Information Security Management System

Built on ISMS Control Library 4.3.4
Generated 10 July 2026 13:18
9 Domains • 69 Objectives • 341 Controls
Navigation Guide

ISMS Status

Cumulative maturity scoring across all 9 ISMS Domains. Click any row in the Per-Domain table to jump to that Domain.

Healthy (Gap ≤ 0.49)Watch (Gap 0.50–1.25)Attention (Gap > 1.25)
Target
6.22
→ 0.00 (0.0%)
since last review
Current
5.76
▲ 0.18 (3.2%)
since last review
Gap
0.46
▼ 0.18 (28.1%)
since last review
Total Controls
341
→ 0 (0.0%)
since last review
At Target
226
▲ 12 (5.6%)
since last review
Below Target
115
▼ 12 (9.4%)
since last review

Per-Domain Detail

Evidence Coverage

With Evidence
341 (100%)
Strong
216
Adequate
71
Weak
54
No Evidence
0

Govern Domain

38 Controls across 8 Objectives. Click any Objective or Control ID to view its full details.

Healthy (Gap ≤ 0.49)Watch (Gap 0.50–1.25)Attention (Gap > 1.25)
Target
6.05
→ 0.00 (0.0%)
since last review
Current
5.79
▲ 0.15 (2.7%)
since last review
Gap
0.26
▼ 0.15 (36.6%)
since last review
Total Controls
38
→ 0 (0.0%)
since last review
At Target
31
▲ 2 (6.9%)
since last review
Below Target
7
▼ 2 (22.2%)
since last review

Per-Objective Detail

ID
Objective
Target
Current
Gap
Controls
At Target
Below Target
6.00
6.00
0.00
5
5
0

Controls Below Target 7

ID
Statement
Evidence
Target
Current
Gap
Forecast
Growth
F Gap
Intellectual property rights
4
6
5
1
5
0
1
Segregation of duties for security-sensitive activities is…
4
6
5
1
4
-1
2
Personnel onboarding
4
6
5
1
5
0
1
A cross-functional AI governance forum is established with…
2
6
2
4
4
2
2
Board of Directors and Executive Team are updated on…
2
6
5
1
5
0
1
Continual improvement of the ISMS is governed through…
2
7
6
1
6
0
1
Independent reviews of information security are conducted…
1
6
5
1
5
0
1

Evidence Coverage

With Evidence
38 (100%)
Strong
24
Adequate
8
Weak
6
No Evidence
0

Identify Domain

41 Controls across 7 Objectives. Click any Objective or Control ID to view its full details.

Healthy (Gap ≤ 0.49)Watch (Gap 0.50–1.25)Attention (Gap > 1.25)
Target
6.24
▲ 0.10 (1.6%)
since last review
Current
5.76
▲ 0.22 (4.0%)
since last review
Gap
0.48
▼ 0.12 (20.0%)
since last review
Total Controls
41
→ 0 (0.0%)
since last review
At Target
26
▲ 3 (13.0%)
since last review
Below Target
15
▼ 3 (16.7%)
since last review

Per-Objective Detail

ID
Objective
Target
Current
Gap
Controls
At Target
Below Target
6.00
5.50
0.50
8
5
3
6.60
6.20
0.40
5
3
2

Controls Below Target 15

ID
Statement
Evidence
Target
Current
Gap
Forecast
Growth
F Gap
Service assets — including domain management, cloud…
4
6
5
1
5
0
1
Application assets
4
6
5
1
5
0
1
Asset integrations
4
6
4
2
4
0
2
Personal data and special-category data are identified
4
6
5
1
5
0
1
Data flows across the asset estate
4
6
5
1
5
0
1
Data discovery activities are performed to detect…
4
6
5
1
5
0
1
Internet-exposed assets
4
7
6
1
6
0
1
Brand-related external exposure
4
6
4
2
6
2
0
External attack surface findings are prioritised
4
7
6
1
7
1
0
Threat inputs from IDE.TM
4
7
6
1
7
1
0
Project-level, change-level, and onboarding-level risk…
2
6
5
1
5
0
1
External and internal threat intelligence is collected from…
2
6
4
2
4
0
2
AI-specific threat intelligence sources
2
6
4
2
4
0
2
Threat intelligence outputs are disseminated to risk…
2
7
5
2
5
0
2
Supplier termination and offboarding are governed by…
1
6
5
1
6
1
0

Evidence Coverage

With Evidence
41 (100%)
Strong
26
Adequate
9
Weak
6
No Evidence
0

Protect Domain

61 Controls across 10 Objectives. Click any Objective or Control ID to view its full details.

Healthy (Gap ≤ 0.49)Watch (Gap 0.50–1.25)Attention (Gap > 1.25)
Target
6.20
→ 0.00 (0.0%)
since last review
Current
5.74
▲ 0.19 (3.4%)
since last review
Gap
0.46
▼ 0.19 (29.2%)
since last review
Total Controls
61
→ 0 (0.0%)
since last review
At Target
39
▲ 4 (11.4%)
since last review
Below Target
22
▼ 4 (15.4%)
since last review

Per-Objective Detail

Controls Below Target 22

ID
Statement
Evidence
Target
Current
Gap
Forecast
Growth
F Gap
Access is granted on the principles of least privilege and…
4
6
5
1
5
0
1
Privileged access is governed under additional safeguards
4
6
5
1
5
0
1
Authentication credentials
4
7
6
1
6
0
1
Data handling requirements per classification
4
6
5
1
5
0
1
Data backup is performed
4
6
5
1
6
1
0
Cloud platform and SaaS configurations are governed under…
4
6
5
1
5
0
1
Network segmentation isolates environments
4
6
4
2
6
2
0
Email and messaging security policy
4
6
5
1
6
1
0
Email security service
4
6
5
1
6
1
0
Messaging and collaboration platform security
4
6
5
1
6
1
0
Endpoint protection
4
6
5
1
6
1
0
Mobile device management is applied to company-managed and…
4
6
4
2
6
2
0
Endpoint lifecycle
2
7
6
1
6
0
1
Environmental threats
2
6
4
2
6
2
0
Infrastructure capacity and resource adequacy are monitored
2
6
4
2
6
2
0
Vulnerabilities are remediated through patching
1
6
5
1
6
1
0
Vulnerability exceptions are formally requested
1
7
6
1
6
0
1
General information security training is provided to all…
1
6
5
1
4
-1
2
Role-specific information security training is provided to…
1
6
5
1
5
0
1
Phishing and social engineering simulation programmes are…
1
6
4
2
4
0
2
Security champion networks are established across functions…
1
6
5
1
6
1
0
Training effectiveness is measured
1
6
4
2
5
1
1

Evidence Coverage

With Evidence
61 (100%)
Strong
39
Adequate
13
Weak
9
No Evidence
0

Detect Domain

26 Controls across 6 Objectives. Click any Objective or Control ID to view its full details.

Healthy (Gap ≤ 0.49)Watch (Gap 0.50–1.25)Attention (Gap > 1.25)
Target
6.27
→ 0.00 (0.0%)
since last review
Current
6.08
▲ 0.30 (5.2%)
since last review
Gap
0.19
▼ 0.30 (61.2%)
since last review
Total Controls
26
→ 0 (0.0%)
since last review
At Target
21
▲ 2 (10.5%)
since last review
Below Target
5
▼ 2 (28.6%)
since last review

Per-Objective Detail

ID
Objective
Target
Current
Gap
Controls
At Target
Below Target
6.00
5.67
0.33
3
2
1

Controls Below Target 5

ID
Statement
Evidence
Target
Current
Gap
Forecast
Growth
F Gap
Detection capability
4
6
5
1
5
0
1
Logs are generated across in-scope assets covering…
4
7
6
1
7
1
0
Sensitive data access
4
7
6
1
7
1
0
Endpoint and identity monitoring captures EDR
4
7
6
1
6
0
1
Hunt outcomes — confirmed threats, new detection content…
1
6
5
1
6
1
0

Evidence Coverage

With Evidence
26 (100%)
Strong
17
Adequate
5
Weak
4
No Evidence
0

Respond Domain

26 Controls across 6 Objectives. Click any Objective or Control ID to view its full details.

Healthy (Gap ≤ 0.49)Watch (Gap 0.50–1.25)Attention (Gap > 1.25)
Target
6.23
→ 0.00 (0.0%)
since last review
Current
6.12
▲ 0.08 (1.3%)
since last review
Gap
0.11
▼ 0.08 (42.1%)
since last review
Total Controls
26
→ 0 (0.0%)
since last review
At Target
23
▲ 1 (4.5%)
since last review
Below Target
3
▼ 1 (25.0%)
since last review

Per-Objective Detail

ID
Objective
Target
Current
Gap
Controls
At Target
Below Target

Controls Below Target 3

ID
Statement
Evidence
Target
Current
Gap
Forecast
Growth
F Gap
Incident response plans and playbooks
4
6
5
1
5
0
1
Specialty incident classes
4
7
6
1
7
1
0
Threat actor attribution is assessed where evidence…
2
7
6
1
6
0
1

Evidence Coverage

With Evidence
26 (100%)
Strong
17
Adequate
5
Weak
4
No Evidence
0

Recover Domain

23 Controls across 6 Objectives. Click any Objective or Control ID to view its full details.

Healthy (Gap ≤ 0.49)Watch (Gap 0.50–1.25)Attention (Gap > 1.25)
Target
6.22
→ 0.00 (0.0%)
since last review
Current
6.04
▲ 0.12 (2.0%)
since last review
Gap
0.18
▼ 0.12 (40.0%)
since last review
Total Controls
23
→ 0 (0.0%)
since last review
At Target
19
▲ 2 (11.8%)
since last review
Below Target
4
▼ 2 (33.3%)
since last review

Per-Objective Detail

ID
Objective
Target
Current
Gap
Controls
At Target
Below Target

Controls Below Target 4

ID
Statement
Evidence
Target
Current
Gap
Forecast
Growth
F Gap
Recovery tooling and infrastructure
4
7
6
1
7
1
0
Recovery exercises
4
7
6
1
7
1
0
Heightened post-recovery monitoring is maintained for a…
4
6
5
1
6
1
0
Supplier and third-party coordination during recovery is…
2
7
6
1
7
1
0

Evidence Coverage

With Evidence
23 (100%)
Strong
15
Adequate
5
Weak
3
No Evidence
0

AppSec Domain

42 Controls across 8 Objectives. Click any Objective or Control ID to view its full details.

Healthy (Gap ≤ 0.49)Watch (Gap 0.50–1.25)Attention (Gap > 1.25)
Target
6.29
→ 0.00 (0.0%)
since last review
Current
5.79
▲ 0.16 (2.8%)
since last review
Gap
0.50
▼ 0.16 (24.2%)
since last review
Total Controls
42
→ 0 (0.0%)
since last review
At Target
22
▲ 3 (15.8%)
since last review
Below Target
20
▼ 3 (13.0%)
since last review

Per-Objective Detail

Controls Below Target 20

ID
Statement
Evidence
Target
Current
Gap
Forecast
Growth
F Gap
AppSec procedures are documented
4
6
5
1
5
0
1
AppSec compliance with policies
4
6
5
1
5
0
1
Secrets are inventoried
4
6
5
1
6
1
0
Security requirements are defined for applications based on…
4
6
5
1
5
0
1
Privacy by design and Data Protection Impact Assessments…
4
6
5
1
6
1
0
Access control is applied to development assets
4
7
6
1
6
0
1
Cryptography is applied to protect data within applications…
4
6
5
1
6
1
0
Security is addressed from the start of development (OWASP…
4
7
6
1
7
1
0
Digital identities are secured (OWASP C7) OWASP Top 10…
4
6
5
1
6
1
0
Third-party components and dependencies are inventoried and…
4
7
6
1
6
0
1
Third-party component selection follows defined security…
4
6
5
1
6
1
0
Build pipeline and deployment infrastructure integrity and…
2
7
5
2
5
0
2
Container images and registries are managed for security…
2
6
5
1
6
1
0
Application code testing is performed
2
7
6
1
7
1
0
Application runtime testing is performed
2
6
5
1
5
0
1
Infrastructure-as-Code (IaC) security scanning is performed
2
6
5
1
6
1
0
Application release and deployment processes apply secure…
2
7
6
1
7
1
0
AppSec incident response procedures are documented and…
1
6
5
1
6
1
0
AppSec training is provided to development
1
6
5
1
5
0
1
A Security Champion programme is operated to designate
1
6
5
1
5
0
1

Evidence Coverage

With Evidence
42 (100%)
Strong
27
Adequate
9
Weak
6
No Evidence
0

AI Third Party Domain

32 Controls across 8 Objectives. Click any Objective or Control ID to view its full details.

Healthy (Gap ≤ 0.49)Watch (Gap 0.50–1.25)Attention (Gap > 1.25)
Target
6.28
→ 0.00 (0.0%)
since last review
Current
5.44
▲ 0.10 (1.9%)
since last review
Gap
0.84
▼ 0.10 (10.6%)
since last review
Total Controls
32
→ 0 (0.0%)
since last review
At Target
17
▲ 1 (6.2%)
since last review
Below Target
15
▼ 1 (6.2%)
since last review

Per-Objective Detail

ID
Objective
Target
Current
Gap
Controls
At Target
Below Target
6.25
5.75
0.50
4
2
2
6.25
6.00
0.25
4
3
1
6.67
6.00
0.67
3
1
2

Controls Below Target 15

ID
Statement
Evidence
Target
Current
Gap
Forecast
Growth
F Gap
Third-Party AI compliance with policies
4
6
5
1
5
0
1
Third-party AI tools and services are inventoried
4
6
4
2
4
0
2
Third-party AI assets are classified and tagged with AI…
4
6
4
2
4
0
2
Shadow AI — unauthorised third-party AI use — is detected…
4
6
4
2
5
1
1
Embedded AI capabilities within existing SaaS suppliers are…
4
6
4
2
5
1
1
Human-in-the-loop authorisation is applied to sensitive…
4
6
4
2
6
2
0
Agentic AI activity is logged at action granularity
4
7
5
2
6
1
1
Agentic AI vendor selection follows elevated criteria
4
7
5
2
5
0
2
Emergency suspension and revocation capability for…
2
7
1
6
4
3
3
Approved third-party AI tools
4
6
5
1
5
0
1
Data exposure to third-party AI tools is governed per AI…
4
7
6
1
6
0
1
Third-party AI provider security posture
2
6
5
1
6
1
0
Third-party AI incidents are escalated and managed per the…
2
6
5
1
6
1
0
Third-party AI tool retirement is performed when approval…
1
7
6
1
6
0
1
Retirement outcomes inform Vendor Responsibility Framework…
1
6
5
1
6
1
0

Evidence Coverage

With Evidence
32 (100%)
Strong
20
Adequate
7
Weak
5
No Evidence
0

AI Internally Developed Domain

52 Controls across 10 Objectives. Click any Objective or Control ID to view its full details.

Healthy (Gap ≤ 0.49)Watch (Gap 0.50–1.25)Attention (Gap > 1.25)
Target
6.25
→ 0.00 (0.0%)
since last review
Current
5.48
▲ 0.25 (4.8%)
since last review
Gap
0.77
▼ 0.25 (24.5%)
since last review
Total Controls
52
→ 0 (0.0%)
since last review
At Target
28
▲ 3 (12.0%)
since last review
Below Target
24
▼ 3 (11.1%)
since last review

Per-Objective Detail

Controls Below Target 24

ID
Statement
Evidence
Target
Current
Gap
Forecast
Growth
F Gap
AI security compliance with policies
4
6
5
1
5
0
1
In-house AI systems are inventoried and classified
4
6
5
1
5
0
1
Training datasets and AI data assets are inventoried
4
6
5
1
5
0
1
System prompts and AI instructions are inventoried
4
6
3
3
4
1
2
AI data flows and integrations are documented
4
6
5
1
5
0
1
AI security requirements are defined based on AI risk and…
4
7
6
1
7
1
0
Security architecture reviews are performed for new AI…
4
7
6
1
7
1
0
Training data security and integrity controls are applied
4
7
6
1
7
1
0
Secure AI coding standards and code review are applied
4
6
5
1
6
1
0
AI components, models, and dependencies are inventoried and…
4
7
6
1
7
1
0
Training dataset provenance and licensing are verified…
4
6
5
1
6
1
0
AI vulnerabilities are tracked
4
6
5
1
5
0
1
A versioned security evaluation suite gates promotion of AI…
2
7
2
5
5
3
2
AI systems are monitored
2
7
6
1
7
1
0
AI system decommissioning and end-of-life procedures…
2
6
5
1
6
1
0
AI-generated content transparency and provenance…
2
6
1
5
3
2
3
Agent authorisation scope is documented and enforced
2
6
4
2
6
2
0
Human-in-the-loop authorisation is applied to sensitive…
2
6
5
1
5
0
1
Agent defences against prompt injection
1
6
5
1
5
0
1
Emergency suspension and revocation capability for in-house…
2
7
1
6
4
3
3
An AI Security Champion programme is operated to designate
1
6
5
1
5
0
1
Approved in-house AI tools and use cases are defined and…
1
6
5
1
5
0
1
Data exposure to in-house AI tools is governed per AI…
1
6
5
1
6
1
0
Authentication and account hygiene for in-house AI tools is…
1
6
5
1
5
0
1

Evidence Coverage

With Evidence
52 (100%)
Strong
31
Adequate
10
Weak
11
No Evidence
0

Below Target

Every Control where Current is below Target — today's view. Sorted by Gap (largest first). Click any Control ID to view its full details. Pair with the Forecast tab to compare today's gap against the projected next-review gap.

Total Below Target
115
Forecast to Hit Target
48
Forecast Falls Short
67
No Progress Planned
55

Controls Below Target Across All Domains 115

ID
Statement
Evidence
Target
Current
Gap
Forecast
Growth
F Gap
Emergency suspension and revocation capability for in-house…
2
7
1
6
4
3
3
Emergency suspension and revocation capability for…
2
7
1
6
4
3
3
AI-generated content transparency and provenance…
2
6
1
5
3
2
3
A versioned security evaluation suite gates promotion of AI…
2
7
2
5
5
3
2
A cross-functional AI governance forum is established with…
2
6
2
4
4
2
2
System prompts and AI instructions are inventoried
4
6
3
3
4
1
2
Agentic AI vendor selection follows elevated criteria
4
7
5
2
5
0
2
Third-party AI tools and services are inventoried
4
6
4
2
4
0
2
Third-party AI assets are classified and tagged with AI…
4
6
4
2
4
0
2
Build pipeline and deployment infrastructure integrity and…
2
7
5
2
5
0
2
Asset integrations
4
6
4
2
4
0
2
External and internal threat intelligence is collected from…
2
6
4
2
4
0
2
AI-specific threat intelligence sources
2
6
4
2
4
0
2
Threat intelligence outputs are disseminated to risk…
2
7
5
2
5
0
2
Phishing and social engineering simulation programmes are…
1
6
4
2
4
0
2
Agentic AI activity is logged at action granularity
4
7
5
2
6
1
1
Shadow AI — unauthorised third-party AI use — is detected…
4
6
4
2
5
1
1
Embedded AI capabilities within existing SaaS suppliers are…
4
6
4
2
5
1
1
Training effectiveness is measured
1
6
4
2
5
1
1
Agent authorisation scope is documented and enforced
2
6
4
2
6
2
0
Human-in-the-loop authorisation is applied to sensitive…
4
6
4
2
6
2
0
Brand-related external exposure
4
6
4
2
6
2
0
Mobile device management is applied to company-managed and…
4
6
4
2
6
2
0
Environmental threats
2
6
4
2
6
2
0
Infrastructure capacity and resource adequacy are monitored
2
6
4
2
6
2
0
Network segmentation isolates environments
4
6
4
2
6
2
0
Segregation of duties for security-sensitive activities is…
4
6
5
1
4
-1
2
General information security training is provided to all…
1
6
5
1
4
-1
2
Human-in-the-loop authorisation is applied to sensitive…
2
6
5
1
5
0
1
Agent defences against prompt injection
1
6
5
1
5
0
1
In-house AI systems are inventoried and classified
4
6
5
1
5
0
1
Training datasets and AI data assets are inventoried
4
6
5
1
5
0
1
AI data flows and integrations are documented
4
6
5
1
5
0
1
AI security compliance with policies
4
6
5
1
5
0
1
An AI Security Champion programme is operated to designate
1
6
5
1
5
0
1
Approved in-house AI tools and use cases are defined and…
1
6
5
1
5
0
1
Authentication and account hygiene for in-house AI tools is…
1
6
5
1
5
0
1
AI vulnerabilities are tracked
4
6
5
1
5
0
1
Third-Party AI compliance with policies
4
6
5
1
5
0
1
Third-party AI tool retirement is performed when approval…
1
7
6
1
6
0
1
Approved third-party AI tools
4
6
5
1
5
0
1
Data exposure to third-party AI tools is governed per AI…
4
7
6
1
6
0
1
Security requirements are defined for applications based on…
4
6
5
1
5
0
1
AppSec procedures are documented
4
6
5
1
5
0
1
AppSec compliance with policies
4
6
5
1
5
0
1
Third-party components and dependencies are inventoried and…
4
7
6
1
6
0
1
Access control is applied to development assets
4
7
6
1
6
0
1
AppSec training is provided to development
1
6
5
1
5
0
1
A Security Champion programme is operated to designate
1
6
5
1
5
0
1
Application runtime testing is performed
2
6
5
1
5
0
1
Endpoint and identity monitoring captures EDR
4
7
6
1
6
0
1
Detection capability
4
6
5
1
5
0
1
Independent reviews of information security are conducted…
1
6
5
1
5
0
1
Intellectual property rights
4
6
5
1
5
0
1
Board of Directors and Executive Team are updated on…
2
6
5
1
5
0
1
Continual improvement of the ISMS is governed through…
2
7
6
1
6
0
1
Personnel onboarding
4
6
5
1
5
0
1
Service assets — including domain management, cloud…
4
6
5
1
5
0
1
Application assets
4
6
5
1
5
0
1
Personal data and special-category data are identified
4
6
5
1
5
0
1
Data flows across the asset estate
4
6
5
1
5
0
1
Data discovery activities are performed to detect…
4
6
5
1
5
0
1
Internet-exposed assets
4
7
6
1
6
0
1
Project-level, change-level, and onboarding-level risk…
2
6
5
1
5
0
1
Access is granted on the principles of least privilege and…
4
6
5
1
5
0
1
Privileged access is governed under additional safeguards
4
6
5
1
5
0
1
Authentication credentials
4
7
6
1
6
0
1
Data handling requirements per classification
4
6
5
1
5
0
1
Endpoint lifecycle
2
7
6
1
6
0
1
Cloud platform and SaaS configurations are governed under…
4
6
5
1
5
0
1
Role-specific information security training is provided to…
1
6
5
1
5
0
1
Vulnerability exceptions are formally requested
1
7
6
1
6
0
1
Threat actor attribution is assessed where evidence…
2
7
6
1
6
0
1
Incident response plans and playbooks
4
6
5
1
5
0
1
AI security requirements are defined based on AI risk and…
4
7
6
1
7
1
0
Security architecture reviews are performed for new AI…
4
7
6
1
7
1
0
AI systems are monitored
2
7
6
1
7
1
0
AI system decommissioning and end-of-life procedures…
2
6
5
1
6
1
0
AI components, models, and dependencies are inventoried and…
4
7
6
1
7
1
0
Training dataset provenance and licensing are verified…
4
6
5
1
6
1
0
Training data security and integrity controls are applied
4
7
6
1
7
1
0
Secure AI coding standards and code review are applied
4
6
5
1
6
1
0
Data exposure to in-house AI tools is governed per AI…
1
6
5
1
6
1
0
Third-party AI incidents are escalated and managed per the…
2
6
5
1
6
1
0
Third-party AI provider security posture
2
6
5
1
6
1
0
Retirement outcomes inform Vendor Responsibility Framework…
1
6
5
1
6
1
0
Secrets are inventoried
4
6
5
1
6
1
0
Privacy by design and Data Protection Impact Assessments…
4
6
5
1
6
1
0
Application release and deployment processes apply secure…
2
7
6
1
7
1
0
AppSec incident response procedures are documented and…
1
6
5
1
6
1
0
Third-party component selection follows defined security…
4
6
5
1
6
1
0
Container images and registries are managed for security…
2
6
5
1
6
1
0
Cryptography is applied to protect data within applications…
4
6
5
1
6
1
0
Security is addressed from the start of development (OWASP…
4
7
6
1
7
1
0
Digital identities are secured (OWASP C7) OWASP Top 10…
4
6
5
1
6
1
0
Application code testing is performed
2
7
6
1
7
1
0
Infrastructure-as-Code (IaC) security scanning is performed
2
6
5
1
6
1
0
Logs are generated across in-scope assets covering…
4
7
6
1
7
1
0
Sensitive data access
4
7
6
1
7
1
0
Hunt outcomes — confirmed threats, new detection content…
1
6
5
1
6
1
0
External attack surface findings are prioritised
4
7
6
1
7
1
0
Threat inputs from IDE.TM
4
7
6
1
7
1
0
Supplier termination and offboarding are governed by…
1
6
5
1
6
1
0
Data backup is performed
4
6
5
1
6
1
0
Email and messaging security policy
4
6
5
1
6
1
0
Email security service
4
6
5
1
6
1
0
Messaging and collaboration platform security
4
6
5
1
6
1
0
Endpoint protection
4
6
5
1
6
1
0
Security champion networks are established across functions…
1
6
5
1
6
1
0
Vulnerabilities are remediated through patching
1
6
5
1
6
1
0
Supplier and third-party coordination during recovery is…
2
7
6
1
7
1
0
Recovery tooling and infrastructure
4
7
6
1
7
1
0
Recovery exercises
4
7
6
1
7
1
0
Heightened post-recovery monitoring is maintained for a…
4
6
5
1
6
1
0
Specialty incident classes
4
7
6
1
7
1
0

Domain × Objective Maturity Heatmap

Click any cell to view that Objective's details.

Healthy (Gap ≤ 0.49)Watch (Gap 0.50–1.25)Attention (Gap > 1.25)
Domain
Obj 1
Obj 2
Obj 3
Obj 4
Obj 5
Obj 6
Obj 7
Obj 8
Obj 9
Obj 10
Govern
Identify
Protect
Detect
Respond
Recover
AppSec
AI Third Party
AI Internally Developed

Continuous Threat Exposure Management

Aligned with Gartner’s CTEM framework. Exposures (operational work queue), Threats (taxonomy), Validations (empirical evidence), Sources (data feeds). Single source of truth for the CTEM programme; downstream artefacts derive from this register.

Active Exposures
608
of 1619 total
Above Tolerance
608
Critical/High open
Avg MTTR
0 d
remediated this period
Validation Freshness
25%
threats validated (90d)
Catalogue Size
60
threats / 12 sources

CTEM Cycle

Scoping
12
What's in scope
Discovery
608
Identified, not yet validated
Prioritization
0
Validated, awaiting work plan
Validation
0
Confirmed exploitable
Mobilization
0
Remediation in flight

Exposures — Operational Queue

Sorted by lifecycle stage (active first) then priority. Click any row to expand. Filter below — defaults to active Critical/High.

Quick view:
Status:
Priority:
Showing of exposures.Pills toggle on/off — filled = visible. Click a Quick view to reset.
ExposureThreatPrioritySourceIdentifiedOwnerStatus
EXP-KEV-0177External Remote Services (T1133)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-005 — External Remote Services
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2019-6693 | Fortinet FortiOS | Fortinet FortiOS Use of Hard-Coded Credentials Vulnerability | KEV added: 2025-06-25 | KEV due: 2025-07-16 | RANSOMWARE-LINKED | Mapping: Product match: 'fortios' → THR-005

EXP-KEV-0224Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2025-29824 | Microsoft Windows | Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability | KEV added: 2025-04-08 | KEV due: 2025-04-29 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-0232External Remote Services (T1133)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-005 — External Remote Services
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2025-24472 | Fortinet FortiOS and FortiProxy | Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability | KEV added: 2025-03-18 | KEV due: 2025-04-08 | RANSOMWARE-LINKED | Mapping: Product match: 'fortios' → THR-005

EXP-KEV-0239Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2025-26633 | Microsoft Windows | Microsoft Windows Management Console (MMC) Improper Neutralization Vulnerability | KEV added: 2025-03-11 | KEV due: 2025-04-01 | RANSOMWARE-LINKED | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0248Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2018-8639 | Microsoft Windows | Microsoft Windows Win32k Improper Resource Shutdown or Release Vulnerability | KEV added: 2025-03-03 | KEV due: 2025-03-24 | RANSOMWARE-LINKED | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0278External Remote Services (T1133)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-005 — External Remote Services
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2024-55591 | Fortinet FortiOS and FortiProxy | Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability | KEV added: 2025-01-14 | KEV due: 2025-01-21 | RANSOMWARE-LINKED | Mapping: Product match: 'fortios' → THR-005

EXP-KEV-0298Command and Scripting Interpreter (T1059)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2024-9474 | Palo Alto Networks PAN-OS | Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability | KEV added: 2024-11-18 | KEV due: 2024-12-09 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-77 → THR-010

EXP-KEV-0299External Remote Services (T1133)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-005 — External Remote Services
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2024-0012 | Palo Alto Networks PAN-OS | Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability | KEV added: 2024-11-18 | KEV due: 2024-12-09 | RANSOMWARE-LINKED | Mapping: Product match: 'vpn' → THR-005

EXP-KEV-0306Valid Accounts (Credential Reuse) (T1078)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-009 — Valid Accounts (Credential Reuse)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2024-49039 | Microsoft Windows | Microsoft Windows Task Scheduler Privilege Escalation Vulnerability | KEV added: 2024-11-12 | KEV due: 2024-12-03 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-287 → THR-009

EXP-KEV-0318Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2024-30088 | Microsoft Windows | Microsoft Windows Kernel TOCTOU Race Condition Vulnerability | KEV added: 2024-10-15 | KEV due: 2024-11-05 | RANSOMWARE-LINKED | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0344Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2017-1000253 | Linux Kernel | Linux Kernel PIE Stack Buffer Corruption Vulnerability | KEV added: 2024-09-09 | KEV due: 2024-09-30 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-0377Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2024-26169 | Microsoft Windows | Microsoft Windows Error Reporting Service Improper Privilege Management Vulnerability | KEV added: 2024-06-13 | KEV due: 2024-07-04 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-269 → THR-018

EXP-KEV-0382Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2024-1086 | Linux Kernel | Linux Kernel Use-After-Free Vulnerability | KEV added: 2024-05-30 | KEV due: 2024-06-20 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-0396Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2024-3400 | Palo Alto Networks PAN-OS | Palo Alto Networks PAN-OS Command Injection Vulnerability | KEV added: 2024-04-12 | KEV due: 2024-04-19 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-0408Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2024-21338 | Microsoft Windows | Microsoft Windows Kernel Exposed IOCTL with Insufficient Access Control Vulnerability | KEV added: 2024-03-04 | KEV due: 2024-03-25 | RANSOMWARE-LINKED | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0411Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2024-21412 | Microsoft Windows | Microsoft Windows Internet Shortcut Files Security Feature Bypass Vulnerability | KEV added: 2024-02-13 | KEV due: 2024-03-05 | RANSOMWARE-LINKED | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0414Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2024-21762 | Fortinet FortiOS | Fortinet FortiOS Out-of-Bound Write Vulnerability | KEV added: 2024-02-09 | KEV due: 2024-02-16 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-0418Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2023-22527 | Atlassian Confluence Data Center and Server | Atlassian Confluence Data Center and Server Template Injection Vulnerability | KEV added: 2024-01-24 | KEV due: 2024-02-14 | RANSOMWARE-LINKED | Mapping: Product match: 'confluence' → THR-006

EXP-KEV-0457Valid Accounts (Credential Reuse) (T1078)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-009 — Valid Accounts (Credential Reuse)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2023-22518 | Atlassian Confluence Data Center and Server | Atlassian Confluence Data Center and Server Improper Authorization Vulnerability | KEV added: 2023-11-07 | KEV due: 2023-11-28 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-863 → THR-009

EXP-KEV-0468Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2023-22515 | Atlassian Confluence Data Center and Server | Atlassian Confluence Data Center and Server Broken Access Control Vulnerability | KEV added: 2023-10-05 | KEV due: 2023-10-13 | RANSOMWARE-LINKED | Mapping: Product match: 'confluence' → THR-006

EXP-KEV-0499Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2023-36884 | Microsoft Windows | Microsoft Windows Search Remote Code Execution Vulnerability | KEV added: 2023-07-17 | KEV due: 2023-08-29 | RANSOMWARE-LINKED | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0524External Remote Services (T1133)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-005 — External Remote Services
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2023-27997 | Fortinet FortiOS and FortiProxy SSL-VPN | Fortinet FortiOS and FortiProxy SSL-VPN Heap-Based Buffer Overflow Vulnerability | KEV added: 2023-06-13 | KEV due: 2023-07-04 | RANSOMWARE-LINKED | Mapping: Product match: 'vpn' → THR-005

EXP-KEV-0552Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2023-28252 | Microsoft Windows | Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability | KEV added: 2023-04-11 | KEV due: 2023-05-02 | RANSOMWARE-LINKED | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0558Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2019-1388 | Microsoft Windows | Microsoft Windows Certificate Dialog Privilege Escalation Vulnerability | KEV added: 2023-04-07 | KEV due: 2023-04-28 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-269 → THR-018

EXP-KEV-0570Valid Accounts (Credential Reuse) (T1078)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-009 — Valid Accounts (Credential Reuse)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2023-24880 | Microsoft Windows | Microsoft Windows SmartScreen Security Feature Bypass Vulnerability | KEV added: 2023-03-14 | KEV due: 2023-04-04 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-863 → THR-009

EXP-KEV-0580Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2023-23376 | Microsoft Windows | Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability | KEV added: 2023-02-14 | KEV due: 2023-03-07 | RANSOMWARE-LINKED | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0594External Remote Services (T1133)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-005 — External Remote Services
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2022-42475 | Fortinet FortiOS | Fortinet FortiOS Heap-Based Buffer Overflow Vulnerability | KEV added: 2022-12-13 | KEV due: 2023-01-03 | RANSOMWARE-LINKED | Mapping: Product match: 'vpn' → THR-005

EXP-KEV-0602Valid Accounts (Credential Reuse) (T1078)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-009 — Valid Accounts (Credential Reuse)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2022-41091 | Microsoft Windows | Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability | KEV added: 2022-11-08 | KEV due: 2022-12-09 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-863 → THR-009

EXP-KEV-0603Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2022-41073 | Microsoft Windows | Microsoft Windows Print Spooler Privilege Escalation Vulnerability | KEV added: 2022-11-08 | KEV due: 2022-12-09 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-0614External Remote Services (T1133)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-005 — External Remote Services
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2022-40684 | Fortinet Multiple Products | Fortinet Multiple Products Authentication Bypass Vulnerability | KEV added: 2022-10-11 | KEV due: 2022-11-01 | RANSOMWARE-LINKED | Mapping: Product match: 'fortios' → THR-005

EXP-KEV-0632Command and Scripting Interpreter (T1059)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2018-6530 | D-Link Multiple Routers | D-Link Multiple Routers OS Command Injection Vulnerability | KEV added: 2022-09-08 | KEV due: 2022-09-29 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-0634External Remote Services (T1133)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-005 — External Remote Services
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2018-13374 | Fortinet FortiOS and FortiADC | Fortinet FortiOS and FortiADC Improper Access Control Vulnerability | KEV added: 2022-09-08 | KEV due: 2022-09-29 | RANSOMWARE-LINKED | Mapping: Product match: 'fortios' → THR-005

EXP-KEV-0667Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2022-30190 | Microsoft Windows | Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability | KEV added: 2022-06-14 | KEV due: 2022-07-05 | RANSOMWARE-LINKED | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0699Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2022-26134 | Atlassian Confluence Server/Data Center | Atlassian Confluence Server and Data Center Remote Code Execution Vulnerability | KEV added: 2022-06-02 | KEV due: 2022-06-06 | RANSOMWARE-LINKED | Mapping: Product match: 'confluence' → THR-006

EXP-KEV-0726Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2017-0147 | Microsoft SMBv1 server | Microsoft Windows SMBv1 Information Disclosure Vulnerability | KEV added: 2022-05-24 | KEV due: 2022-06-14 | RANSOMWARE-LINKED | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0752Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2019-1385 | Microsoft Windows | Microsoft Windows AppX Deployment Extensions Privilege Escalation Vulnerability | KEV added: 2022-05-23 | KEV due: 2022-06-13 | RANSOMWARE-LINKED | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0753Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2019-1130 | Microsoft Windows | Microsoft Windows AppX Deployment Service Privilege Escalation Vulnerability | KEV added: 2022-05-23 | KEV due: 2022-06-13 | RANSOMWARE-LINKED | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0769Command and Scripting Interpreter (T1059)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2019-16057 | D-Link DNS-320 Storage Device | D-Link DNS-320 Remote Code Execution Vulnerability | KEV added: 2022-04-15 | KEV due: 2022-05-06 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-0776Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2022-24521 | Microsoft Windows | Microsoft Windows CLFS Driver Privilege Escalation Vulnerability | KEV added: 2022-04-13 | KEV due: 2022-05-04 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-0786Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-42287 | Microsoft Active Directory | Microsoft Active Directory Domain Services Privilege Escalation Vulnerability | KEV added: 2022-04-11 | KEV due: 2022-05-02 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-269 → THR-018

EXP-KEV-0787Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-42278 | Microsoft Active Directory | Microsoft Active Directory Domain Services Privilege Escalation Vulnerability | KEV added: 2022-04-11 | KEV due: 2022-05-02 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-0793Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2017-0148 | Microsoft SMBv1 server | Microsoft SMBv1 Server Remote Code Execution Vulnerability | KEV added: 2022-04-06 | KEV due: 2022-04-27 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-0803User Execution (T1204)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-012 — User Execution
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-38646 | Microsoft Office | Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability | KEV added: 2022-03-28 | KEV due: 2022-04-18 | RANSOMWARE-LINKED | Mapping: Product match: 'office' → THR-012

EXP-KEV-0805Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-26085 | Atlassian Confluence Server | Atlassian Confluence Server Pre-Authorization Arbitrary File Read Vulnerability | KEV added: 2022-03-28 | KEV due: 2022-04-18 | RANSOMWARE-LINKED | Mapping: Product match: 'confluence' → THR-006

EXP-KEV-0808Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2018-8440 | Microsoft Windows | Microsoft Windows Privilege Escalation Vulnerability | KEV added: 2022-03-28 | KEV due: 2022-04-18 | RANSOMWARE-LINKED | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0809Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2017-0213 | Microsoft Windows | Microsoft Windows Privilege Escalation Vulnerability | KEV added: 2022-03-28 | KEV due: 2022-04-18 | RANSOMWARE-LINKED | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0814Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2016-0151 | Microsoft Client-Server Run-time Subsystem (CSRSS) | Microsoft Windows CSRSS Security Feature Bypass Vulnerability | KEV added: 2022-03-28 | KEV due: 2022-04-18 | RANSOMWARE-LINKED | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0825Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2022-21999 | Microsoft Windows | Microsoft Windows Print Spooler Privilege Escalation Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | RANSOMWARE-LINKED | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0832External Remote Services (T1133)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-005 — External Remote Services
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2020-2021 | Palo Alto Networks PAN-OS | Palo Alto Networks PAN-OS Authentication Bypass Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | RANSOMWARE-LINKED | Mapping: Product match: 'palo alto' → THR-005

EXP-KEV-0856Web Shell (T1505.003)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-017 — Web Shell
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2017-12615 | Apache Tomcat | Apache Tomcat on Windows Remote Code Execution Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-434 → THR-017

EXP-KEV-0857Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2017-0146 | Microsoft Windows | Microsoft Windows SMB Remote Code Execution Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-0882Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2019-1405 | Microsoft Windows | Microsoft Windows Universal Plug and Play (UPnP) Service Privilege Escalation Vulnerability | KEV added: 2022-03-15 | KEV due: 2022-04-05 | RANSOMWARE-LINKED | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0883Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2019-1322 | Microsoft Windows | Microsoft Windows Privilege Escalation Vulnerability | KEV added: 2022-03-15 | KEV due: 2022-04-05 | RANSOMWARE-LINKED | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0884Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2019-1315 | Microsoft Windows | Microsoft Windows Error Reporting Manager Privilege Escalation Vulnerability | KEV added: 2022-03-15 | KEV due: 2022-04-05 | RANSOMWARE-LINKED | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0885Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2019-1253 | Microsoft Windows | Microsoft Windows AppX Deployment Server Privilege Escalation Vulnerability | KEV added: 2022-03-15 | KEV due: 2022-04-05 | RANSOMWARE-LINKED | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0887Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2019-1129 | Microsoft Windows | Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability | KEV added: 2022-03-15 | KEV due: 2022-04-05 | RANSOMWARE-LINKED | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0888Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2019-1064 | Microsoft Windows | Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability | KEV added: 2022-03-15 | KEV due: 2022-04-05 | RANSOMWARE-LINKED | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0889Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2019-0841 | Microsoft Windows | Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability | KEV added: 2022-03-15 | KEV due: 2022-04-05 | RANSOMWARE-LINKED | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0890Valid Accounts (Credential Reuse) (T1078)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-009 — Valid Accounts (Credential Reuse)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2019-0543 | Microsoft Windows | Microsoft Windows Privilege Escalation Vulnerability | KEV added: 2022-03-15 | KEV due: 2022-04-05 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-287 → THR-009

EXP-KEV-0891Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2018-8120 | Microsoft Win32k | Microsoft Win32k Privilege Escalation Vulnerability | KEV added: 2022-03-15 | KEV due: 2022-04-05 | RANSOMWARE-LINKED | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0892Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2017-0101 | Microsoft Windows | Microsoft Windows Transaction Manager Privilege Escalation Vulnerability | KEV added: 2022-03-15 | KEV due: 2022-04-05 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-0893Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2016-3309 | Microsoft Windows | Microsoft Windows Kernel Privilege Escalation Vulnerability | KEV added: 2022-03-15 | KEV due: 2022-04-05 | RANSOMWARE-LINKED | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0894Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2015-2546 | Microsoft Win32k | Microsoft Win32k Memory Corruption Vulnerability | KEV added: 2022-03-15 | KEV due: 2022-04-05 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-0902Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-41379 | Microsoft Windows | Microsoft Windows Installer Privilege Escalation Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-17 | RANSOMWARE-LINKED | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0952Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2016-0099 | Microsoft Windows | Microsoft Windows Secondary Logon Service Privilege Escalation Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | RANSOMWARE-LINKED | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0959Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2015-1701 | Microsoft Win32k | Microsoft Win32k Privilege Escalation Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | RANSOMWARE-LINKED | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0973Command and Scripting Interpreter (T1059)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2010-0188 | Adobe Reader and Acrobat | Adobe Reader and Acrobat Arbitrary Code Execution Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-94 → THR-010

EXP-KEV-0976Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2008-2992 | Adobe Acrobat and Reader | Adobe Reader and Acrobat Input Validation Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-0986Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2018-8174 | Microsoft Windows | Microsoft Windows VBScript Engine Out-of-Bounds Write Vulnerability | KEV added: 2022-02-15 | KEV due: 2022-08-15 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-0993Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2020-0796 | Microsoft SMBv3 | Microsoft SMBv3 Remote Code Execution Vulnerability | KEV added: 2022-02-10 | KEV due: 2022-08-10 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-0999Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2017-0145 | Microsoft SMBv1 | Microsoft SMBv1 Remote Code Execution Vulnerability | KEV added: 2022-02-10 | KEV due: 2022-08-10 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-1000Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2017-0144 | Microsoft SMBv1 | Microsoft SMBv1 Remote Code Execution Vulnerability | KEV added: 2022-02-10 | KEV due: 2022-08-10 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-1008Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2020-0787 | Microsoft Windows | Microsoft Windows Background Intelligent Transfer Service (BITS) Improper Privilege Management Vulnerability | KEV added: 2022-01-28 | KEV due: 2022-07-28 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-269 → THR-018

EXP-KEV-1014Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2018-8453 | Microsoft Win32k | Microsoft Win32k Privilege Escalation Vulnerability | KEV added: 2022-01-21 | KEV due: 2022-07-21 | RANSOMWARE-LINKED | Mapping: Product match: 'windows' → THR-018

EXP-KEV-1030Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2019-1458 | Microsoft Win32k | Microsoft Win32k Privilege Escalation Vulnerability | KEV added: 2022-01-10 | KEV due: 2022-07-10 | RANSOMWARE-LINKED | Mapping: Product match: 'windows' → THR-018

EXP-KEV-1032External Remote Services (T1133)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-005 — External Remote Services
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2018-13382 | Fortinet FortiOS and FortiProxy | Fortinet FortiOS and FortiProxy Improper Authorization | KEV added: 2022-01-10 | KEV due: 2022-07-10 | RANSOMWARE-LINKED | Mapping: Product match: 'vpn' → THR-005

EXP-KEV-1033Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2018-13383 | Fortinet FortiOS and FortiProxy | Fortinet FortiOS and FortiProxy Out-of-bounds Write | KEV added: 2022-01-10 | KEV due: 2022-07-10 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-1034External Remote Services (T1133)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-005 — External Remote Services
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2019-1579 | Palo Alto Networks PAN-OS | Palo Alto Networks PAN-OS Remote Code Execution Vulnerability | KEV added: 2022-01-10 | KEV due: 2022-07-10 | RANSOMWARE-LINKED | Mapping: Product match: 'globalprotect' → THR-005

EXP-KEV-1039Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-43890 | Microsoft Windows | Microsoft Windows AppX Installer Spoofing Vulnerability | KEV added: 2021-12-15 | KEV due: 2021-12-29 | RANSOMWARE-LINKED | Mapping: Product match: 'windows' → THR-018

EXP-KEV-1055Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-40449 | Microsoft Windows | Microsoft Windows Win32k Privilege Escalation Vulnerability | KEV added: 2021-11-17 | KEV due: 2021-12-01 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-1070Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-42013 | Apache HTTP Server | Apache HTTP Server Path Traversal Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-22 → THR-006

EXP-KEV-1071Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-41773 | Apache HTTP Server | Apache HTTP Server Path Traversal Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-22 → THR-006

EXP-KEV-1106Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-26084 | Atlassian Confluence Server and Data Center | Atlassian Confluence Server and Data Center Object-Graph Navigation Language (OGNL) Injection Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | RANSOMWARE-LINKED | Mapping: Product match: 'confluence' → THR-006

EXP-KEV-1107Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2019-3396 | Atlassian Confluence Server and Data Server | Atlassian Confluence Server and Data Center Server-Side Template Injection Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-22 → THR-006

EXP-KEV-1138Valid Accounts (Credential Reuse) (T1078)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-009 — Valid Accounts (Credential Reuse)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2020-12812 | Fortinet FortiOS | Fortinet FortiOS SSL VPN Improper Authentication Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-287 → THR-009

EXP-KEV-1139Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2018-13379 | Fortinet FortiOS | Fortinet FortiOS SSL VPN Path Traversal Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-22 → THR-006

EXP-KEV-1171OS Credential Dumping (T1003)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-024 — OS Credential Dumping
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2014-1812 | Microsoft Windows | Microsoft Windows Group Policy Preferences Password Privilege Escalation Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | RANSOMWARE-LINKED | Mapping: Product match: 'active directory' → THR-024

EXP-KEV-1172Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2020-0878 | Microsoft Edge and Internet Explorer | Microsoft Edge and Internet Explorer Memory Corruption Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-1190Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2017-0143 | Microsoft Windows | Microsoft Windows Server Message Block (SMBv1) Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-1191Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2019-0708 | Microsoft Remote Desktop Services | Microsoft Remote Desktop Services Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-1194Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-1732 | Microsoft Win32k | Microsoft Win32k Privilege Escalation Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-1195Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-34527 | Microsoft Windows | Microsoft Windows Print Spooler Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-269 → THR-018

EXP-KEV-1201Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-40444 | Microsoft MSHTML | Microsoft MSHTML Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-22 → THR-006

EXP-KEV-1204OS Credential Dumping (T1003)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-024 — OS Credential Dumping
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-36942 | Microsoft Windows | Microsoft Windows Local Security Authority (LSA) Spoofing Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | RANSOMWARE-LINKED | Mapping: Product match: 'ntlm' → THR-024

EXP-KEV-1205Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2019-1215 | Microsoft Windows | Microsoft Windows Privilege Escalation Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | RANSOMWARE-LINKED | Mapping: Product match: 'windows' → THR-018

EXP-KEV-1211Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2017-11882 | Microsoft Office | Microsoft Office Memory Corruption Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-1215User Execution (T1204)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-012 — User Execution
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2017-0199 | Microsoft Office and WordPad | Microsoft Office and WordPad Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | RANSOMWARE-LINKED | Mapping: Product match: 'office' → THR-012

EXP-KEV-1224Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-1675 | Microsoft Windows | Microsoft Windows Print Spooler Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | RANSOMWARE-LINKED | Mapping: Product match: 'windows' → THR-018

EXP-KEV-1233Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-36955 | Microsoft Windows | Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | RANSOMWARE-LINKED | Mapping: Product match: 'windows' → THR-018

EXP-KEV-1418Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2024-30051 | Microsoft DWM Core Library | Microsoft DWM Core Library Privilege Escalation Vulnerability | KEV added: 2024-05-14 | KEV due: 2024-06-04 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1458Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2022-44698 | Microsoft Defender | Microsoft Defender SmartScreen Security Feature Bypass Vulnerability | KEV added: 2022-12-13 | KEV due: 2023-01-03 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1495Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2020-0638 | Microsoft Update Notification Manager | Microsoft Update Notification Manager Privilege Escalation Vulnerability | KEV added: 2022-05-23 | KEV due: 2022-06-13 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1512Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2018-8406 | Microsoft DirectX Graphics Kernel (DXGKRNL) | Microsoft DirectX Graphics Kernel Privilege Escalation Vulnerability | KEV added: 2022-03-28 | KEV due: 2022-04-18 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1513Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2018-8405 | Microsoft DirectX Graphics Kernel (DXGKRNL) | Microsoft DirectX Graphics Kernel Privilege Escalation Vulnerability | KEV added: 2022-03-28 | KEV due: 2022-04-18 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1530Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2019-1069 | Microsoft Task Scheduler | Microsoft Task Scheduler Privilege Escalation Vulnerability | KEV added: 2022-03-15 | KEV due: 2022-04-05 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1572Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2019-11580 | Atlassian Crowd and Crowd Data Center | Atlassian Crowd and Crowd Data Center Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1581Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2016-0167 | Microsoft Win32k | Microsoft Win32k Privilege Escalation Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1592Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2020-1472 | Microsoft Netlogon | Microsoft Netlogon Privilege Escalation Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-0002Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2026-11645 | Google Chromium V8 | Google Chromium V8 Out-of-Bounds Read and Write Vulnerability | KEV added: 2026-06-09 | KEV due: 2026-06-23 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-0006Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-009 — Valid Accounts (Credential Reuse)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2022-0492 | Linux Kernel | Linux Kernel Improper Authentication Vulnerability | KEV added: 2026-06-02 | KEV due: 2026-06-05 | Mapping: CWE mapping: CWE-287 → THR-009

EXP-KEV-0007Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2025-48595 | Android Framework | Android Framework Integer Overflow Vulnerability | KEV added: 2026-06-02 | KEV due: 2026-06-05 | Mapping: Product match: 'android' → THR-018

EXP-KEV-0008External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-005 — External Remote Services
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2026-0257 | Palo Alto Networks PAN-OS | Palo Alto Networks PAN-OS Authentication Bypass Vulnerability | KEV added: 2026-05-29 | KEV due: 2026-06-01 | Mapping: Product match: 'vpn' → THR-005

EXP-KEV-0010Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2008-4250 | Microsoft Windows | Microsoft Windows Buffer Overflow Vulnerability | KEV added: 2026-05-20 | KEV due: 2026-06-03 | Mapping: CWE mapping: CWE-94 → THR-010

EXP-KEV-0011Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2009-3459 | Adobe Acrobat and Reader | Adobe Acrobat and Reader Heap-Based Buffer Overflow Vulnerability | KEV added: 2026-05-20 | KEV due: 2026-06-03 | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-0013Cross-Site Scripting (XSS) (T1190 (Web))HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-060 — Cross-Site Scripting (XSS)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2026-42897 | Microsoft Microsoft | Microsoft Exchange Server Cross-Site Scripting Vulnerability | KEV added: 2026-05-15 | KEV due: 2026-05-29 | Mapping: CWE mapping: CWE-79 → THR-060

EXP-KEV-0017Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2026-0300 | Palo Alto Networks PAN-OS | Palo Alto Networks PAN-OS Out-of-bounds Write Vulnerability | KEV added: 2026-05-06 | KEV due: 2026-05-09 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-0018Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2026-31431 | Linux Kernel | Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability | KEV added: 2026-05-01 | KEV due: 2026-05-15 | Mapping: Product match: 'linux' → THR-018

EXP-KEV-0021Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2026-32202 | Microsoft Windows | Microsoft Windows Protection Mechanism Failure Vulnerability | KEV added: 2026-04-28 | KEV due: 2026-05-12 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0022Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2025-29635 | D-Link DIR-823X | D-Link DIR-823X Command Injection Vulnerability | KEV added: 2026-04-24 | KEV due: 2026-05-08 | Mapping: CWE mapping: CWE-77 → THR-010

EXP-KEV-0031Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2009-0238 | Microsoft Office | Microsoft Office Remote Code Execution | KEV added: 2026-04-14 | KEV due: 2026-04-28 | Mapping: CWE mapping: CWE-94 → THR-010

EXP-KEV-0033Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2025-60710 | Microsoft Windows | Microsoft Windows Link Following Vulnerability | KEV added: 2026-04-13 | KEV due: 2026-04-27 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0035Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2023-36424 | Microsoft Windows | Microsoft Windows Out-of-Bounds Read Vulnerability | KEV added: 2026-04-13 | KEV due: 2026-04-27 | Mapping: CWE mapping: CWE-125 → THR-018

EXP-KEV-0036Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2020-9715 | Adobe Acrobat | Adobe Acrobat Use-After-Free Vulnerability | KEV added: 2026-04-13 | KEV due: 2026-04-27 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-0040Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2026-5281 | Google Dawn | Google Dawn Use-After-Free Vulnerability | KEV added: 2026-04-01 | KEV due: 2026-04-15 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-0045Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2025-43510 | Apple Multiple Products | Apple Multiple Products Improper Locking Vulnerability | KEV added: 2026-03-20 | KEV due: 2026-04-03 | Mapping: Product match: 'macos' → THR-018

EXP-KEV-0046Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2025-43520 | Apple Multiple Products | Apple Multiple Products Classic Buffer Overflow Vulnerability | KEV added: 2026-03-20 | KEV due: 2026-04-03 | Mapping: Product match: 'macos' → THR-018

EXP-KEV-0047Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2025-31277 | Apple Multiple Products | Apple Multiple Products Buffer Overflow Vulnerability | KEV added: 2026-03-20 | KEV due: 2026-04-03 | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-0051Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2026-3910 | Google Chromium V8 | Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer Vulnerability | KEV added: 2026-03-13 | KEV due: 2026-03-27 | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-0052Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2026-3909 | Google Skia | Google Skia Out-of-Bounds Write Vulnerability | KEV added: 2026-03-13 | KEV due: 2026-03-27 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-0057Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2023-43000 | Apple Multiple Products | Apple Multiple products Use-After-Free Vulnerability | KEV added: 2026-03-05 | KEV due: 2026-03-26 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-0058Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-004 — Drive-By Compromise
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-30952 | Apple Multiple Products | Apple Multiple Products Integer Overflow or Wraparound Vulnerability | KEV added: 2026-03-05 | KEV due: 2026-03-26 | Mapping: Product match: 'safari' → THR-004

EXP-KEV-0059Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2023-41974 | Apple iOS and iPadOS | Apple iOS and iPadOS Use-After-Free Vulnerability | KEV added: 2026-03-05 | KEV due: 2026-03-26 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-0068Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2008-0015 | Microsoft Windows | Microsoft Windows Video ActiveX Control Remote Code Execution Vulnerability | KEV added: 2026-02-17 | KEV due: 2026-03-10 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0069Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2026-2441 | Google Chromium | Google Chromium CSS Use-After-Free Vulnerability | KEV added: 2026-02-17 | KEV due: 2026-03-10 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-0071Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2026-20700 | Apple Multiple Products | Apple Multiple Buffer Overflow Vulnerability | KEV added: 2026-02-12 | KEV due: 2026-03-05 | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-0073Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2026-21513 | Microsoft Windows | Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability | KEV added: 2026-02-10 | KEV due: 2026-03-03 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0074Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2026-21525 | Microsoft Windows | Microsoft Windows NULL Pointer Dereference Vulnerability | KEV added: 2026-02-10 | KEV due: 2026-03-03 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0075Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2026-21510 | Microsoft Windows | Microsoft Windows Shell Protection Mechanism Failure Vulnerability | KEV added: 2026-02-10 | KEV due: 2026-03-03 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0076Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2026-21533 | Microsoft Windows | Microsoft Windows Improper Privilege Management Vulnerability | KEV added: 2026-02-10 | KEV due: 2026-03-03 | Mapping: CWE mapping: CWE-269 → THR-018

EXP-KEV-0077Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2026-21519 | Microsoft Windows | Microsoft Windows Type Confusion Vulnerability | KEV added: 2026-02-10 | KEV due: 2026-03-03 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0078User Execution (T1204)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-012 — User Execution
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2026-21514 | Microsoft Office | Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability | KEV added: 2026-02-10 | KEV due: 2026-03-03 | Mapping: Product match: 'office' → THR-012

EXP-KEV-0085External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-005 — External Remote Services
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2026-24858 | Fortinet Multiple Products | Fortinet Multiple Products Authentication Bypass Using an Alternate Path or Channel Vulnerability | KEV added: 2026-01-27 | KEV due: 2026-01-30 | Mapping: Product match: 'fortios' → THR-005

EXP-KEV-0086Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2018-14634 | Linux Kernel | Linux Kernel Integer Overflow Vulnerability | KEV added: 2026-01-26 | KEV due: 2026-02-16 | Mapping: Product match: 'linux' → THR-018

EXP-KEV-0088User Execution (T1204)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-012 — User Execution
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2026-21509 | Microsoft Office | Microsoft Office Security Feature Bypass Vulnerability | KEV added: 2026-01-26 | KEV due: 2026-02-16 | Mapping: Product match: 'office' → THR-012

EXP-KEV-0093Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2026-20805 | Microsoft Windows | Microsoft Windows Information Disclosure Vulnerability | KEV added: 2026-01-13 | KEV due: 2026-02-03 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0095Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2009-0556 | Microsoft Office | Microsoft Office PowerPoint Code Injection Vulnerability | KEV added: 2026-01-07 | KEV due: 2026-01-28 | Mapping: CWE mapping: CWE-94 → THR-010

EXP-KEV-0102External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-005 — External Remote Services
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2025-59718 | Fortinet Multiple Products | Fortinet Multiple Products Improper Verification of Cryptographic Signature Vulnerability | KEV added: 2025-12-16 | KEV due: 2025-12-23 | Mapping: Product match: 'fortios' → THR-005

EXP-KEV-0103Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2025-43529 | Apple Multiple Products | Apple Multiple Products Use-After-Free WebKit Vulnerability | KEV added: 2025-12-15 | KEV due: 2026-01-05 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-0105Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-004 — Drive-By Compromise
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2025-14174 | Google Chromium | Google Chromium Out of Bounds Memory Access Vulnerability | KEV added: 2025-12-12 | KEV due: 2026-01-02 | Mapping: Product match: 'chrome' → THR-004

EXP-KEV-0107Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2025-62221 | Microsoft Windows | Microsoft Windows Use After Free Vulnerability | KEV added: 2025-12-09 | KEV due: 2025-12-30 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-0110Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2025-48633 | Android Framework | Android Framework Information Disclosure Vulnerability | KEV added: 2025-12-02 | KEV due: 2025-12-23 | Mapping: Product match: 'android' → THR-018

EXP-KEV-0111Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2025-48572 | Android Framework | Android Framework Privilege Escalation Vulnerability | KEV added: 2025-12-02 | KEV due: 2025-12-23 | Mapping: Product match: 'android' → THR-018

EXP-KEV-0113Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2025-58034 | Fortinet FortiWeb | Fortinet FortiWeb OS Command Injection Vulnerability | KEV added: 2025-11-18 | KEV due: 2025-11-25 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-0114External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-005 — External Remote Services
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2025-64446 | Fortinet FortiWeb | Fortinet FortiWeb Path Traversal Vulnerability | KEV added: 2025-11-14 | KEV due: 2025-11-21 | Mapping: Product match: 'fortinet' → THR-005

EXP-KEV-0115Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2025-62215 | Microsoft Windows | Microsoft Windows Race Condition Vulnerability | KEV added: 2025-11-12 | KEV due: 2025-12-03 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0122Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2025-59287 | Microsoft Windows | Microsoft Windows Server Update Service (WSUS) Deserialization of Untrusted Data Vulnerability | KEV added: 2025-10-24 | KEV due: 2025-11-14 | Mapping: CWE mapping: CWE-502 → THR-006

EXP-KEV-0123Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-004 — Drive-By Compromise
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2022-48503 | Apple Multiple Products | Apple Multiple Products Unspecified Vulnerability | KEV added: 2025-10-20 | KEV due: 2025-11-10 | Mapping: Product match: 'safari' → THR-004

EXP-KEV-0124Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2025-33073 | Microsoft Windows | Microsoft Windows SMB Client Improper Access Control Vulnerability | KEV added: 2025-10-20 | KEV due: 2025-11-10 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0127Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2025-24990 | Microsoft Windows | Microsoft Windows Untrusted Pointer Dereference Vulnerability | KEV added: 2025-10-14 | KEV due: 2025-11-04 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0128Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2025-59230 | Microsoft Windows | Microsoft Windows Improper Access Control Vulnerability | KEV added: 2025-10-14 | KEV due: 2025-11-04 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0132Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-22555 | Linux Kernel | Linux Kernel Heap Out-of-Bounds Write Vulnerability | KEV added: 2025-10-06 | KEV due: 2025-10-27 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-0133Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-43226 | Microsoft Windows | Microsoft Windows Privilege Escalation Vulnerability | KEV added: 2025-10-06 | KEV due: 2025-10-27 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0134Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2013-3918 | Microsoft Windows | Microsoft Windows Out-of-Bounds Write Vulnerability | KEV added: 2025-10-06 | KEV due: 2025-10-27 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0135Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2011-3402 | Microsoft Windows | Microsoft Windows Remote Code Execution Vulnerability | KEV added: 2025-10-06 | KEV due: 2025-10-27 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0149Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2025-38352 | Linux Kernel | Linux Kernel Time-of-Check Time-of-Use (TOCTOU) Race Condition Vulnerability | KEV added: 2025-09-04 | KEV due: 2025-09-25 | Mapping: Product match: 'linux' → THR-018

EXP-KEV-0150Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-004 — Drive-By Compromise
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2025-48543 | Android Runtime | Android Runtime Use-After-Free Vulnerability | KEV added: 2025-09-04 | KEV due: 2025-09-25 | Mapping: Product match: 'chrome' → THR-004

EXP-KEV-0158Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2025-43300 | Apple iOS, iPadOS, and macOS | Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability | KEV added: 2025-08-21 | KEV due: 2025-09-11 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-0161User Execution (T1204)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-012 — User Execution
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2007-0671 | Microsoft Office | Microsoft Office Excel Remote Code Execution Vulnerability | KEV added: 2025-08-12 | KEV due: 2025-09-02 | Mapping: Product match: 'office' → THR-012

EXP-KEV-0162Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2020-25079 | D-Link DCS-2530L and DCS-2670L Devices | D-Link DCS-2530L and DCS-2670L Command Injection Vulnerability | KEV added: 2025-08-05 | KEV due: 2025-08-26 | Mapping: CWE mapping: CWE-77 → THR-010

EXP-KEV-0164Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2025-6558 | Google Chromium | Google Chromium ANGLE and GPU Improper Input Validation Vulnerability | KEV added: 2025-07-22 | KEV due: 2025-08-12 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-0168SQL Injection (T1190 (Web))HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-059 — SQL Injection
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2025-25257 | Fortinet FortiWeb | Fortinet FortiWeb SQL Injection Vulnerability | KEV added: 2025-07-18 | KEV due: 2025-08-08 | Mapping: CWE mapping: CWE-89 → THR-059

EXP-KEV-0174Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-004 — Drive-By Compromise
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2025-6554 | Google Chromium V8 | Google Chromium V8 Type Confusion Vulnerability | KEV added: 2025-07-02 | KEV due: 2025-07-23 | Mapping: Product match: 'chrome' → THR-004

EXP-KEV-0178Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2024-0769 | D-Link DIR-859 Router | D-Link DIR-859 Router Path Traversal Vulnerability | KEV added: 2025-06-25 | KEV due: 2025-07-16 | Mapping: CWE mapping: CWE-22 → THR-006

EXP-KEV-0179Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2023-0386 | Linux Kernel | Linux Kernel Improper Ownership Management Vulnerability | KEV added: 2025-06-17 | KEV due: 2025-07-08 | Mapping: Product match: 'linux' → THR-018

EXP-KEV-0181Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2025-43200 | Apple Multiple Products | Apple Multiple Products Unspecified Vulnerability | KEV added: 2025-06-16 | KEV due: 2025-07-07 | Mapping: Product match: 'macos' → THR-018

EXP-KEV-0182Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2025-33053 | Microsoft Windows | Microsoft Windows External Control of File Name or Path Vulnerability | KEV added: 2025-06-10 | KEV due: 2025-07-01 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0185Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2025-5419 | Google Chromium V8 | Google Chromium V8 Out-of-Bounds Read and Write Vulnerability | KEV added: 2025-06-05 | KEV due: 2025-06-26 | Mapping: CWE mapping: CWE-125 → THR-018

EXP-KEV-0203External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-005 — External Remote Services
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2025-32756 | Fortinet Multiple Products | Fortinet Multiple Products Stack-Based Buffer Overflow Vulnerability | KEV added: 2025-05-14 | KEV due: 2025-06-04 | Mapping: Product match: 'fortinet' → THR-005

EXP-KEV-0204Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2025-32709 | Microsoft Windows | Microsoft Windows Ancillary Function Driver for WinSock Use-After-Free Vulnerability | KEV added: 2025-05-13 | KEV due: 2025-06-03 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-0205Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2025-30397 | Microsoft Windows | Microsoft Windows Scripting Engine Type Confusion Vulnerability | KEV added: 2025-05-13 | KEV due: 2025-06-03 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0206Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2025-32706 | Microsoft Windows | Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability | KEV added: 2025-05-13 | KEV due: 2025-06-03 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0207Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2025-32701 | Microsoft Windows | Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability | KEV added: 2025-05-13 | KEV due: 2025-06-03 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-0208Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2025-30400 | Microsoft Windows | Microsoft Windows DWM Core Library Use-After-Free Vulnerability | KEV added: 2025-05-13 | KEV due: 2025-06-03 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-0213Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2024-38475 | Apache HTTP Server | Apache HTTP Server Improper Escaping of Output Vulnerability | KEV added: 2025-05-01 | KEV due: 2025-05-22 | Mapping: Product match: 'apache' → THR-006

EXP-KEV-0218OS Credential Dumping (T1003)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-024 — OS Credential Dumping
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2025-24054 | Microsoft Windows | Microsoft Windows NTLM Hash Disclosure Spoofing Vulnerability | KEV added: 2025-04-17 | KEV due: 2025-05-08 | Mapping: Product match: 'ntlm' → THR-024

EXP-KEV-0219Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2025-31201 | Apple Multiple Products | Apple Multiple Products Arbitrary Read and Write Vulnerability | KEV added: 2025-04-17 | KEV due: 2025-05-08 | Mapping: Product match: 'macos' → THR-018

EXP-KEV-0220Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2025-31200 | Apple Multiple Products | Apple Multiple Products Memory Corruption Vulnerability | KEV added: 2025-04-17 | KEV due: 2025-05-08 | Mapping: Product match: 'macos' → THR-018

EXP-KEV-0222Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2024-53150 | Linux Kernel | Linux Kernel Out-of-Bounds Read Vulnerability | KEV added: 2025-04-09 | KEV due: 2025-04-30 | Mapping: CWE mapping: CWE-125 → THR-018

EXP-KEV-0223Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2024-53197 | Linux Kernel | Linux Kernel Out-of-Bounds Access Vulnerability | KEV added: 2025-04-09 | KEV due: 2025-04-30 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-0226Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2025-24813 | Apache Tomcat | Apache Tomcat Path Equivalence Vulnerability | KEV added: 2025-04-01 | KEV due: 2025-04-22 | Mapping: CWE mapping: CWE-502 → THR-006

EXP-KEV-0227Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-004 — Drive-By Compromise
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2025-2783 | Google Chromium Mojo | Google Chromium Mojo Sandbox Escape Vulnerability | KEV added: 2025-03-27 | KEV due: 2025-04-17 | Mapping: Product match: 'chrome' → THR-004

EXP-KEV-0233Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2025-24201 | Apple Multiple Products | Apple Multiple Products WebKit Out-of-Bounds Write Vulnerability | KEV added: 2025-03-13 | KEV due: 2025-04-03 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-0234Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2025-24993 | Microsoft Windows | Microsoft Windows NTFS Heap-Based Buffer Overflow Vulnerability | KEV added: 2025-03-11 | KEV due: 2025-04-01 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0235Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2025-24991 | Microsoft Windows | Microsoft Windows NTFS Out-Of-Bounds Read Vulnerability | KEV added: 2025-03-11 | KEV due: 2025-04-01 | Mapping: CWE mapping: CWE-125 → THR-018

EXP-KEV-0236Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2025-24985 | Microsoft Windows | Microsoft Windows Fast FAT File System Driver Integer Overflow Vulnerability | KEV added: 2025-03-11 | KEV due: 2025-04-01 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0237Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2025-24984 | Microsoft Windows | Microsoft Windows NTFS Information Disclosure Vulnerability | KEV added: 2025-03-11 | KEV due: 2025-04-01 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0238Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2025-24983 | Microsoft Windows | Microsoft Windows Win32k Use-After-Free Vulnerability | KEV added: 2025-03-11 | KEV due: 2025-04-01 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-0246Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2024-50302 | Linux Kernel | Linux Kernel Use of Uninitialized Resource Vulnerability | KEV added: 2025-03-04 | KEV due: 2025-03-25 | Mapping: Product match: 'linux' → THR-018

EXP-KEV-0255External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-005 — External Remote Services
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2025-0111 | Palo Alto Networks PAN-OS | Palo Alto Networks PAN-OS File Read Vulnerability | KEV added: 2025-02-20 | KEV due: 2025-03-13 | Mapping: Product match: 'palo alto' → THR-005

EXP-KEV-0257External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-005 — External Remote Services
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2025-0108 | Palo Alto Networks PAN-OS | Palo Alto Networks PAN-OS Authentication Bypass Vulnerability | KEV added: 2025-02-18 | KEV due: 2025-03-11 | Mapping: Product match: 'palo alto' → THR-005

EXP-KEV-0260Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-009 — Valid Accounts (Credential Reuse)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2025-24200 | Apple iOS and iPadOS | Apple iOS and iPadOS Incorrect Authorization Vulnerability | KEV added: 2025-02-12 | KEV due: 2025-03-05 | Mapping: CWE mapping: CWE-863 → THR-009

EXP-KEV-0263Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2025-21418 | Microsoft Windows | Microsoft Windows Ancillary Function Driver for WinSock Heap-Based Buffer Overflow Vulnerability | KEV added: 2025-02-11 | KEV due: 2025-03-04 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0264Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2025-21391 | Microsoft Windows | Microsoft Windows Storage Link Following Vulnerability | KEV added: 2025-02-11 | KEV due: 2025-03-04 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0267Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2024-21413 | Microsoft Office Outlook | Microsoft Outlook Improper Input Validation Vulnerability | KEV added: 2025-02-06 | KEV due: 2025-02-27 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-0268Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2024-53104 | Linux Kernel | Linux Kernel Out-of-Bounds Write Vulnerability | KEV added: 2025-02-05 | KEV due: 2025-02-26 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-0271Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2025-24085 | Apple Multiple Products | Apple Multiple Products Use-After-Free Vulnerability | KEV added: 2025-01-29 | KEV due: 2025-02-19 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-0275Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2025-21335 | Microsoft Windows | Microsoft Windows Hyper-V NT Kernel Integration VSP Use-After-Free Vulnerability | KEV added: 2025-01-14 | KEV due: 2025-02-04 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-0276Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2025-21334 | Microsoft Windows | Microsoft Windows Hyper-V NT Kernel Integration VSP Use-After-Free Vulnerability | KEV added: 2025-01-14 | KEV due: 2025-02-04 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-0277Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2025-21333 | Microsoft Windows | Microsoft Windows Hyper-V NT Kernel Integration VSP Heap-based Buffer Overflow Vulnerability | KEV added: 2025-01-14 | KEV due: 2025-02-04 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0283External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-005 — External Remote Services
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2024-3393 | Palo Alto Networks PAN-OS | Palo Alto Networks PAN-OS Malicious DNS Packet Vulnerability | KEV added: 2024-12-30 | KEV due: 2025-01-20 | Mapping: Product match: 'palo alto' → THR-005

EXP-KEV-0289Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2024-35250 | Microsoft Windows | Microsoft Windows Kernel-Mode Driver Untrusted Pointer Dereference Vulnerability | KEV added: 2024-12-16 | KEV due: 2025-01-06 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0291Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2024-49138 | Microsoft Windows | Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability | KEV added: 2024-12-10 | KEV due: 2024-12-31 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0296Cross-Site Scripting (XSS) (T1190 (Web))HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-060 — Cross-Site Scripting (XSS)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2024-44309 | Apple Multiple Products | Apple Multiple Products Cross-Site Scripting (XSS) Vulnerability | KEV added: 2024-11-21 | KEV due: 2024-12-12 | Mapping: CWE mapping: CWE-79 → THR-060

EXP-KEV-0297Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2024-44308 | Apple Multiple Products | Apple Multiple Products Code Execution Vulnerability | KEV added: 2024-11-21 | KEV due: 2024-12-12 | Mapping: Product match: 'macos' → THR-018

EXP-KEV-0301SQL Injection (T1190 (Web))HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-059 — SQL Injection
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2024-9465 | Palo Alto Networks Expedition | Palo Alto Networks Expedition SQL Injection Vulnerability | KEV added: 2024-11-14 | KEV due: 2024-12-05 | Mapping: CWE mapping: CWE-89 → THR-059

EXP-KEV-0302Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2024-9463 | Palo Alto Networks Expedition | Palo Alto Networks Expedition OS Command Injection Vulnerability | KEV added: 2024-11-14 | KEV due: 2024-12-05 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-0303Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-26086 | Atlassian Jira Server and Data Center | Atlassian Jira Server and Data Center Path Traversal Vulnerability | KEV added: 2024-11-12 | KEV due: 2024-12-03 | Mapping: CWE mapping: CWE-22 → THR-006

EXP-KEV-0305OS Credential Dumping (T1003)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-024 — OS Credential Dumping
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2024-43451 | Microsoft Windows | Microsoft Windows NTLMv2 Hash Disclosure Spoofing Vulnerability | KEV added: 2024-11-12 | KEV due: 2024-12-03 | Mapping: Product match: 'ntlm' → THR-024

EXP-KEV-0308Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2024-43093 | Android Framework | Android Framework Privilege Escalation Vulnerability | KEV added: 2024-11-07 | KEV due: 2024-11-28 | Mapping: Product match: 'android' → THR-018

EXP-KEV-0309External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-005 — External Remote Services
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2024-5910 | Palo Alto Networks Expedition | Palo Alto Networks Expedition Missing Authentication Vulnerability | KEV added: 2024-11-07 | KEV due: 2024-11-28 | Mapping: Product match: 'palo alto' → THR-005

EXP-KEV-0321External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-005 — External Remote Services
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2024-23113 | Fortinet Multiple Products | Fortinet Multiple Products Format String Vulnerability | KEV added: 2024-10-09 | KEV due: 2024-10-30 | Mapping: Product match: 'fortios' → THR-005

EXP-KEV-0322Cross-Site Scripting (XSS) (T1190 (Web))HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-060 — Cross-Site Scripting (XSS)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2024-43573 | Microsoft Windows | Microsoft Windows MSHTML Platform Spoofing Vulnerability | KEV added: 2024-10-08 | KEV due: 2024-10-29 | Mapping: CWE mapping: CWE-79 → THR-060

EXP-KEV-0323Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2024-43572 | Microsoft Windows | Microsoft Windows Management Console Remote Code Execution Vulnerability | KEV added: 2024-10-08 | KEV due: 2024-10-29 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0328Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2023-25280 | D-Link DIR-820 Router | D-Link DIR-820 Router OS Command Injection Vulnerability | KEV added: 2024-09-30 | KEV due: 2024-10-21 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-0332Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2020-0618 | Microsoft SQL Server | Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability | KEV added: 2024-09-18 | KEV due: 2024-10-09 | Mapping: CWE mapping: CWE-502 → THR-006

EXP-KEV-0339Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2024-43461 | Microsoft Windows | Microsoft Windows MSHTML Platform Spoofing Vulnerability | KEV added: 2024-09-16 | KEV due: 2024-10-07 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0341User Execution (T1204)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-012 — User Execution
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2024-38217 | Microsoft Windows | Microsoft Windows Mark of the Web (MOTW) Protection Mechanism Failure Vulnerability | KEV added: 2024-09-10 | KEV due: 2024-10-01 | Mapping: Product match: 'office' → THR-012

EXP-KEV-0342Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2024-38014 | Microsoft Windows | Microsoft Windows Installer Improper Privilege Management Vulnerability | KEV added: 2024-09-10 | KEV due: 2024-10-01 | Mapping: CWE mapping: CWE-269 → THR-018

EXP-KEV-0343User Execution (T1204)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-012 — User Execution
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2024-38226 | Microsoft Publisher | Microsoft Publisher Protection Mechanism Failure Vulnerability | KEV added: 2024-09-10 | KEV due: 2024-10-01 | Mapping: Product match: 'office' → THR-012

EXP-KEV-0349Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-004 — Drive-By Compromise
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2024-7965 | Google Chromium V8 | Google Chromium V8 Inappropriate Implementation Vulnerability | KEV added: 2024-08-28 | KEV due: 2024-09-18 | Mapping: Product match: 'chrome' → THR-004

EXP-KEV-0351Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-004 — Drive-By Compromise
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2024-7971 | Google Chromium V8 | Google Chromium V8 Type Confusion Vulnerability | KEV added: 2024-08-26 | KEV due: 2024-09-16 | Mapping: Product match: 'chrome' → THR-004

EXP-KEV-0354Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2022-0185 | Linux Kernel | Linux Kernel Heap-Based Buffer Overflow Vulnerability | KEV added: 2024-08-21 | KEV due: 2024-09-11 | Mapping: Product match: 'linux' → THR-018

EXP-KEV-0359Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2024-38107 | Microsoft Windows | Microsoft Windows Power Dependency Coordinator Privilege Escalation Vulnerability | KEV added: 2024-08-13 | KEV due: 2024-09-03 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-0360Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2024-38106 | Microsoft Windows | Microsoft Windows Kernel Privilege Escalation Vulnerability | KEV added: 2024-08-13 | KEV due: 2024-09-03 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0361Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2024-38193 | Microsoft Windows | Microsoft Windows Ancillary Function Driver for WinSock Privilege Escalation Vulnerability | KEV added: 2024-08-13 | KEV due: 2024-09-03 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-0362Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2024-38213 | Microsoft Windows | Microsoft Windows SmartScreen Security Feature Bypass Vulnerability | KEV added: 2024-08-13 | KEV due: 2024-09-03 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0363Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2024-38178 | Microsoft Windows | Microsoft Windows Scripting Engine Memory Corruption Vulnerability | KEV added: 2024-08-13 | KEV due: 2024-09-03 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0364Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2024-38189 | Microsoft Project | Microsoft Project Remote Code Execution Vulnerability | KEV added: 2024-08-13 | KEV due: 2024-09-03 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-0366Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2024-36971 | Android Kernel | Android Kernel Remote Code Execution Vulnerability | KEV added: 2024-08-07 | KEV due: 2024-08-28 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-0367Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2018-0824 | Microsoft Windows | Microsoft COM for Windows Deserialization of Untrusted Data Vulnerability | KEV added: 2024-08-05 | KEV due: 2024-08-26 | Mapping: CWE mapping: CWE-502 → THR-006

EXP-KEV-0372Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2024-38080 | Microsoft Windows | Microsoft Windows Hyper-V Privilege Escalation Vulnerability | KEV added: 2024-07-09 | KEV due: 2024-07-30 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0373Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2024-38112 | Microsoft Windows | Microsoft Windows MSHTML Platform Spoofing Vulnerability | KEV added: 2024-07-09 | KEV due: 2024-07-30 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0375Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2022-2586 | Linux Kernel | Linux Kernel Use-After-Free Vulnerability | KEV added: 2024-06-26 | KEV due: 2024-07-17 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-0384Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-004 — Drive-By Compromise
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2024-5274 | Google Chromium V8 | Google Chromium V8 Type Confusion Vulnerability | KEV added: 2024-05-28 | KEV due: 2024-06-18 | Mapping: Product match: 'chrome' → THR-004

EXP-KEV-0387Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2024-4761 | Google Chromium V8 | Google Chromium V8 Out-of-Bounds Memory Write Vulnerability | KEV added: 2024-05-16 | KEV due: 2024-06-06 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-0388Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-009 — Valid Accounts (Credential Reuse)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-40655 | D-Link DIR-605 Router | D-Link DIR-605 Router Information Disclosure Vulnerability | KEV added: 2024-05-16 | KEV due: 2024-06-06 | Mapping: CWE mapping: CWE-863 → THR-009

EXP-KEV-0389Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2014-100005 | D-Link DIR-600 Router | D-Link DIR-600 Router Cross-Site Request Forgery (CSRF) Vulnerability | KEV added: 2024-05-16 | KEV due: 2024-06-06 | Mapping: CWE mapping: CWE-352 → THR-006

EXP-KEV-0390Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2024-30040 | Microsoft Windows | Microsoft Windows MSHTML Platform Security Feature Bypass Vulnerability | KEV added: 2024-05-14 | KEV due: 2024-06-04 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-0391Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2024-4671 | Google Chromium | Google Chromium Visuals Use-After-Free Vulnerability | KEV added: 2024-05-13 | KEV due: 2024-06-03 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-0395Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2022-38028 | Microsoft Windows | Microsoft Windows Print Spooler Privilege Escalation Vulnerability | KEV added: 2024-04-23 | KEV due: 2024-05-14 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0397Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2024-3273 | D-Link Multiple NAS Devices | D-Link Multiple NAS Devices Command Injection Vulnerability | KEV added: 2024-04-11 | KEV due: 2024-05-02 | Mapping: CWE mapping: CWE-77 → THR-010

EXP-KEV-0404Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2024-23225 | Apple Multiple Products | Apple Multiple Products Memory Corruption Vulnerability | KEV added: 2024-03-06 | KEV due: 2024-03-27 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-0405Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2024-23296 | Apple Multiple Products | Apple Multiple Products Memory Corruption Vulnerability | KEV added: 2024-03-06 | KEV due: 2024-03-27 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-0412Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2024-21351 | Microsoft Windows | Microsoft Windows SmartScreen Security Feature Bypass Vulnerability | KEV added: 2024-02-13 | KEV due: 2024-03-05 | Mapping: CWE mapping: CWE-94 → THR-010

EXP-KEV-0415Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-004 — Drive-By Compromise
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2023-4762 | Google Chromium V8 | Google Chromium V8 Type Confusion Vulnerability | KEV added: 2024-02-06 | KEV due: 2024-02-27 | Mapping: Product match: 'chrome' → THR-004

EXP-KEV-0416Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2022-48618 | Apple Multiple Products | Apple Multiple Products Memory Corruption Vulnerability | KEV added: 2024-01-31 | KEV due: 2024-02-21 | Mapping: Product match: 'macos' → THR-018

EXP-KEV-0419Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-004 — Drive-By Compromise
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2024-23222 | Apple Multiple Products | Apple Multiple Products WebKit Type Confusion Vulnerability | KEV added: 2024-01-23 | KEV due: 2024-02-13 | Mapping: Product match: 'safari' → THR-004

EXP-KEV-0422Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2024-0519 | Google Chromium V8 | Google Chromium V8 Out-of-Bounds Memory Access Vulnerability | KEV added: 2024-01-17 | KEV due: 2024-02-07 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-0430Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2016-20017 | D-Link DSL-2750B Devices | D-Link DSL-2750B Devices Command Injection Vulnerability | KEV added: 2024-01-08 | KEV due: 2024-01-29 | Mapping: CWE mapping: CWE-77 → THR-010

EXP-KEV-0431Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2023-41990 | Apple Multiple Products | Apple Multiple Products Code Execution Vulnerability | KEV added: 2024-01-08 | KEV due: 2024-01-29 | Mapping: Product match: 'macos' → THR-018

EXP-KEV-0442Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2023-42917 | Apple Multiple Products | Apple Multiple Products WebKit Memory Corruption Vulnerability | KEV added: 2023-12-04 | KEV due: 2023-12-25 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-0443Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2023-42916 | Apple Multiple Products | Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability | KEV added: 2023-12-04 | KEV due: 2023-12-25 | Mapping: CWE mapping: CWE-125 → THR-018

EXP-KEV-0444Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-004 — Drive-By Compromise
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2023-6345 | Google Chromium Skia | Google Skia Integer Overflow Vulnerability | KEV added: 2023-11-30 | KEV due: 2023-12-21 | Mapping: Product match: 'chrome' → THR-004

EXP-KEV-0446Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2023-36584 | Microsoft Windows | Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability | KEV added: 2023-11-16 | KEV due: 2023-12-07 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0448Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2023-36033 | Microsoft Windows | Microsoft Windows Desktop Window Manager (DWM) Core Library Privilege Escalation Vulnerability | KEV added: 2023-11-14 | KEV due: 2023-12-05 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0449Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2023-36025 | Microsoft Windows | Microsoft Windows SmartScreen Security Feature Bypass Vulnerability | KEV added: 2023-11-14 | KEV due: 2023-12-05 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0450Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2023-36036 | Microsoft Windows | Microsoft Windows Cloud Files Mini Filter Driver Privilege Escalation Vulnerability | KEV added: 2023-11-14 | KEV due: 2023-12-05 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0464Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2023-21608 | Adobe Acrobat and Reader | Adobe Acrobat and Reader Use-After-Free Vulnerability | KEV added: 2023-10-10 | KEV due: 2023-10-31 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-0466Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2023-41763 | Microsoft Skype for Business | Microsoft Skype for Business Privilege Escalation Vulnerability | KEV added: 2023-10-10 | KEV due: 2023-10-31 | Mapping: CWE mapping: CWE-918 → THR-006

EXP-KEV-0467Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2023-36563 | Microsoft WordPad | Microsoft WordPad Information Disclosure Vulnerability | KEV added: 2023-10-10 | KEV due: 2023-10-31 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-0470Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2023-42824 | Apple iOS and iPadOS | Apple iOS and iPadOS Kernel Privilege Escalation Vulnerability | KEV added: 2023-10-05 | KEV due: 2023-10-26 | Mapping: Product match: 'ios' → THR-018

EXP-KEV-0471Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2023-28229 | Microsoft Windows CNG Key Isolation Service | Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability | KEV added: 2023-10-04 | KEV due: 2023-10-25 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0473Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2023-5217 | Google Chromium libvpx | Google Chromium libvpx Heap Buffer Overflow Vulnerability | KEV added: 2023-10-02 | KEV due: 2023-10-23 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-0475Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2023-41991 | Apple Multiple Products | Apple Multiple Products Improper Certificate Validation Vulnerability | KEV added: 2023-09-25 | KEV due: 2023-10-16 | Mapping: Product match: 'macos' → THR-018

EXP-KEV-0476Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2023-41992 | Apple Multiple Products | Apple Multiple Products Kernel Privilege Escalation Vulnerability | KEV added: 2023-09-25 | KEV due: 2023-10-16 | Mapping: Product match: 'macos' → THR-018

EXP-KEV-0477Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-004 — Drive-By Compromise
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2023-41993 | Apple Multiple Products | Apple Multiple Products WebKit Code Execution Vulnerability | KEV added: 2023-09-25 | KEV due: 2023-10-16 | Mapping: Product match: 'safari' → THR-004

EXP-KEV-0481Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2023-26369 | Adobe Acrobat and Reader | Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability | KEV added: 2023-09-14 | KEV due: 2023-10-05 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-0482Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2023-35674 | Android Framework | Android Framework Privilege Escalation Vulnerability | KEV added: 2023-09-13 | KEV due: 2023-10-04 | Mapping: Product match: 'android' → THR-018

EXP-KEV-0484Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2023-4863 | Google Chromium WebP | Google Chromium WebP Heap-Based Buffer Overflow Vulnerability | KEV added: 2023-09-13 | KEV due: 2023-10-04 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-0485Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2023-36802 | Microsoft Streaming Service Proxy | Microsoft Streaming Service Proxy Privilege Escalation Vulnerability | KEV added: 2023-09-12 | KEV due: 2023-10-03 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-0486Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2023-41064 | Apple iOS, iPadOS, and macOS | Apple iOS, iPadOS, and macOS ImageIO Buffer Overflow Vulnerability | KEV added: 2023-09-11 | KEV due: 2023-10-02 | Mapping: Product match: 'macos' → THR-018

EXP-KEV-0487Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2023-41061 | Apple iOS, iPadOS, and watchOS | Apple iOS, iPadOS, and watchOS Wallet Code Execution Vulnerability | KEV added: 2023-09-11 | KEV due: 2023-10-02 | Mapping: Product match: 'ios' → THR-018

EXP-KEV-0496Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2023-38606 | Apple Multiple Products | Apple Multiple Products Kernel Unspecified Vulnerability | KEV added: 2023-07-26 | KEV due: 2023-08-16 | Mapping: Product match: 'macos' → THR-018

EXP-KEV-0501Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-004 — Drive-By Compromise
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2023-37450 | Apple Multiple Products | Apple Multiple Products WebKit Code Execution Vulnerability | KEV added: 2023-07-13 | KEV due: 2023-08-03 | Mapping: Product match: 'safari' → THR-004

EXP-KEV-0502Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2023-32046 | Microsoft Windows | Microsoft Windows MSHTML Platform Privilege Escalation Vulnerability | KEV added: 2023-07-11 | KEV due: 2023-08-01 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0503Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2023-32049 | Microsoft Windows | Microsoft Windows Defender SmartScreen Security Feature Bypass Vulnerability | KEV added: 2023-07-11 | KEV due: 2023-08-01 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0504Spear Phishing Attachment (T1566.001)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-002 — Spear Phishing Attachment
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2023-35311 | Microsoft Outlook | Microsoft Outlook Security Feature Bypass Vulnerability | KEV added: 2023-07-11 | KEV due: 2023-08-01 | Mapping: Product match: 'outlook' → THR-002

EXP-KEV-0505Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2023-36874 | Microsoft Windows | Microsoft Windows Error Reporting Service Privilege Escalation Vulnerability | KEV added: 2023-07-11 | KEV due: 2023-08-01 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0508Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2019-17621 | D-Link DIR-859 Router | D-Link DIR-859 Router Command Execution Vulnerability | KEV added: 2023-06-29 | KEV due: 2023-07-20 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-0509Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2019-20500 | D-Link DWL-2600AP Access Point | D-Link DWL-2600AP Access Point Command Injection Vulnerability | KEV added: 2023-06-29 | KEV due: 2023-07-20 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-0514Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2023-32434 | Apple Multiple Products | Apple Multiple Products Integer Overflow Vulnerability | KEV added: 2023-06-23 | KEV due: 2023-07-14 | Mapping: Product match: 'macos' → THR-018

EXP-KEV-0515Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2023-32435 | Apple Multiple Products | Apple Multiple Products WebKit Memory Corruption Vulnerability | KEV added: 2023-06-23 | KEV due: 2023-07-14 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-0516Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-004 — Drive-By Compromise
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2023-32439 | Apple Multiple Products | Apple Multiple Products WebKit Type Confusion Vulnerability | KEV added: 2023-06-23 | KEV due: 2023-07-14 | Mapping: Product match: 'safari' → THR-004

EXP-KEV-0525Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-004 — Drive-By Compromise
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2023-3079 | Google Chromium V8 | Google Chromium V8 Type Confusion Vulnerability | KEV added: 2023-06-07 | KEV due: 2023-06-28 | Mapping: Product match: 'chrome' → THR-004

EXP-KEV-0531Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-004 — Drive-By Compromise
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2023-32409 | Apple Multiple Products | Apple Multiple Products WebKit Sandbox Escape Vulnerability | KEV added: 2023-05-22 | KEV due: 2023-06-12 | Mapping: Product match: 'safari' → THR-004

EXP-KEV-0532Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2023-28204 | Apple Multiple Products | Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability | KEV added: 2023-05-22 | KEV due: 2023-06-12 | Mapping: CWE mapping: CWE-125 → THR-018

EXP-KEV-0533Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2023-32373 | Apple Multiple Products | Apple Multiple Products WebKit Use-After-Free Vulnerability | KEV added: 2023-05-22 | KEV due: 2023-06-12 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-0539Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2014-0196 | Linux Kernel | Linux Kernel Race Condition Vulnerability | KEV added: 2023-05-12 | KEV due: 2023-06-02 | Mapping: Product match: 'linux' → THR-018

EXP-KEV-0540Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2010-3904 | Linux Kernel | Linux Kernel Improper Input Validation Vulnerability | KEV added: 2023-05-12 | KEV due: 2023-06-02 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-0542Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2016-8735 | Apache Tomcat | Apache Tomcat Remote Code Execution Vulnerability | KEV added: 2023-05-12 | KEV due: 2023-06-02 | Mapping: Product match: 'apache' → THR-006

EXP-KEV-0543Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2023-29336 | Microsoft Win32k | Microsoft Win32K Privilege Escalation Vulnerability | KEV added: 2023-05-09 | KEV due: 2023-05-30 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-0546Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-004 — Drive-By Compromise
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2023-2136 | Google Chromium Skia | Google Chrome Skia Integer Overflow Vulnerability | KEV added: 2023-04-21 | KEV due: 2023-05-12 | Mapping: Product match: 'chrome' → THR-004

EXP-KEV-0548Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2019-8526 | Apple macOS | Apple macOS Use-After-Free Vulnerability | KEV added: 2023-04-17 | KEV due: 2023-05-08 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-0549Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-004 — Drive-By Compromise
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2023-2033 | Google Chromium V8 | Google Chromium V8 Type Confusion Vulnerability | KEV added: 2023-04-17 | KEV due: 2023-05-08 | Mapping: Product match: 'chrome' → THR-004

EXP-KEV-0550Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2023-20963 | Android Framework | Android Framework Privilege Escalation Vulnerability | KEV added: 2023-04-13 | KEV due: 2023-05-04 | Mapping: Product match: 'android' → THR-018

EXP-KEV-0553Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2023-28205 | Apple Multiple Products | Apple Multiple Products WebKit Use-After-Free Vulnerability | KEV added: 2023-04-10 | KEV due: 2023-05-01 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-0554Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2023-28206 | Apple iOS, iPadOS, and macOS | Apple iOS, iPadOS, and macOS IOSurfaceAccelerator Out-of-Bounds Write Vulnerability | KEV added: 2023-04-10 | KEV due: 2023-05-01 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-0564Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-30900 | Apple iOS, iPadOS, and macOS | Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability | KEV added: 2023-03-30 | KEV due: 2023-04-20 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-0566Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2023-0266 | Linux Kernel | Linux Kernel Use-After-Free Vulnerability | KEV added: 2023-03-30 | KEV due: 2023-04-20 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-0567Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2022-3038 | Google Chromium Network Service | Google Chromium Network Service Use-After-Free Vulnerability | KEV added: 2023-03-30 | KEV due: 2023-04-20 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-0569Spear Phishing Attachment (T1566.001)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-002 — Spear Phishing Attachment
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2023-23397 | Microsoft Office | Microsoft Office Outlook Privilege Escalation Vulnerability | KEV added: 2023-03-14 | KEV due: 2023-04-04 | Mapping: Product match: 'outlook' → THR-002

EXP-KEV-0571Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2022-41328 | Fortinet FortiOS | Fortinet FortiOS Path Traversal Vulnerability | KEV added: 2023-03-14 | KEV due: 2023-04-04 | Mapping: CWE mapping: CWE-22 → THR-006

EXP-KEV-0579Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-009 — Valid Accounts (Credential Reuse)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2023-21715 | Microsoft Office | Microsoft Office Publisher Security Feature Bypass Vulnerability | KEV added: 2023-02-14 | KEV due: 2023-03-07 | Mapping: CWE mapping: CWE-863 → THR-009

EXP-KEV-0581Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-004 — Drive-By Compromise
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2023-23529 | Apple Multiple Products | Apple Multiple Products WebKit Type Confusion Vulnerability | KEV added: 2023-02-14 | KEV due: 2023-03-07 | Mapping: Product match: 'safari' → THR-004

EXP-KEV-0582Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2023-21823 | Microsoft Windows | Microsoft Windows Graphic Component Privilege Escalation Vulnerability | KEV added: 2023-02-14 | KEV due: 2023-03-07 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0590Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2023-21674 | Microsoft Windows | Microsoft Windows Advanced Local Procedure Call (ALPC) Privilege Escalation Vulnerability | KEV added: 2023-01-10 | KEV due: 2023-01-31 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-0593Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2022-42856 | Apple iOS | Apple iOS Type Confusion Vulnerability | KEV added: 2022-12-14 | KEV due: 2023-01-04 | Mapping: Product match: 'ios' → THR-018

EXP-KEV-0598Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-004 — Drive-By Compromise
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2022-4262 | Google Chromium V8 | Google Chromium V8 Type Confusion Vulnerability | KEV added: 2022-12-05 | KEV due: 2022-12-26 | Mapping: Product match: 'chrome' → THR-004

EXP-KEV-0600Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2022-4135 | Google Chromium GPU | Google Chromium GPU Heap Buffer Overflow Vulnerability | KEV added: 2022-11-28 | KEV due: 2022-12-19 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-0601Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2022-41049 | Microsoft Windows | Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability | KEV added: 2022-11-14 | KEV due: 2022-12-09 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0604Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2022-41125 | Microsoft Windows | Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability | KEV added: 2022-11-08 | KEV due: 2022-12-09 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-0605Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2022-41128 | Microsoft Windows | Microsoft Windows Scripting Languages Remote Code Execution Vulnerability | KEV added: 2022-11-08 | KEV due: 2022-12-09 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-0608Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-004 — Drive-By Compromise
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2022-3723 | Google Chromium V8 | Google Chromium V8 Type Confusion Vulnerability | KEV added: 2022-10-28 | KEV due: 2022-11-18 | Mapping: Product match: 'chrome' → THR-004

EXP-KEV-0609Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2022-42827 | Apple iOS and iPadOS | Apple iOS and iPadOS Out-of-Bounds Write Vulnerability | KEV added: 2022-10-25 | KEV due: 2022-11-15 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-0613Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-009 — Valid Accounts (Credential Reuse)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-3493 | Linux Kernel | Linux Kernel Privilege Escalation Vulnerability | KEV added: 2022-10-20 | KEV due: 2022-11-10 | Mapping: CWE mapping: CWE-862 → THR-009

EXP-KEV-0615Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2022-41033 | Microsoft Windows COM+ Event System Service | Microsoft Windows COM+ Event System Service Privilege Escalation Vulnerability | KEV added: 2022-10-11 | KEV due: 2022-11-01 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0618Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2022-36804 | Atlassian Bitbucket Server and Data Center | Atlassian Bitbucket Server and Data Center Command Injection Vulnerability | KEV added: 2022-09-30 | KEV due: 2022-10-21 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-0621Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2013-6282 | Linux Kernel | Linux Kernel Improper Input Validation Vulnerability | KEV added: 2022-09-15 | KEV due: 2022-10-06 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-0623Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2013-2596 | Linux Kernel | Linux Kernel Integer Overflow Vulnerability | KEV added: 2022-09-15 | KEV due: 2022-10-06 | Mapping: Product match: 'linux' → THR-018

EXP-KEV-0624Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2013-2094 | Linux Kernel | Linux Kernel Privilege Escalation Vulnerability | KEV added: 2022-09-15 | KEV due: 2022-10-06 | Mapping: Product match: 'linux' → THR-018

EXP-KEV-0625Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2010-2568 | Microsoft Windows | Microsoft Windows Remote Code Execution Vulnerability | KEV added: 2022-09-15 | KEV due: 2022-10-06 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-0626Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2022-37969 | Microsoft Windows | Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability | KEV added: 2022-09-14 | KEV due: 2022-10-05 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-0627Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2022-32917 | Apple iOS, iPadOS, and macOS | Apple iOS, iPadOS, and macOS Remote Code Execution Vulnerability | KEV added: 2022-09-14 | KEV due: 2022-10-05 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-0628Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2022-3075 | Google Chromium Mojo | Google Chromium Mojo Insufficient Data Validation Vulnerability | KEV added: 2022-09-08 | KEV due: 2022-09-29 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-0629Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2022-26258 | D-Link DIR-820L | D-Link DIR-820L Remote Code Execution Vulnerability | KEV added: 2022-09-08 | KEV due: 2022-09-29 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-0630Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2020-9934 | Apple iOS, iPadOS, and macOS | Apple iOS, iPadOS, and macOS Input Validation Vulnerability | KEV added: 2022-09-08 | KEV due: 2022-09-29 | Mapping: Product match: 'macos' → THR-018

EXP-KEV-0635Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2011-1823 | Android Android OS | Android OS Privilege Escalation Vulnerability | KEV added: 2022-09-08 | KEV due: 2022-09-29 | Mapping: Product match: 'android' → THR-018

EXP-KEV-0643Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-31010 | Apple iOS, macOS, watchOS | Apple iOS, macOS, watchOS Sandbox Bypass Vulnerability | KEV added: 2022-08-25 | KEV due: 2022-09-15 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-0646External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-005 — External Remote Services
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2022-0028 | Palo Alto Networks PAN-OS | Palo Alto Networks PAN-OS Reflected Amplification Denial-of-Service Vulnerability | KEV added: 2022-08-22 | KEV due: 2022-09-12 | Mapping: Product match: 'palo alto' → THR-005

EXP-KEV-0647Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2022-32894 | Apple iOS and macOS | Apple iOS and macOS Out-of-Bounds Write Vulnerability | KEV added: 2022-08-18 | KEV due: 2022-09-08 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-0648Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2022-32893 | Apple iOS and macOS | Apple iOS and macOS Out-of-Bounds Write Vulnerability | KEV added: 2022-08-18 | KEV due: 2022-09-08 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-0649Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2022-2856 | Google Chromium Intents | Google Chromium Intents Insufficient Input Validation Vulnerability | KEV added: 2022-08-18 | KEV due: 2022-09-08 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-0650OS Credential Dumping (T1003)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-024 — OS Credential Dumping
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2022-26923 | Microsoft Active Directory | Microsoft Active Directory Domain Services Privilege Escalation Vulnerability | KEV added: 2022-08-18 | KEV due: 2022-09-08 | Mapping: Product match: 'active directory' → THR-024

EXP-KEV-0651Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2022-21971 | Microsoft Windows | Microsoft Windows Runtime Remote Code Execution Vulnerability | KEV added: 2022-08-18 | KEV due: 2022-09-08 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0652External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-005 — External Remote Services
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2017-15944 | Palo Alto Networks PAN-OS | Palo Alto Networks PAN-OS Remote Code Execution Vulnerability | KEV added: 2022-08-18 | KEV due: 2022-09-08 | Mapping: Product match: 'palo alto' → THR-005

EXP-KEV-0654Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2022-34713 | Microsoft Windows | Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability | KEV added: 2022-08-09 | KEV due: 2022-08-30 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0656Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2022-26138 | Atlassian Confluence | Atlassian Questions For Confluence App Hard-coded Credentials Vulnerability | KEV added: 2022-07-29 | KEV due: 2022-08-19 | Mapping: Product match: 'confluence' → THR-006

EXP-KEV-0657Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2022-22047 | Microsoft Windows | Microsoft Windows Client Server Runtime Subsystem (CSRSS) Privilege Escalation Vulnerability | KEV added: 2022-07-12 | KEV due: 2022-08-02 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0658OS Credential Dumping (T1003)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-024 — OS Credential Dumping
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2022-26925 | Microsoft Windows | Microsoft Windows LSA Spoofing Vulnerability | KEV added: 2022-07-01 | KEV due: 2022-07-22 | Mapping: Product match: 'ntlm' → THR-024

EXP-KEV-0660Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-009 — Valid Accounts (Credential Reuse)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-30533 | Google Chromium PopupBlocker | Google Chromium PopupBlocker Security Bypass Vulnerability | KEV added: 2022-06-27 | KEV due: 2022-07-18 | Mapping: CWE mapping: CWE-863 → THR-009

EXP-KEV-0662Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-30983 | Apple iOS and iPadOS | Apple iOS and iPadOS Buffer Overflow Vulnerability | KEV added: 2022-06-27 | KEV due: 2022-07-18 | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-0663Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2020-3837 | Apple Multiple Products | Apple Multiple Products Memory Corruption Vulnerability | KEV added: 2022-06-27 | KEV due: 2022-07-18 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-0664Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2020-9907 | Apple Multiple Products | Apple Multiple Products Memory Corruption Vulnerability | KEV added: 2022-06-27 | KEV due: 2022-07-18 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-0665Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2019-8605 | Apple Multiple Products | Apple Multiple Products Use-After-Free Vulnerability | KEV added: 2022-06-27 | KEV due: 2022-07-18 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-0666Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2018-4344 | Apple Multiple Products | Apple Multiple Products Memory Corruption Vulnerability | KEV added: 2022-06-27 | KEV due: 2022-07-18 | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-0673Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2019-5825 | Google Chromium V8 | Google Chromium V8 Out-of-Bounds Write Vulnerability | KEV added: 2022-06-08 | KEV due: 2022-06-22 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-0675Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2018-6065 | Google Chromium V8 | Google Chromium V8 Integer Overflow Vulnerability | KEV added: 2022-06-08 | KEV due: 2022-06-22 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-0676Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2018-17480 | Google Chromium V8 | Google Chromium V8 Out-of-Bounds Write Vulnerability | KEV added: 2022-06-08 | KEV due: 2022-06-22 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-0677Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-004 — Drive-By Compromise
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2018-17463 | Google Chromium V8 | Google Chromium V8 Remote Code Execution Vulnerability | KEV added: 2022-06-08 | KEV due: 2022-06-22 | Mapping: Product match: 'chrome' → THR-004

EXP-KEV-0679Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-004 — Drive-By Compromise
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2017-5070 | Google Chromium V8 | Google Chromium V8 Type Confusion Vulnerability | KEV added: 2022-06-08 | KEV due: 2022-06-22 | Mapping: Product match: 'chrome' → THR-004

EXP-KEV-0680Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2017-5030 | Google Chromium V8 | Google Chromium V8 Memory Corruption Vulnerability | KEV added: 2022-06-08 | KEV due: 2022-06-22 | Mapping: CWE mapping: CWE-125 → THR-018

EXP-KEV-0681Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2016-5198 | Google Chromium V8 | Google Chromium V8 Out-of-Bounds Memory Vulnerability | KEV added: 2022-06-08 | KEV due: 2022-06-22 | Mapping: CWE mapping: CWE-125 → THR-018

EXP-KEV-0682Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2016-1646 | Google Chromium V8 | Google Chromium V8 Out-of-Bounds Read Vulnerability | KEV added: 2022-06-08 | KEV due: 2022-06-22 | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-0683Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2013-1331 | Microsoft Office | Microsoft Office Buffer Overflow Vulnerability | KEV added: 2022-06-08 | KEV due: 2022-06-22 | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-0685Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2012-1889 | Microsoft XML Core Services | Microsoft XML Core Services Memory Corruption Vulnerability | KEV added: 2022-06-08 | KEV due: 2022-06-22 | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-0688Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2012-0151 | Microsoft Windows | Microsoft Windows Authenticode Signature Verification Remote Code Execution Vulnerability | KEV added: 2022-06-08 | KEV due: 2022-06-22 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-0689Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2011-2462 | Adobe Reader and Acrobat | Adobe Reader and Acrobat Universal 3D Memory Corruption Vulnerability | KEV added: 2022-06-08 | KEV due: 2022-06-22 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-0691Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2010-2883 | Adobe Acrobat and Reader | Adobe Acrobat and Reader Stack-Based Buffer Overflow Vulnerability | KEV added: 2022-06-08 | KEV due: 2022-06-22 | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-0692Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2010-2572 | Microsoft PowerPoint | Microsoft PowerPoint Buffer Overflow Vulnerability | KEV added: 2022-06-08 | KEV due: 2022-06-22 | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-0694Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2009-3953 | Adobe Acrobat and Reader | Adobe Acrobat and Reader Universal 3D Remote Code Execution Vulnerability | KEV added: 2022-06-08 | KEV due: 2022-06-22 | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-0695Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2009-1862 | Adobe Acrobat and Reader, Flash Player | Adobe Acrobat and Reader, Flash Player Unspecified Vulnerability | KEV added: 2022-06-08 | KEV due: 2022-06-22 | Mapping: CWE mapping: CWE-94 → THR-010

EXP-KEV-0696Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2009-0563 | Microsoft Office | Microsoft Office Buffer Overflow Vulnerability | KEV added: 2022-06-08 | KEV due: 2022-06-22 | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-0697Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2009-0557 | Microsoft Office | Microsoft Office Object Record Corruption Vulnerability | KEV added: 2022-06-08 | KEV due: 2022-06-22 | Mapping: CWE mapping: CWE-94 → THR-010

EXP-KEV-0698Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2007-5659 | Adobe Acrobat and Reader | Adobe Acrobat and Reader Buffer Overflow Vulnerability | KEV added: 2022-06-08 | KEV due: 2022-06-22 | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-0700Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2016-3393 | Microsoft Windows | Microsoft Windows Graphics Device Interface (GDI) Remote Code Execution Vulnerability | KEV added: 2022-05-25 | KEV due: 2022-06-15 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0701Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2016-7256 | Microsoft Windows | Microsoft Windows Open Type Font Remote Code Execution Vulnerability | KEV added: 2022-05-25 | KEV due: 2022-06-15 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0706Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2015-0016 | Microsoft Windows | Microsoft Windows TS WebProxy Directory Traversal Vulnerability | KEV added: 2022-05-25 | KEV due: 2022-06-15 | Mapping: CWE mapping: CWE-22 → THR-006

EXP-KEV-0707Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2015-2360 | Microsoft Win32k | Microsoft Win32k Privilege Escalation Vulnerability | KEV added: 2022-05-25 | KEV due: 2022-06-15 | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-0709Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2015-1769 | Microsoft Windows | Microsoft Windows Mount Manager Privilege Escalation Vulnerability | KEV added: 2022-05-25 | KEV due: 2022-06-15 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0712Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2015-6175 | Microsoft Windows | Microsoft Windows Kernel Privilege Escalation Vulnerability | KEV added: 2022-05-25 | KEV due: 2022-06-15 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0713User Execution (T1204)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-012 — User Execution
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2015-1671 | Microsoft Windows | Microsoft Windows Remote Code Execution Vulnerability | KEV added: 2022-05-25 | KEV due: 2022-06-15 | Mapping: Product match: 'office' → THR-012

EXP-KEV-0714Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2014-4148 | Microsoft Windows | Microsoft Windows Remote Code Execution Vulnerability | KEV added: 2022-05-25 | KEV due: 2022-06-15 | Mapping: CWE mapping: CWE-94 → THR-010

EXP-KEV-0716Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2014-0546 | Adobe Reader and Acrobat | Adobe Reader and Acrobat Sandbox Bypass Vulnerability | KEV added: 2022-05-25 | KEV due: 2022-06-15 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0718Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2014-3153 | Linux Kernel | Linux Kernel Privilege Escalation Vulnerability | KEV added: 2022-05-25 | KEV due: 2022-06-15 | Mapping: CWE mapping: CWE-269 → THR-018

EXP-KEV-0722Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2018-8611 | Microsoft Windows | Microsoft Windows Kernel Privilege Escalation Vulnerability | KEV added: 2022-05-24 | KEV due: 2022-06-14 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0727Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2017-0005 | Microsoft Windows | Microsoft Windows Graphics Device Interface (GDI) Privilege Escalation Vulnerability | KEV added: 2022-05-24 | KEV due: 2022-06-14 | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-0729Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2017-8543 | Microsoft Windows | Microsoft Windows Search Remote Code Execution Vulnerability | KEV added: 2022-05-24 | KEV due: 2022-06-14 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0732Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2016-4655 | Apple iOS | Apple iOS Information Disclosure Vulnerability | KEV added: 2022-05-24 | KEV due: 2022-06-14 | Mapping: Product match: 'ios' → THR-018

EXP-KEV-0733Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2016-4656 | Apple iOS | Apple iOS Memory Corruption Vulnerability | KEV added: 2022-05-24 | KEV due: 2022-06-14 | Mapping: Product match: 'ios' → THR-018

EXP-KEV-0734Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2016-4657 | Apple iOS | Apple iOS Webkit Memory Corruption Vulnerability | KEV added: 2022-05-24 | KEV due: 2022-06-14 | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-0738Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-1048 | Android Kernel | Android Kernel Use-After-Free Vulnerability | KEV added: 2022-05-23 | KEV due: 2022-06-13 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-0739Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-0920 | Android Kernel | Android Kernel Race Condition Vulnerability | KEV added: 2022-05-23 | KEV due: 2022-06-13 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-0740Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-30883 | Apple Multiple Products | Apple Multiple Products Memory Corruption Vulnerability | KEV added: 2022-05-23 | KEV due: 2022-06-13 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-0741Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2020-1027 | Microsoft Windows | Microsoft Windows Kernel Privilege Escalation Vulnerability | KEV added: 2022-05-23 | KEV due: 2022-06-13 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-0742Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2019-7286 | Apple Multiple Products | Apple Multiple Products Memory Corruption Vulnerability | KEV added: 2022-05-23 | KEV due: 2022-06-13 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-0743Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2019-7287 | Apple iOS | Apple iOS Memory Corruption Vulnerability | KEV added: 2022-05-23 | KEV due: 2022-06-13 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-0744Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2019-5786 | Google Chrome Blink | Google Chrome Blink Use-After-Free Vulnerability | KEV added: 2022-05-23 | KEV due: 2022-06-13 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-0745Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2019-0703 | Microsoft Windows | Microsoft Windows SMB Information Disclosure Vulnerability | KEV added: 2022-05-23 | KEV due: 2022-06-13 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0746Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2019-0880 | Microsoft Windows | Microsoft Windows Privilege Escalation Vulnerability | KEV added: 2022-05-23 | KEV due: 2022-06-13 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0747Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2019-13720 | Google Chrome WebAudio | Google Chrome WebAudio Use-After-Free Vulnerability | KEV added: 2022-05-23 | KEV due: 2022-06-13 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-0755Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2018-8589 | Microsoft Win32k | Microsoft Win32k Privilege Escalation Vulnerability | KEV added: 2022-05-23 | KEV due: 2022-06-13 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0761Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2022-26904 | Microsoft Windows | Microsoft Windows User Profile Service Privilege Escalation Vulnerability | KEV added: 2022-04-25 | KEV due: 2022-05-16 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0762Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2022-21919 | Microsoft Windows | Microsoft Windows User Profile Service Privilege Escalation Vulnerability | KEV added: 2022-04-25 | KEV due: 2022-05-16 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0763Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2022-0847 | Linux Kernel | Linux Kernel Privilege Escalation Vulnerability | KEV added: 2022-04-25 | KEV due: 2022-05-16 | Mapping: Product match: 'linux' → THR-018

EXP-KEV-0766Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2022-22718 | Microsoft Windows | Microsoft Windows Print Spooler Privilege Escalation Vulnerability | KEV added: 2022-04-19 | KEV due: 2022-05-10 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0767Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-004 — Drive-By Compromise
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2022-1364 | Google Chromium V8 | Google Chromium V8 Type Confusion Vulnerability | KEV added: 2022-04-15 | KEV due: 2022-05-06 | Mapping: Product match: 'chrome' → THR-004

EXP-KEV-0790Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-22600 | Linux Kernel | Linux Kernel Privilege Escalation Vulnerability | KEV added: 2022-04-11 | KEV due: 2022-05-02 | Mapping: Product match: 'linux' → THR-018

EXP-KEV-0792Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-31166 | Microsoft HTTP Protocol Stack | Microsoft HTTP Protocol Stack Remote Code Execution Vulnerability | KEV added: 2022-04-06 | KEV due: 2022-04-27 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-0795Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2022-22675 | Apple macOS | Apple macOS Out-of-Bounds Write Vulnerability | KEV added: 2022-04-04 | KEV due: 2022-04-25 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-0796Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2022-22674 | Apple macOS | Apple macOS Out-of-Bounds Read Vulnerability | KEV added: 2022-04-04 | KEV due: 2022-04-25 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-0797Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-45382 | D-Link Multiple Routers | D-Link Multiple Routers Remote Code Execution Vulnerability | KEV added: 2022-04-04 | KEV due: 2022-04-25 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-0798Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-34484 | Microsoft Windows | Microsoft Windows User Profile Service Privilege Escalation Vulnerability | KEV added: 2022-03-31 | KEV due: 2022-04-21 | Mapping: CWE mapping: CWE-269 → THR-018

EXP-KEV-0801Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-004 — Drive-By Compromise
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2022-1096 | Google Chromium V8 | Google Chromium V8 Type Confusion Vulnerability | KEV added: 2022-03-28 | KEV due: 2022-04-18 | Mapping: Product match: 'chrome' → THR-004

EXP-KEV-0804Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-34486 | Microsoft Windows | Microsoft Windows Event Tracing Privilege Escalation Vulnerability | KEV added: 2022-03-28 | KEV due: 2022-04-18 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-0810Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-004 — Drive-By Compromise
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2017-0037 | Microsoft Edge and Internet Explorer | Microsoft Edge and Internet Explorer Type Confusion Vulnerability | KEV added: 2022-03-28 | KEV due: 2022-04-18 | Mapping: Product match: 'edge' → THR-004

EXP-KEV-0811Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2016-7201 | Microsoft Edge | Microsoft Edge Memory Corruption Vulnerability | KEV added: 2022-03-28 | KEV due: 2022-04-18 | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-0812Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2016-7200 | Microsoft Edge | Microsoft Edge Memory Corruption Vulnerability | KEV added: 2022-03-28 | KEV due: 2022-04-18 | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-0815Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2016-0040 | Microsoft Windows | Microsoft Windows Kernel Privilege Escalation Vulnerability | KEV added: 2022-03-28 | KEV due: 2022-04-18 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0816Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2015-2426 | Microsoft Windows | Microsoft Windows Adobe Type Manager Library Remote Code Execution Vulnerability | KEV added: 2022-03-28 | KEV due: 2022-04-18 | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-0818User Execution (T1204)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-012 — User Execution
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2015-1770 | Microsoft Office | Microsoft Office Uninitialized Memory Use Vulnerability | KEV added: 2022-03-28 | KEV due: 2022-04-18 | Mapping: Product match: 'office' → THR-012

EXP-KEV-0819Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2013-3660 | Microsoft Win32k | Microsoft Win32k Privilege Escalation Vulnerability | KEV added: 2022-03-28 | KEV due: 2022-04-18 | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-0823Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2011-2005 | Microsoft Ancillary Function Driver (afd.sys) | Microsoft Ancillary Function Driver (afd.sys) Improper Input Validation Vulnerability | KEV added: 2022-03-28 | KEV due: 2022-04-18 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0824Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2010-4398 | Microsoft Windows | Microsoft Windows Kernel Stack-Based Buffer Overflow Vulnerability | KEV added: 2022-03-28 | KEV due: 2022-04-21 | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-0827Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2020-9377 | D-Link DIR-610 Devices | D-Link DIR-610 Devices Remote Command Execution | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-0836Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2019-16920 | D-Link Multiple Routers | D-Link Multiple Routers Command Injection Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-0843Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2019-0903 | Microsoft Graphics Device Interface (GDI) | Microsoft GDI Remote Code Execution Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0844Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2018-8414 | Microsoft Windows | Microsoft Windows Shell Remote Code Execution Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-0855Web Shell (T1505.003)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-017 — Web Shell
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2017-12617 | Apache Tomcat | Apache Tomcat Remote Code Execution Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Mapping: CWE mapping: CWE-434 → THR-017

EXP-KEV-0861Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2016-11021 | D-Link DCS-930L Devices | D-Link DCS-930L Devices OS Command Injection Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-0866Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-009 — Valid Accounts (Credential Reuse)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2015-1187 | D-Link and TRENDnet Multiple Devices | D-Link and TRENDnet Multiple Devices Remote Code Execution Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Mapping: CWE mapping: CWE-287 → THR-009

EXP-KEV-0868Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2014-6332 | Microsoft Windows | Microsoft Windows Object Linking & Embedding (OLE) Automation Array Remote Code Execution Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-0869Steal Kerberos Tickets (T1558)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-027 — Steal Kerberos Tickets
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2014-6324 | Microsoft Kerberos Key Distribution Center (KDC) | Microsoft Kerberos Key Distribution Center (KDC) Privilege Escalation Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Mapping: Product match: 'kerberos' → THR-027

EXP-KEV-0872Cross-Site Scripting (XSS) (T1190 (Web))HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-060 — Cross-Site Scripting (XSS)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2013-5223 | D-Link DSL-2760U | D-Link DSL-2760U Gateway Cross-Site Scripting Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Mapping: CWE mapping: CWE-79 → THR-060

EXP-KEV-0881Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2009-0927 | Adobe Reader and Acrobat | Adobe Reader and Adobe Acrobat Stack-Based Buffer Overflow Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-0886Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2019-1132 | Microsoft Win32k | Microsoft Win32k Privilege Escalation Vulnerability | KEV added: 2022-03-15 | KEV due: 2022-04-05 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0899Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2019-11581 | Atlassian Jira Server and Data Center | Atlassian Jira Server and Data Center Server-Side Template Injection Vulnerability | KEV added: 2022-03-07 | KEV due: 2022-09-07 | Mapping: Product match: 'jira' → THR-006

EXP-KEV-0903Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2020-1938 | Apache Tomcat | Apache Tomcat Improper Privilege Management Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-17 | Mapping: Product match: 'apache' → THR-006

EXP-KEV-0922Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2017-8540 | Microsoft Malware Protection Engine | Microsoft Malware Protection Engine Improper Restriction of Operations Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-0941Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2017-11826 | Microsoft Office | Microsoft Office Remote Code Execution Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-0943Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2017-0261 | Microsoft Office | Microsoft Office Use-After-Free Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-0944Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2017-0001 | Microsoft Graphics Device Interface (GDI) | Microsoft Graphics Device Interface (GDI) Privilege Escalation Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0947Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2016-7262 | Microsoft Excel | Microsoft Office Security Feature Bypass Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-0948Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2016-7193 | Microsoft Office | Microsoft Office Memory Corruption Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-0949Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2016-5195 | Linux Kernel | Linux Kernel Race Condition Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Mapping: Product match: 'linux' → THR-018

EXP-KEV-0956Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2015-2545 | Microsoft Office | Microsoft Office Malformed EPS File Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-0957Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2015-2424 | Microsoft PowerPoint | Microsoft PowerPoint Memory Corruption Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-0958Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2015-2387 | Microsoft ATM Font Driver | Microsoft ATM Font Driver Privilege Escalation Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0960Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2015-1642 | Microsoft Office | Microsoft Office Memory Corruption Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-0961Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2014-4114 | Microsoft Windows | Microsoft Windows Object Linking & Embedding (OLE) Remote Code Execution Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-0962Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2013-5065 | Microsoft Windows | Microsoft Windows Kernel Privilege Escalation Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-0963Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2013-3346 | Adobe Reader and Acrobat | Adobe Reader and Acrobat Memory Corruption Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-0966Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2013-0640 | Adobe Reader and Acrobat | Adobe Reader and Acrobat Memory Corruption Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-0967Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2012-1856 | Microsoft Office | Microsoft Office MSCOMCTL.OCX Remote Code Execution Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Mapping: CWE mapping: CWE-94 → THR-010

EXP-KEV-0971Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2010-3333 | Microsoft Office | Microsoft Office Stack-based Buffer Overflow Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-0972Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2010-0232 | Microsoft Windows | Microsoft Windows Kernel Exception Handler Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0974Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2009-3129 | Microsoft Excel | Microsoft Excel Featheader Record Memory Corruption Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Mapping: CWE mapping: CWE-94 → THR-010

EXP-KEV-0975Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2009-1123 | Microsoft Windows | Microsoft Windows Improper Input Validation Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-0977Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2004-0210 | Microsoft Windows | Microsoft Windows Privilege Escalation Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0978Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2002-0367 | Microsoft Windows | Microsoft Windows Privilege Escalation Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0980User Execution (T1204)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-012 — User Execution
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2017-8570 | Microsoft Office | Microsoft Office Remote Code Execution Vulnerability | KEV added: 2022-02-25 | KEV due: 2022-08-25 | Mapping: Product match: 'office' → THR-012

EXP-KEV-0982Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2014-6352 | Microsoft Windows | Microsoft Windows Code Injection Vulnerability | KEV added: 2022-02-25 | KEV due: 2022-08-25 | Mapping: CWE mapping: CWE-94 → THR-010

EXP-KEV-0985Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2022-0609 | Google Chromium Animation | Google Chromium Animation Use-After-Free Vulnerability | KEV added: 2022-02-15 | KEV due: 2022-03-01 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-0989Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2014-1761 | Microsoft Word | Microsoft Word Memory Corruption Vulnerability | KEV added: 2022-02-15 | KEV due: 2022-08-15 | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-0990Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2013-3906 | Microsoft Graphics Component | Microsoft Graphics Component Memory Corruption Vulnerability | KEV added: 2022-02-15 | KEV due: 2022-08-15 | Mapping: CWE mapping: CWE-94 → THR-010

EXP-KEV-0991Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2022-22620 | Apple iOS, iPadOS, and macOS | Apple iOS, iPadOS, and macOS Webkit Use-After-Free Vulnerability | KEV added: 2022-02-11 | KEV due: 2022-02-25 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-0992Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-36934 | Microsoft Windows | Microsoft Windows SAM Local Privilege Escalation Vulnerability | KEV added: 2022-02-10 | KEV due: 2022-02-24 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0996Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2017-8464 | Microsoft Windows | Microsoft Windows Shell (.lnk) Remote Code Execution Vulnerability | KEV added: 2022-02-10 | KEV due: 2022-08-10 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0997Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2017-0263 | Microsoft Win32k | Microsoft Win32k Privilege Escalation Vulnerability | KEV added: 2022-02-10 | KEV due: 2022-08-10 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-0998User Execution (T1204)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-012 — User Execution
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2017-0262 | Microsoft Office | Microsoft Office Remote Code Execution Vulnerability | KEV added: 2022-02-10 | KEV due: 2022-08-10 | Mapping: Product match: 'office' → THR-012

EXP-KEV-1002Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2015-2051 | D-Link DIR-645 Router | D-Link DIR-645 Router Remote Code Execution Vulnerability | KEV added: 2022-02-10 | KEV due: 2022-08-10 | Mapping: CWE mapping: CWE-77 → THR-010

EXP-KEV-1003Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2015-1635 | Microsoft HTTP.sys | Microsoft HTTP.sys Remote Code Execution Vulnerability | KEV added: 2022-02-10 | KEV due: 2022-08-10 | Mapping: CWE mapping: CWE-94 → THR-010

EXP-KEV-1004Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2014-4404 | Apple OS X | Apple OS X Heap-Based Buffer Overflow Vulnerability | KEV added: 2022-02-10 | KEV due: 2022-08-10 | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-1005Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2022-21882 | Microsoft Win32k | Microsoft Win32k Privilege Escalation Vulnerability | KEV added: 2022-02-04 | KEV due: 2022-02-18 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-1006Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2022-22587 | Apple iOS and macOS | Apple Memory Corruption Vulnerability | KEV added: 2022-01-28 | KEV due: 2022-02-11 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-1029Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2020-6572 | Google Chrome Media | Google Chrome Media Use-After-Free Vulnerability | KEV added: 2022-01-10 | KEV due: 2022-07-10 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-1031Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2013-3900 | Microsoft WinVerifyTrust function | Microsoft WinVerifyTrust function Remote Code Execution | KEV added: 2022-01-10 | KEV due: 2022-07-10 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-1040Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-4102 | Google Chromium V8 | Google Chromium V8 Use-After-Free Vulnerability | KEV added: 2021-12-15 | KEV due: 2021-12-29 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-1041Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2019-13272 | Linux Kernel | Linux Kernel Improper Privilege Management Vulnerability | KEV added: 2021-12-10 | KEV due: 2022-06-10 | Mapping: CWE mapping: CWE-269 → THR-018

