var-200512-0832
Vulnerability from variot
Buffer overflow in the IMAP daemon in Ipswitch Collaboration Suite 2006.02 and earlier allows remote authenticated users to execute arbitrary code via a long FETCH command. Authentication is required to exploit this vulnerability.This specific flaw exists within the IMAP daemon. A lack of bounds checking during the parsing of long arguments to the FETCH verb can result in an exploitable buffer overflow. The vulnerability presents itself when the server handles a specially crafted IMAP FETCH command. This may result in memory corruption leading to a denial-of-service condition or arbitrary code execution. Ipswitch IMail Server is an American Ipswitch company's mail server running on the Microsoft Windows operating system.
TITLE: Ipswitch IMail Server/Collaboration Suite IMAP FETCH Vulnerability
SECUNIA ADVISORY ID: SA19168
VERIFY ADVISORY: http://secunia.com/advisories/19168/
CRITICAL: Less critical
IMPACT: DoS
WHERE:
From remote
SOFTWARE: IMail Secure Server 2006 http://secunia.com/product/8651/ IMail Server 2006 http://secunia.com/product/8653/ Ipswitch Collaboration Suite 2006 http://secunia.com/product/8652/
DESCRIPTION: A vulnerability has been reported in Ipswitch IMail Server/Collaboration Suite, which can be exploited by malicious users to cause a DoS (Denial of Service). This can be exploited to cause a buffer overflow, which crashes the server.
Ipswitch Collaboration Suite 2006 Premium Edition: ftp://ftp.ipswitch.com/Ipswitch/Product_Support/ICS/ics-premium200603.exe
Ipswitch Collaboration Suite 2006 Standard Edition: ftp://ftp.ipswitch.com/Ipswitch/Product_Support/ICS/ics-standard200603.exe
IMail Secure Server 2006: ftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/imailsecure200603.exe
IMail Server 2006: ftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/imail200603.exe
PROVIDED AND/OR DISCOVERED BY: The vendor credits 3Com's Zero Day Initiative.
ORIGINAL ADVISORY: http://www.ipswitch.com/support/ics/updates/ics200603prem.asp http://www.ipswitch.com/support/ics/updates/ics200603stan.asp http://www.ipswitch.com/support/imail/releases/imsec200603.asp http://www.ipswitch.com/support/imail/releases/im200603.asp
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. ZDI-06-003: Ipswitch Collaboration Suite Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-06-003.html March 13, 2006
-- CVE ID: CVE-2005-3526
-- Affected Vendor: Ipswitch
-- Affected Products: Ipswitch Collaboration Suite 2006.02 and below
-- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability since December 13, 2005 by Digital Vaccine protection filter ID 3982.
-- Vendor Response:
From http://www.ipswitch.com/support/ics/updates/ics200603prem.asp:
"IMAP: Corrected a vulnerability issue where a properly crafted Fetch command causes IMAP to crash with a buffer overflow (disclosed by TippingPoint, a division of 3Com)."
-- Disclosure Timeline: 2005.12.13 - Vulnerability reported to vendor 2005.12.13 - Digital Vaccine released to TippingPoint customers 2006.03.13 - Public release of advisory
-- Credit: This vulnerability was discovered by Manuel Santamarina Suarez aka 'FistFuXXer'.
-- About the Zero Day Initiative (ZDI): Established by TippingPoint, a division of 3Com, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is used. 3Com does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, 3Com provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, 3Com provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product.
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "collaboration suite",
"scope": "eq",
"trust": 1.6,
"vendor": "ipswitch",
"version": "2006.02_standard"
},
{
"_id": null,
"model": "collaboration suite",
"scope": "eq",
"trust": 1.6,
"vendor": "ipswitch",
"version": "2006.02_premium"
},
{
"_id": null,
"model": "imail",
"scope": null,
"trust": 0.7,
"vendor": "ipswitch",
"version": null
},
{
"_id": null,
"model": "collaboration suite standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "2006"
},
{
"_id": null,
"model": "collaboration suite premium edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "2006"
},
{
"_id": null,
"model": "imail server",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "2006"
},
{
"_id": null,
"model": "imail secure server",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "2006"
},
{
"_id": null,
"model": "collaboration suite standard edition",
"scope": "ne",
"trust": 0.3,
"vendor": "ipswitch",
"version": "2006.03"
},
{
"_id": null,
"model": "collaboration suite premium edition",
"scope": "ne",
"trust": 0.3,
"vendor": "ipswitch",
"version": "2006.03"
},
{
"_id": null,
"model": "imail server",
"scope": "ne",
"trust": 0.3,
"vendor": "ipswitch",
"version": "2006.03"
},
{
"_id": null,
"model": "imail secure server",
"scope": "ne",
"trust": 0.3,
"vendor": "ipswitch",
"version": "2006.03"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-06-003"
},
{
"db": "BID",
"id": "17063"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-666"
},
{
"db": "NVD",
"id": "CVE-2005-3526"
}
]
},
"credits": {
"_id": null,
"data": "Manuel Santamarina Suarez",
"sources": [
{
"db": "ZDI",
"id": "ZDI-06-003"
}
],
"trust": 0.7
},
"cve": "CVE-2005-3526",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2005-3526",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-14735",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2005-3526",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200512-666",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-14735",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-14735"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-666"
},
{
"db": "NVD",
"id": "CVE-2005-3526"
}
]
},
"description": {
"_id": null,
"data": "Buffer overflow in the IMAP daemon in Ipswitch Collaboration Suite 2006.02 and earlier allows remote authenticated users to execute arbitrary code via a long FETCH command. Authentication is required to exploit this vulnerability.This specific flaw exists within the IMAP daemon. A lack of bounds checking during the parsing of long arguments to the FETCH verb can result in an exploitable buffer overflow. \nThe vulnerability presents itself when the server handles a specially crafted IMAP FETCH command. \nThis may result in memory corruption leading to a denial-of-service condition or arbitrary code execution. Ipswitch IMail Server is an American Ipswitch company\u0027s mail server running on the Microsoft Windows operating system. \n\nTITLE:\nIpswitch IMail Server/Collaboration Suite IMAP FETCH Vulnerability\n\nSECUNIA ADVISORY ID:\nSA19168\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/19168/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nDoS\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nIMail Secure Server 2006\nhttp://secunia.com/product/8651/\nIMail Server 2006\nhttp://secunia.com/product/8653/\nIpswitch Collaboration Suite 2006\nhttp://secunia.com/product/8652/\n\nDESCRIPTION:\nA vulnerability has been reported in Ipswitch IMail\nServer/Collaboration Suite, which can be exploited by malicious users\nto cause a DoS (Denial of Service). This can be exploited to cause a\nbuffer overflow, which crashes the server. \n\nIpswitch Collaboration Suite 2006 Premium Edition:\nftp://ftp.ipswitch.com/Ipswitch/Product_Support/ICS/ics-premium200603.exe\n\nIpswitch Collaboration Suite 2006 Standard Edition:\nftp://ftp.ipswitch.com/Ipswitch/Product_Support/ICS/ics-standard200603.exe\n\nIMail Secure Server 2006:\nftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/imailsecure200603.exe\n\nIMail Server 2006:\nftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/imail200603.exe\n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits 3Com\u0027s Zero Day Initiative. \n\nORIGINAL ADVISORY:\nhttp://www.ipswitch.com/support/ics/updates/ics200603prem.asp\nhttp://www.ipswitch.com/support/ics/updates/ics200603stan.asp\nhttp://www.ipswitch.com/support/imail/releases/imsec200603.asp\nhttp://www.ipswitch.com/support/imail/releases/im200603.asp\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. ZDI-06-003: Ipswitch Collaboration Suite Code Execution Vulnerability\nhttp://www.zerodayinitiative.com/advisories/ZDI-06-003.html\nMarch 13, 2006\n\n-- CVE ID:\nCVE-2005-3526\n\n-- Affected Vendor:\nIpswitch\n\n-- Affected Products:\nIpswitch Collaboration Suite 2006.02 and below\n\n-- TippingPoint(TM) IPS Customer Protection:\nTippingPoint IPS customers have been protected against this\nvulnerability since December 13, 2005 by Digital Vaccine protection\nfilter ID 3982. \n\n-- Vendor Response:\n\u003e\u003eFrom http://www.ipswitch.com/support/ics/updates/ics200603prem.asp:\n\n\"IMAP: Corrected a vulnerability issue where a properly crafted Fetch\ncommand causes IMAP to crash with a buffer overflow (disclosed by\nTippingPoint, a division of 3Com).\" \n\n-- Disclosure Timeline:\n2005.12.13 - Vulnerability reported to vendor\n2005.12.13 - Digital Vaccine released to TippingPoint customers\n2006.03.13 - Public release of advisory\n\n-- Credit:\nThis vulnerability was discovered by Manuel Santamarina Suarez aka \n\u0027FistFuXXer\u0027. \n\n-- About the Zero Day Initiative (ZDI):\nEstablished by TippingPoint, a division of 3Com, The Zero Day Initiative\n(ZDI) represents a best-of-breed model for rewarding security\nresearchers for responsibly disclosing discovered vulnerabilities. \n\nResearchers interested in getting paid for their security research\nthrough the ZDI can find more information and sign-up at:\n\n http://www.zerodayinitiative.com\n\nThe ZDI is unique in how the acquired vulnerability information is used. \n3Com does not re-sell the vulnerability details or any exploit code. \nInstead, upon notifying the affected product vendor, 3Com provides its\ncustomers with zero day protection through its intrusion prevention\ntechnology. Explicit details regarding the specifics of the\nvulnerability are not exposed to any parties until an official vendor\npatch is publicly available. Furthermore, with the altruistic aim of\nhelping to secure a broader user base, 3Com provides this vulnerability\ninformation confidentially to security vendors (including competitors)\nwho have a vulnerability protection or mitigation product. \n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-3526"
},
{
"db": "ZDI",
"id": "ZDI-06-003"
},
{
"db": "BID",
"id": "17063"
},
{
"db": "VULHUB",
"id": "VHN-14735"
},
{
"db": "PACKETSTORM",
"id": "44545"
},
{
"db": "PACKETSTORM",
"id": "44619"
}
],
"trust": 2.07
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2005-3526",
"trust": 2.7
},
{
"db": "ZDI",
"id": "ZDI-06-003",
"trust": 2.5
},
{
"db": "BID",
"id": "17063",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "19168",
"trust": 1.8
},
{
"db": "SREASON",
"id": "577",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1015759",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2006-0907",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "23796",
"trust": 1.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-009",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-200512-666",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20060313 ZDI-06-003: IPSWITCH COLLABORATION SUITE CODE EXECUTION VULNERABILITY",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "8565",
"trust": 0.6
},
{
"db": "XF",
"id": "25133",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-14735",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "44545",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "44619",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-06-003"
},
{
"db": "VULHUB",
"id": "VHN-14735"
},
{
"db": "BID",
"id": "17063"
},
{
"db": "PACKETSTORM",
"id": "44545"
},
{
"db": "PACKETSTORM",
"id": "44619"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-666"
},
{
"db": "NVD",
"id": "CVE-2005-3526"
}
]
},
"id": "VAR-200512-0832",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-14735"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:20:09.146000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Ipswitch has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "http://www.ipswitch.com/support/ics/updates/ics200603prem.asp"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-06-003"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-3526"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.5,
"url": "http://www.ipswitch.com/support/ics/updates/ics200603prem.asp"
},
{
"trust": 1.8,
"url": "http://www.zerodayinitiative.com/advisories/zdi-06-003.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/17063"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/23796"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1015759"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/19168"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/577"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/427536/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2006/0907"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25133"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/25133"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/0907"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/427536/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/8565"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/8652/"
},
{
"trust": 0.1,
"url": "http://www.ipswitch.com/support/imail/releases/im200603.asp"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/8653/"
},
{
"trust": 0.1,
"url": "http://www.ipswitch.com/support/ics/updates/ics200603stan.asp"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/19168/"
},
{
"trust": 0.1,
"url": "http://www.ipswitch.com/support/imail/releases/imsec200603.asp"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/8651/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://www.tippingpoint.com"
},
{
"trust": 0.1,
"url": "http://www.zerodayinitiative.com"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "http://www.ipswitch.com/support/ics/updates/ics200603prem.asp:"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-06-003"
},
{
"db": "VULHUB",
"id": "VHN-14735"
},
{
"db": "PACKETSTORM",
"id": "44545"
},
{
"db": "PACKETSTORM",
"id": "44619"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-666"
},
{
"db": "NVD",
"id": "CVE-2005-3526"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-06-003",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-14735",
"ident": null
},
{
"db": "BID",
"id": "17063",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "44545",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "44619",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-200512-666",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2005-3526",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2006-03-13T00:00:00",
"db": "ZDI",
"id": "ZDI-06-003",
"ident": null
},
{
"date": "2005-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-14735",
"ident": null
},
{
"date": "2006-03-10T00:00:00",
"db": "BID",
"id": "17063",
"ident": null
},
{
"date": "2006-03-11T02:24:56",
"db": "PACKETSTORM",
"id": "44545",
"ident": null
},
{
"date": "2006-03-13T21:51:14",
"db": "PACKETSTORM",
"id": "44619",
"ident": null
},
{
"date": "2005-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200512-666",
"ident": null
},
{
"date": "2005-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2005-3526",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2020-04-17T00:00:00",
"db": "ZDI",
"id": "ZDI-06-003",
"ident": null
},
{
"date": "2018-10-19T00:00:00",
"db": "VULHUB",
"id": "VHN-14735",
"ident": null
},
{
"date": "2007-02-20T15:56:00",
"db": "BID",
"id": "17063",
"ident": null
},
{
"date": "2006-08-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200512-666",
"ident": null
},
{
"date": "2024-11-21T00:02:06.580000",
"db": "NVD",
"id": "CVE-2005-3526",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200512-666"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Ipswitch Collaboration Suite Code Execution Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-06-003"
}
],
"trust": 0.7
},
"type": {
"_id": null,
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200512-666"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.