialityImpact\": \"PARTIAL\",\n \"integrityImpact\": \"NONE\",\n \"availabilityImpact\": \"PARTIAL\",\n \"baseScore\": 5.8\n },\n \"severity\": \"MEDIUM\",\n \"exploitabilityScore\": 8,\n \"impactScore\": 4.9,\n \"acInsufInfo\": false,\n \"obtainAllPrivilege\": false,\n \"obtainUserPrivilege\": false,\n \"obtainOtherPrivilege\": false,\n \"userInteractionRequired\": true\n }\n },\n \"publishedDate\": \"2018-11-07T14:29:00.000+00:00\",\n \"lastModifiedDate\": \"2022-02-22T19:27:00.000+00:00\"\n }\n },\n {\n \"id\": \"CVE-2017-7529\",\n \"cveItem\": {\n \"cve\": {\n \"data_type\": \"CVE\",\n \"data_format\": \"MITRE\",\n \"data_version\": \"4.0\",\n \"CVE_data_meta\": {\n \"ID\": \"CVE-2017-7529\",\n \"ASSIGNER\": \"secalert@redhat.com\"\n },\n \"problemtype\": {\n \"problemtype_data\": [\n {\n \"description\": [\n {\n \"lang\": \"en\",\n \"value\": \"CWE-190\"\n }\n ]\n }\n ]\n },\n \"references\": {\n \"reference_data\": [\n {\n \"url\": \"http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html\",\n \"name\": \"[nginx-announce] 20170711 nginx security advisory (CVE-2017-7529)\",\n \"refsource\": \"MLIST\",\n \"tags\": [\n \"Vendor Advisory\"\n ]\n },\n {\n \"url\": \"http://www.securityfocus.com/bid/99534\",\n \"name\": \"99534\",\n \"refsource\": \"BID\",\n \"tags\": [\n \"Third Party Advisory\",\n \"VDB Entry\"\n ]\n },\n {\n \"url\": \"http://www.securitytracker.com/id/1039238\",\n \"name\": \"1039238\",\n \"refsource\": \"SECTRACK\",\n \"tags\": [\n \"Third Party Advisory\",\n \"VDB Entry\"\n ]\n },\n {\n \"url\": \"https://puppet.com/security/cve/cve-2017-7529\",\n \"name\": \"https://puppet.com/security/cve/cve-2017-7529\",\n \"refsource\": \"CONFIRM\",\n \"tags\": [\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"https://access.redhat.com/errata/RHSA-2017:2538\",\n \"name\": \"RHSA-2017:2538\",\n \"refsource\": \"REDHAT\",\n \"tags\": [\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"https://support.apple.com/kb/HT212818\",\n \"name\": \"https://support.apple.com/kb/HT212818\",\n \"refsource\": \"CONFIRM\",\n \"tags\": [\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"http://seclists.org/fulldisclosure/2021/Sep/36\",\n \"name\": \"20210921 APPLE-SA-2021-09-20-4 Xcode 13\",\n \"refsource\": \"FULLDISC\",\n \"tags\": [\n \"Mailing List\",\n \"Third Party Advisory\"\n ]\n }\n ]\n },\n \"description\": {\n \"description_data\": [\n {\n \"lang\": \"en\",\n \"value\": \"Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.\"\n }\n ]\n }\n },\n \"configurations\": {\n \"CVE_data_version\": \"4.0\",\n \"nodes\": [\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": \"0.5.6\",\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": \"1.12.1\"\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": \"1.13.0\",\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": \"1.13.2\"\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": \"2017.1.0\",\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": \"2017.1.1\"\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": \"2017.2.1\",\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": \"2017.2.3\"\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": \"2016.4.7\",\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": \"13.0\",\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n }\n ]\n },\n \"impact\": {\n \"baseMetricV3\": {\n \"cvssV3\": {\n \"version\": \"3.1\",\n \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\n \"attackVector\": \"NETWORK\",\n \"attackComplexity\": \"LOW\",\n \"privilegesRequired\": \"NONE\",\n \"userInteraction\": \"NONE\",\n \"scope\": \"UNCHANGED\",\n \"confidentialityImpact\": \"HIGH\",\n \"integrityImpact\": \"NONE\",\n \"availabilityImpact\": \"NONE\",\n \"baseScore\": 7.5,\n \"baseSeverity\": \"HIGH\"\n },\n \"exploitabilityScore\": 3.9,\n \"impactScore\": 3.6\n },\n \"baseMetricV2\": {\n \"cvssV2\": {\n \"version\": \"2.0\",\n \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\n \"accessVector\": \"NETWORK\",\n \"accessComplexity\": \"LOW\",\n \"authentication\": \"NONE\",\n \"confidentialityImpact\": \"PARTIAL\",\n \"integrityImpact\": \"NONE\",\n \"availabilityImpact\": \"NONE\",\n \"baseScore\": 5\n },\n \"severity\": \"MEDIUM\",\n \"exploitabilityScore\": 10,\n \"impactScore\": 2.9,\n \"acInsufInfo\": null,\n \"obtainAllPrivilege\": false,\n \"obtainUserPrivilege\": false,\n \"obtainOtherPrivilege\": false,\n \"userInteractionRequired\": false\n }\n },\n \"publishedDate\": \"2017-07-13T13:29:00.000+00:00\",\n \"lastModifiedDate\": \"2022-01-24T16:46:00.000+00:00\"\n }\n },\n {\n \"id\": \"CVE-2016-0747\",\n \"cveItem\": {\n \"cve\": {\n \"data_type\": \"CVE\",\n \"data_format\": \"MITRE\",\n \"data_version\": \"4.0\",\n \"CVE_data_meta\": {\n \"ID\": \"CVE-2016-0747\",\n \"ASSIGNER\": \"secalert@redhat.com\"\n },\n \"problemtype\": {\n \"problemtype_data\": [\n {\n \"description\": [\n {\n \"lang\": \"en\",\n \"value\": \"CWE-400\"\n }\n ]\n }\n ]\n },\n \"references\": {\n \"reference_data\": [\n {\n \"url\": \"http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html\",\n \"name\": \"openSUSE-SU-2016:0371\",\n \"refsource\": \"SUSE\",\n \"tags\": [\n \"Mailing List\",\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1302589\",\n \"name\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1302589\",\n \"refsource\": \"CONFIRM\",\n \"tags\": [\n \"Issue Tracking\",\n \"Patch\",\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"http://www.ubuntu.com/usn/USN-2892-1\",\n \"name\": \"USN-2892-1\",\n \"refsource\": \"UBUNTU\",\n \"tags\": [\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html\",\n \"name\": \"[nginx] 20160126 nginx security advisory (CVE-2016-0742, CVE-2016-0746, CVE-2016-0747)\",\n \"refsource\": \"MLIST\",\n \"tags\": [\n \"Vendor Advisory\"\n ]\n },\n {\n \"url\": \"http://www.debian.org/security/2016/dsa-3473\",\n \"name\": \"DSA-3473\",\n \"refsource\": \"DEBIAN\",\n \"tags\": [\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"https://bto.bluecoat.com/security-advisory/sa115\",\n \"name\": \"https://bto.bluecoat.com/security-advisory/sa115\",\n \"refsource\": \"CONFIRM\",\n \"tags\": [\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"http://www.securitytracker.com/id/1034869\",\n \"name\": \"1034869\",\n \"refsource\": \"SECTRACK\",\n \"tags\": [\n \"Third Party Advisory\",\n \"VDB Entry\"\n ]\n },\n {\n \"url\": \"https://security.gentoo.org/glsa/201606-06\",\n \"name\": \"GLSA-201606-06\",\n \"refsource\": \"GENTOO\",\n \"tags\": [\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"https://access.redhat.com/errata/RHSA-2016:1425\",\n \"name\": \"RHSA-2016:1425\",\n \"refsource\": \"REDHAT\",\n \"tags\": [\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"https://support.apple.com/kb/HT212818\",\n \"name\": \"https://support.apple.com/kb/HT212818\",\n \"refsource\": \"CONFIRM\",\n \"tags\": [\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"http://seclists.org/fulldisclosure/2021/Sep/36\",\n \"name\": \"20210921 APPLE-SA-2021-09-20-4 Xcode 13\",\n \"refsource\": \"FULLDISC\",\n \"tags\": [\n \"Mailing List\",\n \"Third Party Advisory\"\n ]\n }\n ]\n },\n \"description\": {\n \"description_data\": [\n {\n \"lang\": \"en\",\n \"value\": \"The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution.\"\n }\n ]\n }\n },\n \"configurations\": {\n \"CVE_data_version\": \"4.0\",\n \"nodes\": [\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": \"0.6.18\",\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": \"1.8.1\",\n \"versionEndIncluding\": null\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": \"1.9.0\",\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": \"1.9.10\",\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": \"13.0\",\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n }\n ]\n },\n \"impact\": {\n \"baseMetricV3\": {\n \"cvssV3\": {\n \"version\": \"3.1\",\n \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\n \"attackVector\": \"NETWORK\",\n \"attackComplexity\": \"LOW\",\n \"privilegesRequired\": \"NONE\",\n \"userInteraction\": \"NONE\",\n \"scope\": \"UNCHANGED\",\n \"confidentialityImpact\": \"NONE\",\n \"integrityImpact\": \"NONE\",\n \"availabilityImpact\": \"LOW\",\n \"baseScore\": 5.3,\n \"baseSeverity\": \"MEDIUM\"\n },\n \"exploitabilityScore\": 3.9,\n \"impactScore\": 1.4\n },\n \"baseMetricV2\": {\n \"cvssV2\": {\n \"version\": \"2.0\",\n \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\n \"accessVector\": \"NETWORK\",\n \"accessComplexity\": \"LOW\",\n \"authentication\": \"NONE\",\n \"confidentialityImpact\": \"NONE\",\n \"integrityImpact\": \"NONE\",\n \"availabilityImpact\": \"PARTIAL\",\n \"baseScore\": 5\n },\n \"severity\": \"MEDIUM\",\n \"exploitabilityScore\": 10,\n \"impactScore\": 2.9,\n \"acInsufInfo\": null,\n \"obtainAllPrivilege\": false,\n \"obtainUserPrivilege\": false,\n \"obtainOtherPrivilege\": false,\n \"userInteractionRequired\": null\n }\n },\n \"publishedDate\": \"2016-02-15T19:59:00.000+00:00\",\n \"lastModifiedDate\": \"2021-12-16T18:43:00.000+00:00\"\n }\n },\n {\n \"id\": \"CVE-2016-0746\",\n \"cveItem\": {\n \"cve\": {\n \"data_type\": \"CVE\",\n \"data_format\": \"MITRE\",\n \"data_version\": \"4.0\",\n \"CVE_data_meta\": {\n \"ID\": \"CVE-2016-0746\",\n \"ASSIGNER\": \"secalert@redhat.com\"\n },\n \"problemtype\": {\n \"problemtype_data\": [\n {\n \"description\": [\n {\n \"lang\": \"en\",\n \"value\": \"CWE-416\"\n }\n ]\n }\n ]\n },\n \"references\": {\n \"reference_data\": [\n {\n \"url\": \"http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html\",\n \"name\": \"openSUSE-SU-2016:0371\",\n \"refsource\": \"SUSE\",\n \"tags\": [\n \"Mailing List\",\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1302588\",\n \"name\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1302588\",\n \"refsource\": \"CONFIRM\",\n \"tags\": [\n \"Issue Tracking\",\n \"Patch\",\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"http://www.ubuntu.com/usn/USN-2892-1\",\n \"name\": \"USN-2892-1\",\n \"refsource\": \"UBUNTU\",\n \"tags\": [\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html\",\n \"name\": \"[nginx] 20160126 nginx security advisory (CVE-2016-0742, CVE-2016-0746, CVE-2016-0747)\",\n \"refsource\": \"MLIST\",\n \"tags\": [\n \"Vendor Advisory\"\n ]\n },\n {\n \"url\": \"http://www.debian.org/security/2016/dsa-3473\",\n \"name\": \"DSA-3473\",\n \"refsource\": \"DEBIAN\",\n \"tags\": [\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"https://bto.bluecoat.com/security-advisory/sa115\",\n \"name\": \"https://bto.bluecoat.com/security-advisory/sa115\",\n \"refsource\": \"CONFIRM\",\n \"tags\": [\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"http://www.securitytracker.com/id/1034869\",\n \"name\": \"1034869\",\n \"refsource\": \"SECTRACK\",\n \"tags\": [\n \"Third Party Advisory\",\n \"VDB Entry\"\n ]\n },\n {\n \"url\": \"https://security.gentoo.org/glsa/201606-06\",\n \"name\": \"GLSA-201606-06\",\n \"refsource\": \"GENTOO\",\n \"tags\": [\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"https://access.redhat.com/errata/RHSA-2016:1425\",\n \"name\": \"RHSA-2016:1425\",\n \"refsource\": \"REDHAT\",\n \"tags\": [\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"https://support.apple.com/kb/HT212818\",\n \"name\": \"https://support.apple.com/kb/HT212818\",\n \"refsource\": \"CONFIRM\",\n \"tags\": [\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"http://seclists.org/fulldisclosure/2021/Sep/36\",\n \"name\": \"20210921 APPLE-SA-2021-09-20-4 Xcode 13\",\n \"refsource\": \"FULLDISC\",\n \"tags\": [\n \"Mailing List\",\n \"Third Party Advisory\"\n ]\n }\n ]\n },\n \"description\": {\n \"description_data\": [\n {\n \"lang\": \"en\",\n \"value\": \"Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (worker process crash) or possibly have unspecified other impact via a crafted DNS response related to CNAME response processing.\"\n }\n ]\n }\n },\n \"configurations\": {\n \"CVE_data_version\": \"4.0\",\n \"nodes\": [\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": \"0.6.18\",\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": \"1.8.0\"\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": \"1.9.0\",\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": \"1.9.10\",\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": \"13.0\",\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n }\n ]\n },\n \"impact\": {\n \"baseMetricV3\": {\n \"cvssV3\": {\n \"version\": \"3.1\",\n \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\n \"attackVector\": \"NETWORK\",\n \"attackComplexity\": \"LOW\",\n \"privilegesRequired\": \"NONE\",\n \"userInteraction\": \"NONE\",\n \"scope\": \"UNCHANGED\",\n \"confidentialityImpact\": \"HIGH\",\n \"integrityImpact\": \"HIGH\",\n \"availabilityImpact\": \"HIGH\",\n \"baseScore\": 9.8,\n \"baseSeverity\": \"CRITICAL\"\n },\n \"exploitabilityScore\": 3.9,\n \"impactScore\": 5.9\n },\n \"baseMetricV2\": {\n \"cvssV2\": {\n \"version\": \"2.0\",\n \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\n \"accessVector\": \"NETWORK\",\n \"accessComplexity\": \"LOW\",\n \"authentication\": \"NONE\",\n \"confidentialityImpact\": \"PARTIAL\",\n \"integrityImpact\": \"PARTIAL\",\n \"availabilityImpact\": \"PARTIAL\",\n \"baseScore\": 7.5\n },\n \"severity\": \"HIGH\",\n \"exploitabilityScore\": 