Skybox Security Intelligence Feed

Skybox Intelligence Feed Description and SLA

Description and SLA

March 2018

Skybox Intelligence Feed Description and SLA

About the Skybox intelligence feed The Skybox™ Security intelligence feed currently contains more than 70,000 vulnerabilities. The intelligence feed is a result of information collected from leading public and private security data sources, and is built as a superset of vulnerabilities. As a state-of-the-art vulnerability data service, it is CVE-compliant and implements CVSS v3 standards.

How it Works Skybox Security has assembled a dedicated team focused on threat intelligence and vulnerability research. The Skybox™ Research Lab continuously tracks multiple data sources to detect new alerts as well as changes in already reported alerts (e.g., report on new exploits). The Lab uses a vast set of automated tools to collect and consolidate information, as well as human analysis and detailed modeling to ensure accuracy. Such work also ensures the information required for the analytical engines of Skybox products is complete.

Data Sources The Skybox intelligence feed is a result of information correlated from dozens of leading public and private security feeds and hundreds of independent researchers. In addition, our analysis extends into the dark web, allowing us to tag vulnerabilities with up-to-date exploitability information including the specific vulnerabilities being used in malware and exploit kits. The intelligence feed fully supports vulnerabilities published by the advisories and scanners covered in this document. We also include references to IPS signatures and other sources by cross-referencing with a CVE ID.

Skybox Intelligence Feed Description and SLA

Data sources in use are:

THREAT OTHER ADVISORIES SCANNERS IPS INTELLIGENCE SOURCES

BeyondTrust CERT, Adobe AlienVault OTX** Cisco Sourcefire Retina* ICS-CERT**

McAfee Fortinet Flexera Apple Exploit-DB Foundstone FortiGuard Secunia**

Qualys Cloud IBM X-Force Cisco PSIRT HP TippingPoint Mitre CVE Platform Exchange**

Microsoft Rapid7 Nexpose Symantec A-Z** McAfee IPS NIST's NVD

Palo Alto Rapid7 Oracle Tenable Nessus Networks Metasploit**

Symantec Red Hat Tripwire IP360 SecurityFocus

Zero-day vulnerabilities Siemens for published incidents** *Scanners supported as cross-references with CVE ID **Supplementary information only, no cross reference support

Merging from Multiple Sources The Skybox intelligence feed contains a superset of vulnerabilities from all the supported sources. The intelligence feed is CVE compliant, and the CVE number is used to cross-reference between the various sources. In addition, the intelligence feed contains vulnerabilities from various other data sources, even if those sources do not have a CVE reference. This approach allows an organization to consolidate information from multiple scanners or management/patch systems to the Skybox platform, creating a single, normalized view of vulnerabiilities. Once imported into Skybox, this view yields a comprehensive risk matrix analytics.

Vulnerability Information The Skybox intelligence feed is a central repository for all relevant information about vulnerabilities. The following information is available for every vulnerability:

Skybox Intelligence Feed Description and SLA

• A textual description of the vulnerability • Vulnerability IDs from all available sources, including CVE (if it exists) • Affected products and affected versions, including framework dependencies • Published solutions, remediation and workaround information, including a reference to the official solution in the advisory (patch ID or fixed version) • Severity vectors (CVSS v3 compliant) • Vulnerability effect and attack precondition • Exploit difficulty and authentication requirements • References to public sources, for additional information • Exploitability level

Skybox Intelligence Feed Description and SLA

Example SBV-51308:

INFORMATION EXAMPLE

VULNERABILITY Oracle Java SE remote information disclosure vulnerability in JCE component DESCRIPTION

Oracle JRE and JDK:

AFFECTED 7 SE - 7 SE update 80 PRODUCTS 8 SE - 8 SE update 45 7 SE embedded - 7 SE embedded update 75 8 SE embedded - 8 SE embedded update 33

java-1.8.0-oracle-1.8.0.51-1jpp.2.el6_6.i686.rpm java-1.8.0-oracle-devel-1.8.0.51-1jpp.2.el6_6.i686.rpm

