cnvd - cnvd-2018-03216

cnvd-2018-03216

Vulnerability from cnvd

Title: Red Hat Enterprise Virtualization权限提升漏洞

Description:

Red Hat Enterprise Virtualization（RHEV）是美国红帽（Red Hat）公司推出的一套针对服务器和桌面的虚拟化管理解决方案（企业虚拟化平台），它可提供实时迁移、负载平衡等功能。

RHEV中存在安全漏洞。本地攻击者可借助‘ConstraintViolation#getInvalidValue()’函数利用该漏洞获取提升的权限。

Severity: 中

Patch Name: Red Hat Enterprise Virtualization权限提升漏洞的补丁

Patch Description:

RHEV中存在安全漏洞。本地攻击者可借助‘ConstraintViolation#getInvalidValue()’函数利用该漏洞获取提升的权限。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已发布升级补丁以修复漏洞，详情请关注厂商主页： http://hibernate.org/validator/

Reference: https://securitytracker.com/id/1039744 https://www.securityfocus.com/bid/101048

Impacted products

Name
['Red Hat Hibernate Validator', 'Red Hat OpenShift Enterprise 2', 'Red Hat Satellite 6', 'Red Hat Enterprise Virtualization 4.*']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "101048"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-7536",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7536"
    }
  },
  "description": "Red Hat Enterprise Virtualization\uff08RHEV\uff09\u662f\u7f8e\u56fd\u7ea2\u5e3d\uff08Red Hat\uff09\u516c\u53f8\u63a8\u51fa\u7684\u4e00\u5957\u9488\u5bf9\u670d\u52a1\u5668\u548c\u684c\u9762\u7684\u865a\u62df\u5316\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\uff08\u4f01\u4e1a\u865a\u62df\u5316\u5e73\u53f0\uff09\uff0c\u5b83\u53ef\u63d0\u4f9b\u5b9e\u65f6\u8fc1\u79fb\u3001\u8d1f\u8f7d\u5e73\u8861\u7b49\u529f\u80fd\u3002\r\n\r\nRHEV\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u501f\u52a9\u2018ConstraintViolation#getInvalidValue()\u2019\u51fd\u6570\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u63d0\u5347\u7684\u6743\u9650\u3002",
  "discovererName": "Gunnar Morling (Red Hat)",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttp://hibernate.org/validator/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-03216",
  "openTime": "2018-02-12",
  "patchDescription": "Red Hat Enterprise Virtualization\uff08RHEV\uff09\u662f\u7f8e\u56fd\u7ea2\u5e3d\uff08Red Hat\uff09\u516c\u53f8\u63a8\u51fa\u7684\u4e00\u5957\u9488\u5bf9\u670d\u52a1\u5668\u548c\u684c\u9762\u7684\u865a\u62df\u5316\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\uff08\u4f01\u4e1a\u865a\u62df\u5316\u5e73\u53f0\uff09\uff0c\u5b83\u53ef\u63d0\u4f9b\u5b9e\u65f6\u8fc1\u79fb\u3001\u8d1f\u8f7d\u5e73\u8861\u7b49\u529f\u80fd\u3002\r\n\r\nRHEV\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u501f\u52a9\u2018ConstraintViolation#getInvalidValue()\u2019\u51fd\u6570\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u63d0\u5347\u7684\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Red Hat Enterprise Virtualization\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Red Hat Hibernate Validator",
      "Red Hat OpenShift Enterprise 2",
      "Red Hat Satellite 6",
      "Red Hat Enterprise Virtualization 4.*"
    ]
  },
  "referenceLink": "https://securitytracker.com/id/1039744\r\nhttps://www.securityfocus.com/bid/101048",
  "serverity": "\u4e2d",
  "submitTime": "2018-01-12",
  "title": "Red Hat Enterprise Virtualization\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}

CVE-2017-7536 (GCVE-0-2017-7536)

Vulnerability from cvelistv5

Published

2018-01-10 15:00

Modified

2024-09-16 17:32

Severity ?

CWE

CWE-592

Summary

In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue().