10,\n \"impactScore\": 6.4,\n \"acInsufInfo\": null,\n \"obtainAllPrivilege\": false,\n \"obtainUserPrivilege\": false,\n \"obtainOtherPrivilege\": false,\n \"userInteractionRequired\": false\n }\n },\n \"publishedDate\": \"2016-02-15T19:59:00.000+00:00\",\n \"lastModifiedDate\": \"2021-12-16T18:43:00.000+00:00\"\n }\n },\n {\n \"id\": \"CVE-2016-0742\",\n \"cveItem\": {\n \"cve\": {\n \"data_type\": \"CVE\",\n \"data_format\": \"MITRE\",\n \"data_version\": \"4.0\",\n \"CVE_data_meta\": {\n \"ID\": \"CVE-2016-0742\",\n \"ASSIGNER\": \"secalert@redhat.com\"\n },\n \"problemtype\": {\n \"problemtype_data\": [\n {\n \"description\": [\n {\n \"lang\": \"en\",\n \"value\": \"CWE-476\"\n }\n ]\n }\n ]\n },\n \"references\": {\n \"reference_data\": [\n {\n \"url\": \"http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html\",\n \"name\": \"openSUSE-SU-2016:0371\",\n \"refsource\": \"SUSE\",\n \"tags\": [\n \"Mailing List\",\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"http://www.ubuntu.com/usn/USN-2892-1\",\n \"name\": \"USN-2892-1\",\n \"refsource\": \"UBUNTU\",\n \"tags\": [\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1302587\",\n \"name\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1302587\",\n \"refsource\": \"CONFIRM\",\n \"tags\": [\n \"Issue Tracking\",\n \"Patch\",\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html\",\n \"name\": \"[nginx] 20160126 nginx security advisory (CVE-2016-0742, CVE-2016-0746, CVE-2016-0747)\",\n \"refsource\": \"MLIST\",\n \"tags\": [\n \"Vendor Advisory\"\n ]\n },\n {\n \"url\": \"http://www.debian.org/security/2016/dsa-3473\",\n \"name\": \"DSA-3473\",\n \"refsource\": \"DEBIAN\",\n \"tags\": [\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"https://bto.bluecoat.com/security-advisory/sa115\",\n \"name\": \"https://bto.bluecoat.com/security-advisory/sa115\",\n \"refsource\": \"CONFIRM\",\n \"tags\": [\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"http://www.securitytracker.com/id/1034869\",\n \"name\": \"1034869\",\n \"refsource\": \"SECTRACK\",\n \"tags\": [\n \"Third Party Advisory\",\n \"VDB Entry\"\n ]\n },\n {\n \"url\": \"https://security.gentoo.org/glsa/201606-06\",\n \"name\": \"GLSA-201606-06\",\n \"refsource\": \"GENTOO\",\n \"tags\": [\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"https://access.redhat.com/errata/RHSA-2016:1425\",\n \"name\": \"RHSA-2016:1425\",\n \"refsource\": \"REDHAT\",\n \"tags\": [\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"https://support.apple.com/kb/HT212818\",\n \"name\": \"https://support.apple.com/kb/HT212818\",\n \"refsource\": \"CONFIRM\",\n \"tags\": [\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"http://seclists.org/fulldisclosure/2021/Sep/36\",\n \"name\": \"20210921 APPLE-SA-2021-09-20-4 Xcode 13\",\n \"refsource\": \"FULLDISC\",\n \"tags\": [\n \"Mailing List\",\n \"Third Party Advisory\"\n ]\n }\n ]\n },\n \"description\": {\n \"description_data\": [\n {\n \"lang\": \"en\",\n \"value\": \"The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.\"\n }\n ]\n }\n },\n \"configurations\": {\n \"CVE_data_version\": \"4.0\",\n \"nodes\": [\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": \"0.6.18\",\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": \"1.8.1\",\n \"versionEndIncluding\": null\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": \"1.9.0\",\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": \"1.9.10\",\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": \"13.0\",\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n }\n ]\n },\n \"impact\": {\n \"baseMetricV3\": {\n \"cvssV3\": {\n \"version\": \"3.1\",\n \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\n \"attackVector\": \"NETWORK\",\n \"attackComplexity\": \"LOW\",\n \"privilegesRequired\": \"NONE\",\n \"userInteraction\": \"NONE\",\n \"scope\": \"UNCHANGED\",\n \"confidentialityImpact\": \"NONE\",\n \"integrityImpact\": \"NONE\",\n \"availabilityImpact\": \"HIGH\",\n \"baseScore\": 7.5,\n \"baseSeverity\": \"HIGH\"\n },\n \"exploitabilityScore\": 3.9,\n \"impactScore\": 3.6\n },\n \"baseMetricV2\": {\n \"cvssV2\": {\n \"version\": \"2.0\",\n \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\n \"accessVector\": \"NETWORK\",\n \"accessComplexity\": \"LOW\",\n \"authentication\": \"NONE\",\n \"confidentialityImpact\": \"NONE\",\n \"integrityImpact\": \"NONE\",\n \"availabilityImpact\": \"PARTIAL\",\n \"baseScore\": 5\n },\n \"severity\": \"MEDIUM\",\n \"exploitabilityScore\": 10,\n \"impactScore\": 2.9,\n \"acInsufInfo\": null,\n \"obtainAllPrivilege\": false,\n \"obtainUserPrivilege\": false,\n \"obtainOtherPrivilege\": false,\n \"userInteractionRequired\": null\n }\n },\n \"publishedDate\": \"2016-02-15T19:59:00.000+00:00\",\n \"lastModifiedDate\": \"2021-12-15T17:13:00.000+00:00\"\n }\n },\n {\n \"id\": \"CVE-2021-25742\",\n \"cveItem\": {\n \"cve\": {\n \"data_type\": \"CVE\",\n \"data_format\": \"MITRE\",\n \"data_version\": \"4.0\",\n \"CVE_data_meta\": {\n \"ID\": \"CVE-2021-25742\",\n \"ASSIGNER\": \"security@kubernetes.io\"\n },\n \"problemtype\": {\n \"problemtype_data\": [\n {\n \"description\": [\n {\n \"lang\": \"en\",\n \"value\": \"NVD-CWE-noinfo\"\n }\n ]\n }\n ]\n },\n \"references\": {\n \"reference_data\": [\n {\n \"url\": \"https://groups.google.com/g/kubernetes-security-announce/c/mT4JJxi9tQY\",\n \"name\": \"N/A\",\n \"refsource\": \"MLIST\",\n \"tags\": [\n \"Mailing List\",\n \"Mitigation\",\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"https://github.com/kubernetes/ingress-nginx/issues/7837\",\n \"name\": \"N/A\",\n \"refsource\": \"CONFIRM\",\n \"tags\": [\n \"Exploit\",\n \"Issue Tracking\",\n \"Mitigation\",\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"https://security.netapp.com/advisory/ntap-20211203-0001/\",\n \"name\": \"https://security.netapp.com/advisory/ntap-20211203-0001/\",\n \"refsource\": \"CONFIRM\",\n \"tags\": [\n \"Third Party Advisory\"\n ]\n }\n ]\n },\n \"description\": {\n \"description_data\": [\n {\n \"lang\": \"en\",\n \"value\": \"A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster.\"\n }\n ]\n }\n },\n \"configurations\": {\n \"CVE_data_version\": \"4.0\",\n \"nodes\": [\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:kubernetes:ingress-nginx:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": \"0.49.1\",\n \"versionEndIncluding\": null\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:kubernetes:ingress-nginx:1.0.0:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:netapp:trident:-:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n }\n ]\n },\n \"impact\": {\n \"baseMetricV3\": {\n \"cvssV3\": {\n \"version\": \"3.1\",\n \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N\",\n \"attackVector\": \"NETWORK\",\n \"attackComplexity\": \"LOW\",\n \"privilegesRequired\": \"LOW\",\n \"userInteraction\": \"NONE\",\n \"scope\": \"UNCHANGED\",\n \"confidentialityImpact\": \"HIGH\",\n \"integrityImpact\": \"LOW\",\n \"availabilityImpact\": \"NONE\",\n \"baseScore\": 7.1,\n \"baseSeverity\": \"HIGH\"\n },\n \"exploitabilityScore\": 2.8,\n \"impactScore\": 4.2\n },\n \"baseMetricV2\": {\n \"cvssV2\": {\n \"version\": \"2.0\",\n \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:P/A:N\",\n \"accessVector\": \"NETWORK\",\n \"accessComplexity\": \"LOW\",\n \"authentication\": \"SINGLE\",\n \"confidentialityImpact\": \"PARTIAL\",\n \"integrityImpact\": \"PARTIAL\",\n \"availabilityImpact\": \"NONE\",\n \"baseScore\": 5.5\n },\n \"severity\": \"MEDIUM\",\n \"exploitabilityScore\": 8,\n \"impactScore\": 4.9,\n \"acInsufInfo\": false,\n \"obtainAllPrivilege\": false,\n \"obtainUserPrivilege\": false,\n \"obtainOtherPrivilege\": false,\n \"userInteractionRequired\": false\n }\n },\n \"publishedDate\": \"2021-10-29T04:15:00.000+00:00\",\n \"lastModifiedDate\": \"2021-12-15T14:06:00.000+00:00\"\n }\n },\n {\n \"id\": \"CVE-2016-1247\",\n \"cveItem\": {\n \"cve\": {\n \"data_type\": \"CVE\",\n \"data_format\": \"MITRE\",\n \"data_version\": \"4.0\",\n \"CVE_data_meta\": {\n \"ID\": \"CVE-2016-1247\",\n \"ASSIGNER\": \"security@debian.org\"\n },\n \"problemtype\": {\n \"problemtype_data\": [\n {\n \"description\": [\n {\n \"lang\": \"en\",\n \"value\": \"CWE-59\"\n }\n ]\n }\n ]\n },\n \"references\": {\n \"reference_data\": [\n {\n \"url\": \"http://www.debian.org/security/2016/dsa-3701\",\n \"name\": \"DSA-3701\",\n \"refsource\": \"DEBIAN\",\n \"tags\": [\n \"Vendor Advisory\"\n ]\n },\n {\n \"url\": \"https://legalhackers.com/advisories/Nginx-Exploit-Deb-Root-PrivEsc-CVE-2016-1247.html\",\n \"name\": \"https://legalhackers.com/advisories/Nginx-Exploit-Deb-Root-PrivEsc-CVE-2016-1247.html\",\n \"refsource\": \"MISC\",\n \"tags\": [\n \"Exploit\",\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"http://www.securityfocus.com/bid/93903\",\n \"name\": \"93903\",\n \"refsource\": \"BID\",\n \"tags\": [\n \"Third Party Advisory\",\n \"VDB Entry\"\n ]\n },\n {\n \"url\": \"http://www.ubuntu.com/usn/USN-3114-1\",\n \"name\": \"USN-3114-1\",\n \"refsource\": \"UBUNTU\",\n \"tags\": [\n \"Vendor Advisory\"\n ]\n },\n {\n \"url\": \"https://www.exploit-db.com/exploits/40768/\",\n \"name\": \"40768\",\n \"refsource\": \"EXPLOIT-DB\",\n \"tags\": [\n \"Exploit\",\n \"Third Party Advisory\",\n \"VDB Entry\"\n ]\n },\n {\n \"url\": \"http://www.securitytracker.com/id/1037104\",\n \"name\": \"1037104\",\n \"refsource\": \"SECTRACK\",\n \"tags\": [\n \"Third Party Advisory\",\n \"VDB Entry\"\n ]\n },\n {\n \"url\": \"http://packetstormsecurity.com/files/139750/Nginx-Debian-Based-Distros-Root-Privilege-Escalation.html\",\n \"name\": \"http://packetstormsecurity.com/files/139750/Nginx-Debian-Based-Distros-Root-Privilege-Escalation.html\",\n \"refsource\": \"MISC\",\n \"tags\": [\n \"Exploit\",\n \"Third Party Advisory\",\n \"VDB Entry\"\n ]\n },\n {\n \"url\": \"http://seclists.org/fulldisclosure/2016/Nov/78\",\n \"name\": \"20161116 Nginx (Debian-based distros) - Root Privilege Escalation Vulnerability (CVE-2016-1247)\",\n \"refsource\": \"FULLDISC\",\n \"tags\": [\n \"Mailing List\",\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"https://security.gentoo.org/glsa/201701-22\",\n \"name\": \"GLSA-201701-22\",\n \"refsource\": \"GENTOO\",\n \"tags\": [\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"http://seclists.org/fulldisclosure/2017/Jan/33\",\n \"name\": \"20170113 Nginx (Debian-based + Gentoo distros) - Root Privilege Escalation [CVE-2016-1247 UPDATE]\",\n \"refsource\": \"FULLDISC\",\n \"tags\": [\n \"Mailing List\",\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"https://www.youtube.com/watch?v=aTswN1k1fQs\",\n \"name\": \"https://www.youtube.com/watch?v=aTswN1k1fQs\",\n \"refsource\": \"MISC\",\n \"tags\": [\n \"Exploit\",\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"http://www.securityfocus.com/archive/1/539796/100/0/threaded\",\n \"name\": \"20161121 Nginx (Debian-based distros) - Root Privilege Escalation (CVE-2016-1247)\",\n \"refsource\": \"BUGTRAQ\",\n \"tags\": [\n \"Third Party Advisory\",\n \"VDB Entry\"\n ]\n },\n {\n \"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3WOO7E5R2HT5XVOIOFPEFALILVOWZUF/\",\n \"name\": \"FEDORA-2021-10c1cd4cba\",\n \"refsource\": \"FEDORA\",\n \"tags\": [\n \"Mailing List\",\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ESTIADC7BDB6VTH4JAP6C6OCW2CQ4NHP/\",\n \"name\": \"FEDORA-2021-1556d440ba\",\n \"refsource\": \"FEDORA\",\n \"tags\": [\n \"Mailing List\",\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CBIZEKHBOCKO7FUMCO4X53ENMWU5OYFX/\",\n \"name\": \"FEDORA-2021-3aa9ac7fd1\",\n \"refsource\": \"FEDORA\",\n \"tags\": [\n \"Mailing List\",\n \"Third Party Advisory\"\n ]\n }\n ]\n },\n \"description\": {\n \"description_data\": [\n {\n \"lang\": \"en\",\n \"value\": \"The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx packages before 1.4.6-1ubuntu3.6 on Ubuntu 14.04 LTS, before 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS, and before 1.10.1-0ubuntu1.1 on Ubuntu 16.10, and the nginx ebuild before 1.10.2-r3 on Gentoo allow local users with access to the web server user account to gain root privileges via a symlink attack on the error log.\"\n }\n ]\n }\n },\n \"configurations\": {\n \"CVE_data_version\": \"4.0\",\n \"nodes\": [\n {\n \"operator\": \"AND\",\n \"cpe_match\": [],\n \"children\": [\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": \"1.10.1\"\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": false,\n \"cpe23Uri\": \"cpe:2.3:o:canonical:ubuntu_linux:16.10:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n }\n ]\n },\n {\n \"operator\": \"AND\",\n \"cpe_match\": [],\n \"children\": [\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": \"1.10.0\"\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": false,\n \"cpe23Uri\": \"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n }\n ]\n },\n {\n \"operator\": \"AND\",\n \"cpe_match\": [],\n \"children\": [\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": \"1.6.2\"\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": false,\n \"cpe23Uri\": \"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n }\n ]\n },\n {\n \"operator\": \"AND\",\n \"cpe_match\": [],\n \"children\": [\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": \"1.4.3\"\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": false,\n \"cpe23Uri\": \"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n }\n ]\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n }\n ]\n },\n \"impact\": {\n \"baseMetricV3\": {\n \"cvssV3\": {\n \"version\": \"3.1\",\n \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\n \"attackVector\": \"LOCAL\",\n \"attackComplexity\": \"LOW\",\n \"privilegesRequired\": \"LOW\",\n \"userInteraction\": \"NONE\",\n \"scope\": \"UNCHANGED\",\n \"confidentialityImpact\": \"HIGH\",\n \"integrityImpact\": \"HIGH\",\n \"availabilityImpact\": \"HIGH\",\n \"baseScore\": 7.8,\n \"baseSeverity\": \"HIGH\"\n },\n \"exploitabilityScore\": 1.8,\n \"impactScore\": 5.9\n },\n \"baseMetricV2\": {\n \"cvssV2\": {\n \"version\": \"2.0\",\n \"vectorString\": \"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\n \"accessVector\": \"LOCAL\",\n \"accessComplexity\": \"LOW\",\n \"authentication\": \"NONE\",\n \"confidentialityImpact\": \"COMPLETE\",\n \"integrityImpact\": \"COMPLETE\",\n \"availabilityImpact\": \"COMPLETE\",\n \"baseScore\": 7.2\n },\n \"severity\": \"HIGH\",\n \"exploitabilityScore\": 3,\n \"impactScore\": 10,\n \"acInsufInfo\": false,\n \"obtainAllPrivilege\": false,\n \"obtainUserPrivilege\": false,\n \"obtainOtherPrivilege\": false,\n \"userInteractionRequired\": false\n }\n },\n \"publishedDate\": \"2016-11-29T17:59:00.000+00:00\",\n \"lastModifiedDate\": \"2021-12-14T21:04:00.000+00:00\"\n }\n },\n {\n \"id\": \"CVE-2016-4450\",\n \"cveItem\": {\n \"cve\": {\n \"data_type\": \"CVE\",\n \"data_format\": \"MITRE\",\n \"data_version\": \"4.0\",\n \"CVE_data_meta\": {\n \"ID\": \"CVE-2016-4450\",\n \"ASSIGNER\": \"secalert@redhat.com\"\n },\n \"problemtype\": {\n \"problemtype_data\": [\n {\n \"description\": [\n {\n \"lang\": \"en\",\n \"value\": \"CWE-476\"\n }\n ]\n }\n ]\n },\n \"references\": {\n \"reference_data\": [\n {\n \"url\": \"http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html\",\n \"name\": \"[nginx-announce] 20160531 nginx security advisory (CVE-2016-4450)\",\n \"refsource\": \"MLIST\",\n \"tags\": [\n \"Vendor Advisory\"\n ]\n },\n {\n \"url\": \"http://www.ubuntu.com/usn/USN-2991-1\",\n \"name\": \"USN-2991-1\",\n \"refsource\": \"UBUNTU\",\n \"tags\": [\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"http://www.debian.org/security/2016/dsa-3592\",\n \"name\": \"DSA-3592\",\n \"refsource\": \"DEBIAN\",\n \"tags\": [\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"http://www.securitytracker.com/id/1036019\",\n \"name\": \"1036019\",\n \"refsource\": \"SECTRACK\",\n \"tags\": [\n \"Third Party Advisory\",\n \"VDB Entry\"\n ]\n },\n {\n \"url\": \"http://www.securityfocus.com/bid/90967\",\n \"name\": \"90967\",\n \"refsource\": \"BID\",\n \"tags\": [\n \"Third Party Advisory\",\n \"VDB Entry\"\n ]\n },\n {\n \"url\": \"https://security.gentoo.org/glsa/201606-06\",\n \"name\": \"GLSA-201606-06\",\n \"refsource\": \"GENTOO\",\n \"tags\": [\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"https://access.redhat.com/errata/RHSA-2016:1425\",\n \"name\": \"RHSA-2016:1425\",\n \"refsource\": \"REDHAT\",\n \"tags\": [\n \"Third Party Advisory\"\n ]\n }\n ]\n },\n \"description\": {\n \"description_data\": [\n {\n \"lang\": \"en\",\n \"value\": \"os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary file.\"\n }\n ]\n }\n },\n \"configurations\": {\n \"CVE_data_version\": \"4.0\",\n \"nodes\": [\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": \"1.3.9\",\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": \"1.10.1\",\n \"versionEndIncluding\": null\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:f5:nginx:1.11.0:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n },\n {\n \"operator\": \"OR\",\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": null,\n \"versionStartExcluding\": null,\n \"versionEndExcluding\": null,\n \"versionEndIncluding\": null\n }\n ],\n \"children\": []\n }\n ]\n },\n \"impact\": {\n \"baseMetricV3\": {\n \"cvssV3\": {\n \"version\": \"3.1\",\n \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\n \"attackVector\": \"NETWORK\",\n \"attackComplexity\": \"LOW\",\n \"privilegesRequired\": \"NONE\",\n \"userInteraction\": \"NONE\",\n \"scope\": \"UNCHANGED\",\n \"confidentialityImpact\": \"NONE\",\n \"integrityImpact\": \"NONE\",\n \"availabilityImpact\": \"HIGH\",\n \"baseScore\": 7.5,\n \"baseSeverity\": \"HIGH\"\n },\n \"exploitabilityScore\": 3.9,\n \"impactScore\": 3.6\n },\n \"baseMetricV2\": {\n \"cvssV2\": {\n \"version\": \"2.0\",\n \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\n \"accessVector\": \"NETWORK\",\n \"accessComplexity\": \"LOW\",\n \"authentication\": \"NONE\",\n \"confidentialityImpact\": \"NONE\",\n \"integrityImpact\": \"NONE\",\n \"availabilityImpact\": \"PARTIAL\",\n \"baseScore\": 5\n },\n \"severity\": \"MEDIUM\",\n \"exploitabilityScore\": 10,\n \"impactScore\": 2.9,\n \"acInsufInfo\": null,\n \"obtainAllPrivilege\": false,\n \"obtainUserPrivilege\": false,\n \"obtainOtherPrivilege\": false,\n \"userInteractionRequired\": false\n }\n },\n \"publishedDate\": \"2016-06-07T14:06:00.000+00:00\",\n \"lastModifiedDate\": \"2021-11-10T16:00:00.000+00:00\"\n }\n }\n]"}],"_postman_id":"764a3126-e6d9-4fd5-8b39-a1b5d5688f29"}],"id":"ee98d4fa-a53a-477b-a047-7b3c8df354f4","_postman_id":"ee98d4fa-a53a-477b-a047-7b3c8df354f4","description":""},{"name":"dataleaks","item":[{"name":"Dataleaks","id":"2615e47d-6b22-40db-8978-54eb57a7d6b5","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[{"key":"Content-Type","value":"application/json"},{"key":"X-Consumer-Id","value":"{{X-Consumer-Id}}"},{"key":"X-Consumer-Key","value":"{{X-Consumer-Key}}","type":"text"}],"body":{"mode":"raw","raw":"{\n \"domains\": [\n ],\n \"emails\": [\n \"dummy@advantio.com\"\n ],\n \"dateFrom\": null,\n \"dateTo\": null\n}"},"url":"{{url}}/private/dataleaks","description":"This method allows query DW repositories using either domain names or email addresses. Please note the method won't accept both categories as input.
\nAdditionally, date ranges can be used by using the following timestamp format:
\n\"2018-07-23T00:00:00\".
\nIf ranges are used, data leaks results will be limited to the ranges provided.
\n","urlObject":{"path":["private","dataleaks"],"host":["{{url}}"],"query":[],"variable":[]}},"response":[{"id":"a4ebad82-59fb-4fb8-bdd8-fb768c834579","name":"Dataleaks","originalRequest":{"method":"POST","header":[{"key":"Content-Type","value":"application/json"},{"key":"X-Consumer-Id","value":"{{X-Consumer-Id}}"},{"key":"X-Consumer-Key","value":"{{X-Consumer-Key}}","type":"text"}],"body":{"mode":"raw","raw":"{\n \"domains\": [\n \"advantio.com\"\n ],\n \"emails\": [\n ],\n \"dateFrom\": null,\n \"dateTo\": null\n}"},"url":"{{url}}/private/dataleaks"},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"Content-Type","value":"application/json"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Connection","value":"keep-alive"},{"key":"Date","value":"Wed, 28 Sep 2022 08:00:26 GMT"},{"key":"X-Cache","value":"Miss from cloudfront"},{"key":"Via","value":"1.1 fbbaf051f1b6e237fbee09c998e075cc.cloudfront.net (CloudFront)"},{"key":"X-Amz-Cf-Pop","value":"MXP64-P1"},{"key":"Alt-Svc","value":"h3=\":443\"; ma=86400"},{"key":"X-Amz-Cf-Id","value":"2Tfupvmsh7RLgaJGpxOHWtDJz5VMDWkt3mBccYjbj8sTzxvg0eAO7Q=="}],"cookie":[],"responseTime":null,"body":"[\n {\n \"total\": 7,\n \"groups\": [\n {\n \"leak\": \"apollo\",\n \"count\": 44,\n \"breachDate\": \"2018-07-23T00:00:00\"\n },\n {\n \"leak\": \"b2busabusinesses\",\n \"count\": 1,\n \"breachDate\": \"2017-07-18T00:00:00\"\n },\n {\n \"leak\": \"canva\",\n \"count\": 1,\n \"breachDate\": \"2019-05-24T00:00:00\"\n },\n {\n \"leak\": \"cit0day\",\n \"count\": 1,\n \"breachDate\": \"2020-11-04T00:00:00\"\n },\n {\n \"leak\": \"linkedinscrape\",\n \"count\": 26,\n \"breachDate\": \"2021-04-08T00:00:00\"\n },\n {\n \"leak\": \"nitro\",\n \"count\": 2,\n \"breachDate\": \"2020-09-28T00:00:00\"\n },\n {\n \"leak\": \"pdl\",\n \"count\": 24,\n \"breachDate\": \"2019-10-16T00:00:00\"\n }\n ],\n \"query\": \"advantio.com\"\n }\n]"}],"_postman_id":"2615e47d-6b22-40db-8978-54eb57a7d6b5"}],"id":"25c9a881-7104-481d-94d3-eabdce5161e4","_postman_id":"25c9a881-7104-481d-94d3-eabdce5161e4","description":""},{"name":"ping","id":"8a3e3ab3-904c-46bb-a3ca-004999c27afc","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[{"key":"Content-Type","value":"application/json"}],"url":"{{url}}/public/ping","description":"A non authenticated method that can be used to verify the health of the service.
\n","urlObject":{"path":["public","ping"],"host":["{{url}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"8a3e3ab3-904c-46bb-a3ca-004999c27afc"}],"id":"c814020c-9c0e-49bb-83e0-a5736b9e7876","description":"A collection of all methods available for public usage as exposed by the Cyber Security Rating System.
Methods require ownership of consumers API Keys for stateless authentication.