AFFECTED java-1.8.0-oracle-javafx-1.8.0.51-1jpp.2.el6_6.i686.rpm PACKAGES java-1.8.0-oracle-jdbc-1.8.0.51-1jpp.2.el6_6.i686.rpm (FOR LINUX) java-1.8.0-oracle-plugin-1.8.0.51-1jpp.2.el6_6.i686.rpm java-1.8.0-oracle-src-1.8.0.51-1jpp.2.el6_6.i686.rpm …

Oracle has released a patch to address this issue in Oracle JRE. For more PUBLISHED information, please visit the advisory page: SOLUTIONS http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

CVSS score: 5.0 SEVERITY VECTORS AV:N/AC:L/Au:N/C:P/I:N/A:N E:U/RL:OF/RC:C

CVE-2015-2613 Oracle ID: cpujul2015-2367936 Foundstone IDs: 140865, 140870, 18671 … Qualys IDs: 123729, 123730 EXTERNAL SOURCES Rapid7 IDs: jre-vuln-cve-2015-2613 … nCircle IDs: 214431, 214456, 214741 … Retina IDs: 47766, 47767, 47768, 47769 … Nessus IDs: 84871, 84872, 85001, 85002…

EFFECT AND Effect: Leakage PRECONDITION Precondition access: Remote

EXPLOIT Authentication required: none DIFFICULTY AND AUTHENTICATION No exploit code was published

Skybox Intelligence Feed Description and SLA

INFORMATION EXAMPLE

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2613 http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html URLS http://www.securityfocus.com/bid/75871 …

EXPLOITABILITY No Exploit

Exploits Exploitability data regarding vulnerabilities and malware is an important aspect of vulnerability prioritization. In addition to the exploitation information available from the CVSS temporal vector, exploited vulnerabilities in the intelligence feed also include exploitability level and information about which malware or exploit kit can attack them. • Vulnerabilities with a proof-of-concept exploit: a sample exploit code is available in open or closed forums • Vulnerabilities exploited in the wild: in targeted or distributed attack, related or not to a specific malware or exploit kit

Products The Skybox intelligence feed contains vulnerabilities published by the supported sources. These vulnerabilities are associated with more than 8,000 products. The vulnerabilities are added to the intelligence feed according to the affected product’s priority. P1 is a list of critical or common products, P2 holds a larger group of enterprise-grade products, and P3 holds the long tail of other products. P1 products (see Appendix A – P1 Product List) include the most important products of the following vendors/types: • Operating systems: Microsoft Windows, RedHat Linux, VMWare, Citrix, Mac OS X and Unix • Network devices: routers, switches, firewalls and load balancers of the following vendors: Cisco, Check Point, Juniper Networks, Big-IP and Juniper • Databases: Oracle Database, Microsoft SQL Server and Oracle MySQL • Web servers, application servers, mail servers and DNS servers • Real-time running frameworks: Oracle Java, Microsoft .NET and PHP • Antiviruses: McAfee and Symantec • Popular workstation apps: web browsers, Microsoft Office, Adobe Flash Player, Adobe Reader and Microsoft Lync • Other popular enterprise-level software: SAP products, Samba, Splunk

Skybox Intelligence Feed Description and SLA

P2 products (see Appendix B – P2 Product List) include additional common enterprise products from the following vendors: Apache, Cisco, CA, Elasticsearch, EMC, HP, IBM, Oracle, Pivotal, TIBCO and VMWare. Please note that the lists are updated from time to time, to meet our customers’ needs.

The Skybox Intelligence Feed SLA The intelligence feed is released by 11 a.m. Eastern Standard Time each day. The Skybox Server can be configured to automatically update the data service from the internet on a scheduled basis. The intelligence feed is released with vulnerability updates according to the following policy: 1. Vulnerabilities affecting P1 products: published within one business day from public disclosure of vulnerabilities by the supported vendors or NVD 2. Vulnerabilities affecting P2 products: published within seven days from public disclosure by NVD 3. Vulnerabilities affecting P3 products: published gradually, after disclosure by NVD 4. Exploitability: Published daily, to include proof-of-concept exploits and vulnerabilities exploited in the wild and popular malware, within three days from public disclosure by the supported data sources

Skybox Vulnerability Center Skybox™ Vulnerability Center is a public website presenting our vulnerability information, including basic search options and a notification service. The Vulnerability Center includes the same vulnerabilities as our intelligence feed, although less information is available per vulnerability. The Vulnerability Center is updated after the intelligence feed is released, and its information is included in the vulnerability service.

Skybox Intelligence Feed Description and SLA

Appendix A – P1 Products List

VENDOR PRODUCT

Acrobat AIR Adobe Flash Player Reader Shockwave Player

Apache Apache Software Foundation Struts Tomcat

iOS Apple iTunes MacOS X

Blue Coat Systems ProxySG

Gaia OS Check Point Software Security Gateway VPN-1

ASA Cisco IOS PIX

Citrix XenServer

F5 BigIP

FreeBSD FreeBSD

GNU GnuTLS

Google Chrome

HP HP-UX

AIX HTTP Server IBM Lotus Domino WebSphere Application Server

ISC BIND

Skybox Intelligence Feed Description and SLA

VENDOR PRODUCT

JUNOS Juniper Networks ScreenOS

Linux Linux Kernel

McAfee VirusScan Enterprise

.NET Framework Active Directory Edge Excel Exchange Server IIS Internet Explorer Lync Server Office Outlook PowerPoint SQL Server Microsoft Windows 10 Windows 7 Windows 8 Windows Server 2003 Windows Server 2003 R2 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Server 2016 Windows Vista Word XML Core Services

Mozilla Firefox

OpenBSD OpenSSH

OpenLDAP OpenLDAP

OpenSSL OpenSSL

Skybox Intelligence Feed Description and SLA

VENDOR PRODUCT

JRE MySQL Oracle Application Server Oracle Database Oracle Oracle E-Business Suite (Oracle Applications) Oracle HTTP Server Server JRE Solaris

Palo Alto Networks PAN-OS

PHP PHP

RealVNC RealVNC VNC Server

Enterprise Linux Enterprise Linux Server Enterprise Linux Server AUS Enterprise Linux Virtualization Enterprise Linux Workstation RedHat Enterprise Virtualization (RHEV) JBoss Enterprise Application Platform JBoss Enterprise Web Server Network Satellite Server Red Hat Virtualization Host Red Hat Virtualization Manager

Samba Samba

Skype Technologies Skype

Splunk Splunk

Java System Application Server Sun SunOS

Sybase Adaptive Server Enterprise

Skybox Intelligence Feed Description and SLA

VENDOR PRODUCT

Endpoint Protection Symantec Endpoint Protection Manager Norton Antivirus Enterprise Message Service TIBCO Rendezvous

NSX-V VMWare VMware ESX Server VMware ESXi Server

XenProject Xen

Skybox Intelligence Feed Description and SLA

Appendix B – P2 Products List

VENDOR PRODUCT

7-Zip 7-Zip

ABBYY Recognition Server

Flash Media Server Adobe LiveCycle

Ajv Ajv

Ansible Ansible

ProxySG Cordova Apache PDFBox

ActiveMQ APR Axis Axis2 Apache Software Foundation Cassandra Commons Collections Hadoop Log4j

Apple CUPS

AppSense Management Suite

Aprelium Technologies Abyss Web Server

Arcserve Arcserve RHA

ArcSight SmartConnector

Arista EOS

Skybox Intelligence Feed Description and SLA

VENDOR PRODUCT

CXP Developer Aspect CXP Server Unified IP

Confluence Atlassian JIRA

9600 Series IP Deskphones Aura Application Enablement Services Aura Experience Portal Call Management System (CMS) Avaya Communication Manager (CM) IP hard phones IP Soft Phone Proactive Contact

Axway SecureTransport

BeyondTrust PowerBroker

Atrium CMDB BMC Software BMC Patrol Performance Assurance

bTrade TDCommunity Manager

Business Objects Crystal Reports

CA Technologies CA Directory

imageRUNNER Canon iR Printer

CentOS CentOS

Skybox Intelligence Feed Description and SLA

VENDOR PRODUCT

Endpoint Security Check Point Software FireWall-1 Pointsec PC

500 Series Content Engines 7300 Series Content Engines AnyConnect VPN Client AnyRes Live Cache Engine/Content Engine CAT OS Catalyst Integrated Management Controller Intelligent Contact Management Enterprise IOS-XR IP Communicator Jabber for iPhone and iPad Jabber for Windows License Manager MDS Cisco MDS 9000 Series NAC Guest Server NetFlow Collection Engine Nexus NX-OS Prime Infrastructure Prime License Manager Sourcefire 3D System TelePresence C Series TelePresence Conductor Telepresence Integrator C Series TelePresence Multipoint Switch (CTMS) TelePresence Server TelePresence Supervisor MSE TelePresence System TelePresence TC Software

Skybox Intelligence Feed Description and SLA

TelePresence Video Communication Server Unified Communications Manager (CUCM) Unified Customer Voice Portal (CVP) Unified IP Phone Unified Presence Server (CUPS) Unity Connection WebEx Extension Webex Meetings Player Webex Network Recording Player WebEx Productivity Tools Wireless LAN Controller

Citibank Citi Mobile

Director ICA Client for Linux NetScaler NetScaler Gateway Citrix Presentation Server Provisioning Services XenApp XenDesktop

CloudBees Jenkins

CDH Cloudera Manager

CollabNet Subversion

BrightStor ARCServe Backup Computer Associates SiteMinder Policy Server SiteMinder Web Agent

CyberArk Privileged Account Security Solution

Cyrus SASL

Skybox Intelligence Feed Description and SLA

VENDOR PRODUCT

DB Networks DBN-6300

Debian Linux

DataFort FC-Series Decru DataFort S-Series

Dell Inc. Wyse

Dropbear SSH Server

Drupal Drupal

Elasticsearch Kibana Elasticsearch Logstash Logstash Forwarder

Avamar Virtual Edition (AVE) Celerra CLARiiON Dart Data Domain OS Data Protection Advisor Documentum D2 Legato Networker Networker PowerPath Replication Manager RSA Adaptive Authentication EMC RSA Archer GRC RSA Security Analytics RSA Web Threat Detection ScaleIO Secure Remote Support Unisphere Unisphere for VMAX ViPR SRM VMAX VNX VNX2 XtremIO

Skybox Intelligence Feed Description and SLA

VENDOR PRODUCT

Authority GSS-API Toolkit for C Entrust Entelligence Security Provider Entrust Authority Security Manager

Erlang Run-Time System Application (ERTS)

ArcGIS ArcMap ESRI ArcGIS for Desktop ArcGIS Pro

Ethan Galstad Nagios

FICO Debt Manager

Flexera Software AdminStudio

Fluke Networks Netflow Tracker

FortiClient FortiNet FortiDB

Fuji Xerox Printing Systems

Galera Cluster Galera Cluster for MySQL

Ganglia Ganglia

SafeNet Luna SA SafeNet ProtectServer Gemalto SafeWord SafeWord PremierAccess

Conversation Manager Genesys Customer Interaction Management

GIT GIT

Skybox Intelligence Feed Description and SLA

VENDOR PRODUCT

GitHub Git LFS

GNU Bash

Golang Go

Good Good for Enterprise

Good Access for Android Good Access for iOS GoodTech Systems Good Dynamics Good Mobile Messaging server for Exchange

Google Nexus

GraphicsMagick GraphicsMagick

H2O H2O

HAProxy HAProxy

Hitachi Command Suite

Arcsight Connector Appliance ArcSight ESM ArcSight Management Center Asset Manager BladeSystem c-Class Virtual Connect (VC) Connect IT Database and Middleware Automation DDMI Device Connect HP / HPE / Micro Focus Integrated Lights-Out (iLO) JetAdmin JetAdvantage Management Connector JetAdvantage Security Manager Network Automation OpenView Storage Data Protector Performance Center ProLiant Server Version Control Agent WebInspect

Skybox Intelligence Feed Description and SLA

VENDOR PRODUCT

Advanced Developer Portal AppScan Source for Analysis BigFix Inventory BigFix Platform Cognos Analytics Cognos Business Intelligence Server Cognos Enterprise Cognos PowerPlay Enterprise Server Connect Direct Content Manager OnDemand DataStage DB2 DB2 Universal Database Director Agent General Parallel File System (GPFS) GPFS Storage Server HACMP HMC Hyper-Scale Manager i5/OS IBM I ILOG CPLEX Optimization Studio IBM Informix InfoSphere Data Architect InfoSphere Master Data Management Java Lotus Notes MVS Platform Symphony Rational AppScan Standard Rational Team Concert Security AppScan Enterprise Security AppScan Source Security Guardium Security Guardium Database Activity Monitor SolidDB Spectrum Accelerate Spectrum Control Sterling B2B Integrator Sterling Connect:Direct Tealeaf Customer Experience Tivoli Application Dependency Discovery Manager Tivoli Asset Discovery for Distributed

Skybox Intelligence Feed Description and SLA

Tivoli Directory Server Tivoli Monitoring Tivoli Netcool Impact Tivoli Netcool/OMNIbus Tivoli Provisioning Manager Tivoli Storage Manager TS3100 Tape Library Virtual I/O Server WebSphere DataPower WebSphere Host On-Demand WebSphere Message Broker WebSphere MQ WebSphere Portal Server Websphere Process Server z/OS

Igor Sysoev nginx

GraphicsMagick ImageMagick ImageMagick

Index Engines Unified Discovery Platform

Intel Graphics Driver

Alliance MX System Center MAX Enterprise Server IPC Nexus TCS Web Services Unigy

JasPer JasPer

Jetty Jetty

Jfrog Artifactory

jQuery jQuery

Skybox Intelligence Feed Description and SLA

VENDOR PRODUCT

Infranet Controller 4000 NetScreen Juniper Networks Secure Services Gateway SRX Series

Larry Wall Perl

Lexmark CX725 Series

LibTiff LibTiff

Lucent Technologies QIP Enterprise

MariaDB MariaDB

Agent Agent for Mac Anti-Malware Scan Engine for Mac Content Scanning Engine Data Exchange Layer ePolicy Orchestrator McAfee Global Threat Intelligence Enterprise GroupShield for Microsoft Exchange Rogue System Detection Security for Microsoft Exchange VirusScan VirusScan Command Line Vulnerability Manager

Skybox Intelligence Feed Description and SLA

VENDOR PRODUCT

Active Directory Certificate Services Active Directory Federation Services ASP.NET Data Protection Manager DirectX Lync Management OData IIS Extension Media Player Microsoft Identity Integration Server (MIIS) Microsoft Operations Manager Office Communicator Office SharePoint Server Office Web Apps Server Microsoft Online Responder Project Remote Desktop Connection Client SharePoint Designer SharePoint Services Silverlight Skype for Business System Center Configuration Manager System Center Operations Manager VBScript Visio Visual Studio Visual Studio Team Foundation Server Windows XP

Mod_ssl Mod_ssl

mongoDB mongoDB

MontaVista Linux Professional Edition

NCR Self-Service ATM

Net-SNMP Net-SNMP

Skybox Intelligence Feed Description and SLA

VENDOR PRODUCT

Data ONTAP NetApp OnCommand System Manager

Nmap Nmap

Node.js Foundation Node.js

Nortel Networks Meridian

NTP NTP

SpeechAttendant Nuance

OpenJDK OpenJDK

Opensource DBD::Sybase

Acme Packet Business Process Management Communications Operations Monitor Communications Session Border Controller Communications Session Delivery Management Suite Directory Server Enterprise Edition Enterprise Manager Grid Control Essbase Administration Services Glassfish GoldenGate Oracle GoldenGate Veridata Hyperion Smart View for Office Identity Analytics Integrated Lights Out Manager(ILOM) Knowledge Management Pack for Oracle GoldenGate Oracle CRM Oracle Fusion Middleware Oracle Outside In Technology PeopleSoft Enterprise PeopleSoft Enterprise Customer Relationship Manage skyboxsecurity.com 22 © 2018 Skybox Security, Inc. All rights reserved.