References

▼	URL	Tags
	https://access.redhat.com/errata/RHSA-2017:2809	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:3817	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2740	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2017:2810	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2741	vendor-advisory, x_refsource_REDHAT
	http://www.securitytracker.com/id/1039744	vdb-entry, x_refsource_SECTRACK
	https://access.redhat.com/errata/RHSA-2018:2742	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2017:3458	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2017:2808	vendor-advisory, x_refsource_REDHAT
	http://www.securityfocus.com/bid/101048	vdb-entry, x_refsource_BID
	https://access.redhat.com/errata/RHSA-2017:3455	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2927	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2017:3456	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2743	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2017:3454	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2017:3141	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2017:2811	vendor-advisory, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=1465573	x_refsource_CONFIRM
	https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	Red Hat, Inc.	hibernate-validator	Version: 5.2.x before 5.2.5 final Version: 5.3.x Version: 5.4.x

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:04:11.963Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2017:2809",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2809"
          },
          {
            "name": "RHSA-2018:3817",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3817"
          },
          {
            "name": "RHSA-2018:2740",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2740"
          },
          {
            "name": "RHSA-2017:2810",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2810"
          },
          {
            "name": "RHSA-2018:2741",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2741"
          },
          {
            "name": "1039744",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039744"
          },
          {
            "name": "RHSA-2018:2742",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2742"
          },
          {
            "name": "RHSA-2017:3458",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3458"
          },
          {
            "name": "RHSA-2017:2808",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2808"
          },
          {
            "name": "101048",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/101048"
          },
          {
            "name": "RHSA-2017:3455",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3455"
          },
          {
            "name": "RHSA-2018:2927",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2927"
          },
          {
            "name": "RHSA-2017:3456",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3456"
          },
          {
            "name": "RHSA-2018:2743",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2743"
          },
          {
            "name": "RHSA-2017:3454",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3454"
          },
          {
            "name": "RHSA-2017:3141",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3141"
          },
          {
            "name": "RHSA-2017:2811",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2811"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1465573"
          },
          {
            "name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "hibernate-validator",
          "vendor": "Red Hat, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "5.2.x before 5.2.5 final"
            },
            {
              "status": "affected",
              "version": "5.3.x"
            },
            {
              "status": "affected",
              "version": "5.4.x"
            }
          ]
        }
      ],
      "datePublic": "2017-06-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager\u0027s reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue()."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-592",
              "description": "CWE-592",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-11-16T01:07:02",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2017:2809",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2809"
        },
        {
          "name": "RHSA-2018:3817",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3817"
        },
        {
          "name": "RHSA-2018:2740",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2740"
        },
        {
          "name": "RHSA-2017:2810",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2810"
        },
        {
          "name": "RHSA-2018:2741",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2741"
        },
        {
          "name": "1039744",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039744"
        },
        {
          "name": "RHSA-2018:2742",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2742"
        },
        {
          "name": "RHSA-2017:3458",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3458"
        },
        {
          "name": "RHSA-2017:2808",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2808"
        },
        {
          "name": "101048",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/101048"
        },
        {
          "name": "RHSA-2017:3455",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3455"
        },
        {
          "name": "RHSA-2018:2927",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2927"
        },
        {
          "name": "RHSA-2017:3456",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3456"
        },
        {
          "name": "RHSA-2018:2743",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2743"
        },
        {
          "name": "RHSA-2017:3454",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3454"
        },
        {
          "name": "RHSA-2017:3141",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3141"
        },
        {
          "name": "RHSA-2017:2811",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2811"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1465573"
        },
        {
          "name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "DATE_PUBLIC": "2017-06-27T00:00:00",
          "ID": "CVE-2017-7536",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "hibernate-validator",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.2.x before 5.2.5 final"
                          },
                          {
                            "version_value": "5.3.x"
                          },
                          {
                            "version_value": "5.4.x"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Red Hat, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager\u0027s reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue()."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-592"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2017:2809",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2809"
            },
            {
              "name": "RHSA-2018:3817",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3817"
            },
            {
              "name": "RHSA-2018:2740",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2740"
            },
            {
              "name": "RHSA-2017:2810",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2810"
            },
            {
              "name": "RHSA-2018:2741",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2741"
            },
            {
              "name": "1039744",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039744"
            },
            {
              "name": "RHSA-2018:2742",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2742"
            },
            {
              "name": "RHSA-2017:3458",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3458"
            },
            {
              "name": "RHSA-2017:2808",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2808"
            },
            {
              "name": "101048",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/101048"
            },
            {
              "name": "RHSA-2017:3455",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3455"
            },
            {
              "name": "RHSA-2018:2927",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2927"
            },
            {
              "name": "RHSA-2017:3456",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3456"
            },
            {
              "name": "RHSA-2018:2743",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2743"
            },
            {
              "name": "RHSA-2017:3454",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3454"
            },
            {
              "name": "RHSA-2017:3141",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3141"
            },
            {
              "name": "RHSA-2017:2811",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2811"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1465573",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1465573"
            },
            {
              "name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2017-7536",
    "datePublished": "2018-01-10T15:00:00Z",
    "dateReserved": "2017-04-05T00:00:00",
    "dateUpdated": "2024-09-16T17:32:38.135Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted