VYPR
Vendor

Cobalt Strike

Products
1
CVEs
3
Across products
3
Status
Private

Products

1

Recent CVEs

3
  • CVE-2022-42948CriKEVMar 24, 2023
    risk 0.76cvss 9.8epss 0.03

    Cobalt Strike 4.7.1 fails to properly escape HTML tags when they are displayed on Swing components. By injecting crafted HTML code, it is possible to remotely execute code in the Cobalt Strike UI.

  • CVE-2022-39197MedKEVSep 22, 2022
    risk 0.55cvss 6.1epss 0.46

    An XSS (Cross Site Scripting) vulnerability was found in HelpSystems Cobalt Strike through 4.7 that allowed a remote attacker to execute HTML on the Cobalt Strike teamserver. To exploit the vulnerability, one must first inspect a Cobalt Strike payload, and then modify the…

  • CVE-2022-23317HigFeb 15, 2022
    risk 0.49cvss 7.5epss 0.01

    CobaltStrike <=4.5 HTTP(S) listener does not determine whether the request URL begins with "/", and attackers can obtain relevant information by specifying the URL.