Skybox Intelligence Feed Description and SLA

PeopleSoft Enterprise FMS PeopleSoft Enterprise HRMS Human Resources PeopleSoft Enterprise Performance Management PeopleSoft PeopleTools PeopleSoft Portal Secure Global Desktop Tuxedo VM Server for SPARC Waveset WebLogic Server

p7zip p7zip

Palo Alto Networks Palo Alto Firewall

Persistent Systems Radia Client Automation

Pexip Pexip Infinity

BOSH CLI Cloud Foundry (PCF) Elastic Runtime Cloud Foundry (PCF) Ops Manage Cloud Foundry CLI JMX Bridge (Ops Metrics) MySQL for Pivotal Cloud Foundry Pivotal Operations Manager RabbitMQ RabbitMQ For PCF Spring Cloud Services Spring Framework User Account and Authentication (UAA)

PKWare SecureZIP

PostgreSQL PostgreSQL

PrinterOn Embedded Agent for Samsung

Skybox Intelligence Feed Description and SLA

VENDOR PRODUCT

privoxy privoxy

MAG Series PulseSecure Pulse Connect Secure

Python Software Foundation Python

Quest Recovery Manager for Active Directory

Video Control Center Qumu VideoNet Edge

Cluster Suite JBoss BPM Suite RedHat Mailcap OpenShift OpenShift Enterprise

redis-store Redis Store

Reuters Reuters Messaging

Blackberry Desktop Manager Blackberry Device Service RIM Blackberry Device Software BlackBerry Enterprise Server

RIO Karma

SteelCentral NetProfiler Riverbed SteelCentral NetShark

ACE/Server Adaptive Authentication RSA Security Security Analytics Web Threat Detection

Rsyslog Rsyslog

Skybox Intelligence Feed Description and SLA

VENDOR PRODUCT

Ruby on Rails Ruby on Rails

BusinessObjects BusinessObjects XI SAP Crystal Reports NetWeaver

Sendmail Inc. Sentrion MP

Skybox Skybox Security Skybox Manager Client Application

SourceForge Monkey HTTP Daemon

Boot Spring Core

SQLite SQLite

Tectia Client SSH Communications Security Tectia Manager Tectia Server

ONE Directory Server Sun Solaris Cluster

Adaptive Server IQ Open Server Sybase OpenSwitch Replication Server SDK Data Loss Prevention Endpoint Agent Encryption Management Server Enterprise Security Manager NetBackup NetBackup Appliance Symantec Storage Foundation for RHEL Linux Symantec Data Insight Symantec Storage Foundation for Windows Symantec Veritas Cluster Server Symantec Veritas NetBackup Operations Manager

Skybox Intelligence Feed Description and SLA

VENDOR PRODUCT

Reader Tableau Server Tableau

Tandberg MXP

Client Tanium Server

Tcpdump Tcpdump

TCPWave DNS Appliance

Tenable Network Security Nessus

ActiveMatrix BPM Administrator Enterprise Administrator TIBCO Runtime Agent Spotfire S+ Spotfire Server

TMD Security Monitoring Tool

Todd Miller Sudo

Twisted Matrix Labs Twisted

Ubuntu Ubuntu Linux

UltraVNC UltraVNC

Unisys ClearPath MCP

Control Center Uplogix Uplogix Envoy

Skybox Intelligence Feed Description and SLA

VENDOR PRODUCT

Cluster Server Veritas Software Volume Manager

AirWatch On-Premise Horizon View Horizon View Client vCenter Operations Manager vCenter Server VMWare vCenter Update Manager vCloud Automation Cente (vCAC) VirtualCenter VMWare Tools vRealize Operations Manager vRealize Orchestrator

Wireshark Wireshark

ESB CSV-Import-Export Plugin WordPress WordPress

Wyse Wyse ThinOS

ColorQube Xerox Phaser WorkCentre

Instant Messenger Yahoo Messenger

Yukihiro Matsumoto Ruby

zlib zlib