EXP-KEV-1044External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-005 — External Remote Services
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-44168 | Fortinet FortiOS | Fortinet FortiOS Arbitrary File Download | KEV added: 2021-12-10 | KEV due: 2021-12-24 | Mapping: Product match: 'fortios' → THR-005

EXP-KEV-1054Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-40438 | Apache Apache | Apache HTTP Server-Side Request Forgery (SSRF) | KEV added: 2021-12-01 | KEV due: 2021-12-15 | Mapping: CWE mapping: CWE-918 → THR-006

EXP-KEV-1057User Execution (T1204)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-012 — User Execution
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-42292 | Microsoft Office | Microsoft Excel Security Feature Bypass | KEV added: 2021-11-17 | KEV due: 2021-12-01 | Mapping: Product match: 'office' → THR-012

EXP-KEV-1062Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-28550 | Adobe Acrobat and Reader | Adobe Acrobat and Reader Use-After-Free Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-1066Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2019-2215 | Android Android Kernel | Android Kernel Use-After-Free Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-1067Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2020-0041 | Android Android Kernel | Android Kernel Out-of-Bounds Write Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-1072Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2019-0211 | Apache HTTP Server | Apache HTTP Server Privilege Escalation Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-1078Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-30858 | Apple iOS, iPadOS, and macOS | Apple iOS, iPadOS, macOS Use-After-Free Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-1079Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2019-6223 | Apple iOS and macOS | Apple iOS and macOS Group Facetime Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: Product match: 'macos' → THR-018

EXP-KEV-1080Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-30860 | Apple Multiple Products | Apple Multiple Products Integer Overflow Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-1081Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2020-27930 | Apple Multiple Products | Apple Multiple Products Memory Corruption Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-1082Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-30807 | Apple Multiple Products | Apple Multiple Products Memory Corruption Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-1083Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2020-27950 | Apple Multiple Products | Apple Multiple Products Memory Initialization Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: Product match: 'macos' → THR-018

EXP-KEV-1084Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2020-27932 | Apple Multiple Products | Apple Multiple Products Type Confusion Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: Product match: 'macos' → THR-018

EXP-KEV-1085Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2020-9818 | Apple iOS, iPadOS, and watchOS | Apple iOS, iPadOS, and watchOS Out-of-Bounds Write Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-1086Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2020-9819 | Apple iOS, iPadOS, and watchOS | Apple iOS, iPadOS, and watchOS Memory Corruption Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-1087Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-30762 | Apple iOS | Apple iOS WebKit Use-After-Free Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-1088Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-1782 | Apple Multiple Products | Apple Multiple Products Race Condition Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Mapping: Product match: 'macos' → THR-018

EXP-KEV-1089Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-004 — Drive-By Compromise
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-1870 | Apple iOS, iPadOS, and macOS | Apple iOS, iPadOS, and macOS WebKit Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Mapping: Product match: 'safari' → THR-004

EXP-KEV-1090Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-004 — Drive-By Compromise
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-1871 | Apple iOS, iPadOS, and macOS | Apple iOS, iPadOS, and macOS WebKit Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Mapping: Product match: 'safari' → THR-004

EXP-KEV-1091Cross-Site Scripting (XSS) (T1190 (Web))HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-060 — Cross-Site Scripting (XSS)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-1879 | Apple iOS, iPadOS, and watchOS | Apple iOS, iPadOS, and watchOS WebKit Cross-Site Scripting (XSS) Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Mapping: CWE mapping: CWE-79 → THR-060

EXP-KEV-1092Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-30661 | Apple Multiple Products | Apple Multiple Products WebKit Storage Use-After-Free Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-1093Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-30666 | Apple iOS | Apple iOS WebKit Buffer Overflow Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-1094Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-009 — Valid Accounts (Credential Reuse)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-30713 | Apple macOS | Apple macOS Unspecified Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Mapping: CWE mapping: CWE-862 → THR-009

EXP-KEV-1095Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-009 — Valid Accounts (Credential Reuse)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-30657 | Apple macOS | Apple macOS Unspecified Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Mapping: CWE mapping: CWE-862 → THR-009

EXP-KEV-1096Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-30665 | Apple Multiple Products | Apple Multiple Products WebKit Memory Corruption Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-1097Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-30663 | Apple Multiple Products | Apple Multiple Products WebKit Integer Overflow Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-1098Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-30761 | Apple iOS | Apple iOS WebKit Memory Corruption Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-1099Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-30869 | Apple iOS, iPadOS, and macOS | Apple iOS, iPadOS, and macOS Type Confusion Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Mapping: Product match: 'macos' → THR-018

EXP-KEV-1100Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2020-9859 | Apple Multiple Products | Apple Multiple Products Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: Product match: 'macos' → THR-018

EXP-KEV-1105Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2019-3398 | Atlassian Confluence Server and Data Center | Atlassian Confluence Server and Data Center Path Traversal Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-22 → THR-006

EXP-KEV-1125Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2020-29557 | D-Link DIR-825 R1 Devices | D-Link DIR-825 R1 Devices Buffer Overflow Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-1126Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2020-25506 | D-Link DNS-320 Device | D-Link DNS-320 Device Command Injection Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-1137External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-005 — External Remote Services
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2019-5591 | Fortinet FortiOS | Fortinet FortiOS Default Configuration Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: Product match: 'fortios' → THR-005

EXP-KEV-1140Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2020-16010 | Google Chrome for Android UI | Google Chrome for Android UI Heap Buffer Overflow Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-1142Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-004 — Drive-By Compromise
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-21166 | Google Chromium | Google Chromium Race Condition Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Mapping: Product match: 'chrome' → THR-004

EXP-KEV-1143Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2020-16017 | Google Chrome | Google Chrome Use-After-Free Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-1144Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-009 — Valid Accounts (Credential Reuse)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-37976 | Google Chromium | Google Chromium Information Disclosure Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Mapping: CWE mapping: CWE-862 → THR-009

EXP-KEV-1145Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2020-16009 | Google Chromium V8 | Google Chromium V8 Type Confusion Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-1146Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-004 — Drive-By Compromise
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-30632 | Google Chromium V8 | Google Chromium V8 Out-of-Bounds Write Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Mapping: Product match: 'chrome' → THR-004

EXP-KEV-1147Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2020-16013 | Google Chromium V8 | Google Chromium V8 Incorrect Implementation Vulnerabililty | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-1148Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-30633 | Google Chromium Indexed DB API | Google Chromium Indexed DB API Use-After-Free Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-1149Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-004 — Drive-By Compromise
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-21148 | Google Chromium V8 | Google Chromium V8 Heap Buffer Overflow Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Mapping: Product match: 'chrome' → THR-004

EXP-KEV-1150Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-37973 | Google Chromium Portals | Google Chromium Portals Use-After-Free Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-1151Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-004 — Drive-By Compromise
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-30551 | Google Chromium V8 | Google Chromium V8 Type Confusion Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Mapping: Product match: 'chrome' → THR-004

EXP-KEV-1152Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-37975 | Google Chromium V8 | Google Chromium V8 Use-After-Free Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-1153Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-004 — Drive-By Compromise
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2020-6418 | Google Chromium V8 | Google Chromium V8 Type Confusion Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: Product match: 'chrome' → THR-004

EXP-KEV-1154Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-30554 | Google Chromium WebGL | Google Chromium WebGL Use-After-Free Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-1155Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-21206 | Google Chromium Blink | Google Chromium Blink Use-After-Free Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-1156Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-38000 | Google Chromium Intents | Google Chromium Intents Improper Input Validation Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-1157Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-004 — Drive-By Compromise
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-38003 | Google Chromium V8 | Google Chromium V8 Memory Corruption Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Mapping: Product match: 'chrome' → THR-004

EXP-KEV-1158Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-004 — Drive-By Compromise
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-21224 | Google Chromium V8 | Google Chromium V8 Type Confusion Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Mapping: Product match: 'chrome' → THR-004

EXP-KEV-1159Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-21193 | Google Chromium Blink | Google Chromium Blink Use-After-Free Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-1160Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-21220 | Google Chromium V8 | Google Chromium V8 Improper Input Validation Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-1161Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-004 — Drive-By Compromise
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-30563 | Google Chromium V8 | Google Chromium V8 Type Confusion Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Mapping: Product match: 'chrome' → THR-004

EXP-KEV-1173Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-31955 | Microsoft Windows | Microsoft Windows Kernel Information Disclosure Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-1174Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-33739 | Microsoft Windows | Microsoft Desktop Window Manager (DWM) Core Library Privilege Escalation Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-1175Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2016-0185 | Microsoft Windows | Microsoft Windows Media Center Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-1176Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2020-0683 | Microsoft Windows | Microsoft Windows Installer Privilege Escalation Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-1177Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2020-17087 | Microsoft Windows | Microsoft Windows Kernel Privilege Escalation Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-1178Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-33742 | Microsoft Windows | Microsoft Windows MSHTML Platform Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-1179Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-33771 | Microsoft Windows | Microsoft Windows Kernel Privilege Escalation Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-1180Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-31956 | Microsoft Windows | Microsoft Windows NTFS Privilege Escalation Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-1181Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-31979 | Microsoft Windows | Microsoft Windows Kernel Privilege Escalation Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-1182Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2020-0938 | Microsoft Windows | Microsoft Windows Adobe Font Manager Library Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-1184Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2020-0986 | Microsoft Windows | Microsoft Windows Kernel Privilege Escalation Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-1185Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2020-1020 | Microsoft Windows | Microsoft Windows Adobe Font Manager Library Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-1187Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2017-7269 | Microsoft Internet Information Services (IIS) | Microsoft Windows Server Buffer Overflow Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-1188Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-36948 | Microsoft Windows | Microsoft Windows Update Medic Service Privilege Escalation Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-1193Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2020-1464 | Microsoft Windows | Microsoft Windows Spoofing Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-1198Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-28310 | Microsoft Win32k | Microsoft Win32k Privilege Escalation Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-1199Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2020-1350 | Microsoft Windows | Microsoft Windows DNS Server Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-1202Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2017-8759 | Microsoft .NET Framework | Microsoft .NET Framework Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-1206Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2018-0798 | Microsoft Office | Microsoft Office Memory Corruption Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-1207Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2018-0802 | Microsoft Office | Microsoft Office Memory Corruption Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-1209User Execution (T1204)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-012 — User Execution
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2015-1641 | Microsoft Office | Microsoft Office Memory Corruption Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: Product match: 'office' → THR-012

EXP-KEV-1210Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2019-0541 | Microsoft MSHTML | Microsoft MSHTML Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-77 → THR-010

EXP-KEV-1213User Execution (T1204)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-012 — User Execution
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-27059 | Microsoft Office | Microsoft Office Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Mapping: Product match: 'office' → THR-012

EXP-KEV-1218Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2017-11774 | Microsoft Office | Microsoft Office Outlook Security Feature Bypass Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-1223Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2020-1054 | Microsoft Win32k | Microsoft Win32k Privilege Escalation Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-1225Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-34448 | Microsoft Windows | Microsoft Windows Scripting Engine Memory Corruption Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-1226Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2020-0601 | Microsoft Windows | Microsoft Windows CryptoAPI Spoofing Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-1230Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2019-1214 | Microsoft Windows | Microsoft Windows Privilege Common Log File System (CLFS) Escalation Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-1231User Execution (T1204)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-012 — User Execution
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2016-3235 | Microsoft Office | Microsoft Office OLE DLL Side Loading Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: Product match: 'office' → THR-012

EXP-KEV-1232Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2019-0863 | Microsoft Windows | Microsoft Windows Error Reporting (WER) Privilege Escalation Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-1306Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2009-1537 | Microsoft DirectX | Microsoft DirectX NULL Byte Overwrite Vulnerability | KEV added: 2026-05-20 | KEV due: 2026-06-03 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1308Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2026-41091 | Microsoft Defender | Microsoft Defender Link Following Vulnerability | KEV added: 2026-05-20 | KEV due: 2026-06-03 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1309Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2026-45498 | Microsoft Defender | Microsoft Defender Denial of Service Vulnerability | KEV added: 2026-05-20 | KEV due: 2026-06-03 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1311Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2026-33825 | Microsoft Defender | Microsoft Defender Insufficient Granularity of Access Control Vulnerability | KEV added: 2026-04-22 | KEV due: 2026-05-06 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1316Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2012-1854 | Microsoft Visual Basic for Applications (VBA) | Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability | KEV added: 2026-04-13 | KEV due: 2026-04-27 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1317Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2026-34621 | Adobe Acrobat and Reader | Adobe Acrobat and Reader Prototype Pollution Vulnerability | KEV added: 2026-04-13 | KEV due: 2026-04-27 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1337Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2022-37055 | D-Link Routers | D-Link Routers Buffer Overflow Vulnerability | KEV added: 2025-12-08 | KEV due: 2025-12-29 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1340Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2025-13223 | Google Chromium V8 | Google Chromium V8 Type Confusion Vulnerability | KEV added: 2025-11-19 | KEV due: 2025-12-10 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1352Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2025-10585 | Google Chromium V8 | Google Chromium V8 Type Confusion Vulnerability | KEV added: 2025-09-23 | KEV due: 2025-10-14 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1359Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2020-25078 | D-Link DCS-2530L and DCS-2670L Devices | D-Link DCS-2530L and DCS-2670L Devices Unspecified Vulnerability | KEV added: 2025-08-05 | KEV due: 2025-08-26 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1360Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2022-40799 | D-Link DNR-322L | D-Link DNR-322L Download of Code Without Integrity Check Vulnerability | KEV added: 2025-08-05 | KEV due: 2025-08-26 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1390Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2024-29059 | Microsoft .NET Framework | Microsoft .NET Framework Information Disclosure Vulnerability | KEV added: 2025-02-04 | KEV due: 2025-02-25 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1417Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2024-4947 | Google Chromium V8 | Google Chromium V8 Type Confusion Vulnerability | KEV added: 2024-05-20 | KEV due: 2024-06-10 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1419Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2024-29988 | Microsoft SmartScreen Prompt | Microsoft SmartScreen Prompt Security Feature Bypass Vulnerability | KEV added: 2024-04-30 | KEV due: 2024-05-21 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1421Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2024-3272 | D-Link Multiple NAS Devices | D-Link Multiple NAS Devices Use of Hard-Coded Credentials Vulnerability | KEV added: 2024-04-11 | KEV due: 2024-05-02 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1423Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2023-29360 | Microsoft Streaming Service | Microsoft Streaming Service Untrusted Pointer Dereference Vulnerability | KEV added: 2024-02-29 | KEV due: 2024-03-21 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1438Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2023-36761 | Microsoft Word | Microsoft Word Information Disclosure Vulnerability | KEV added: 2023-09-12 | KEV due: 2023-10-03 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1446Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2016-0165 | Microsoft Win32k | Microsoft Win32k Privilege Escalation Vulnerability | KEV added: 2023-06-22 | KEV due: 2023-07-13 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1467Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2011-4723 | D-Link DIR-300 Router | D-Link DIR-300 Router Cleartext Storage of a Password Vulnerability | KEV added: 2022-09-08 | KEV due: 2022-09-29 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1473Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2018-4990 | Adobe Acrobat and Reader | Adobe Acrobat and Reader Double Free Vulnerability | KEV added: 2022-06-08 | KEV due: 2022-06-22 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1475Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2009-4324 | Adobe Acrobat and Reader | Adobe Acrobat and Reader Use-After-Free Vulnerability | KEV added: 2022-06-08 | KEV due: 2022-06-22 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1476Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2008-0655 | Adobe Acrobat and Reader | Adobe Acrobat and Reader Unspecified Vulnerability | KEV added: 2022-06-08 | KEV due: 2022-06-22 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1477Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2006-2492 | Microsoft Word | Microsoft Word Malformed Object Pointer Vulnerability | KEV added: 2022-06-08 | KEV due: 2022-06-22 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1490Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2017-0022 | Microsoft XML Core Services | Microsoft XML Core Services Information Disclosure Vulnerability | KEV added: 2022-05-24 | KEV due: 2022-06-14 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1498Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-1789 | Apple Multiple Products | Apple Multiple Products Type Confusion Vulnerability | KEV added: 2022-05-04 | KEV due: 2022-05-25 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1499Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2019-8506 | Apple Multiple Products | Apple Multiple Products Type Confusion Vulnerability | KEV added: 2022-05-04 | KEV due: 2022-05-25 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1500Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2014-4113 | Microsoft Win32k | Microsoft Win32k Privilege Escalation Vulnerability | KEV added: 2022-05-04 | KEV due: 2022-05-25 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1501Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-41357 | Microsoft Win32k | Microsoft Win32k Privilege Escalation Vulnerability | KEV added: 2022-04-25 | KEV due: 2022-05-16 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1502Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-40450 | Microsoft Win32k | Microsoft Win32k Privilege Escalation Vulnerability | KEV added: 2022-04-25 | KEV due: 2022-05-16 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1515Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2013-2729 | Adobe Reader and Acrobat | Adobe Reader and Acrobat Arbitrary Integer Overflow Vulnerability | KEV added: 2022-03-28 | KEV due: 2022-04-18 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1518Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2012-2539 | Microsoft Word | Microsoft Word Remote Code Execution Vulnerability | KEV added: 2022-03-28 | KEV due: 2022-04-18 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1540Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2019-1297 | Microsoft Excel | Microsoft Excel Remote Code Execution Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-17 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1544Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2014-0496 | Adobe Reader and Acrobat | Adobe Reader and Acrobat Use-After-Free Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1546Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2013-0641 | Adobe Reader | Adobe Reader Buffer Overflow Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1557Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2015-1130 | Apple OS X | Apple OS X Authentication Bypass Vulnerability | KEV added: 2022-02-10 | KEV due: 2022-08-10 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1570Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-21017 | Adobe Acrobat and Reader | Adobe Acrobat and Reader Heap-based Buffer Overflow Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1582Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-1647 | Microsoft Defender | Microsoft Defender Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1583Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-31199 | Microsoft Enhanced Cryptographic Provider | Microsoft Enhanced Cryptographic Provider Privilege Escalation Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1584Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2021-31201 | Microsoft Enhanced Cryptographic Provider | Microsoft Enhanced Cryptographic Provider Privilege Escalation Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1587Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2016-7255 | Microsoft Win32k | Microsoft Win32k Privilege Escalation Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1588Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2019-0803 | Microsoft Win32k | Microsoft Win32k Privilege Escalation Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1589Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2019-0859 | Microsoft Win32k | Microsoft Win32k Privilege Escalation Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1590Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2019-0797 | Microsoft Win32k | Microsoft Win32k Privilege Escalation Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1593Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2020-0646 | Microsoft .NET Framework | Microsoft .NET Framework Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1594Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerIdentified
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

CVE: CVE-2019-0808 | Microsoft Win32k | Microsoft Win32k Privilege Escalation Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-0004Valid Accounts (Credential Reuse) (T1078)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-009 — Valid Accounts (Credential Reuse)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'check point' (in 'Check Point Security Gateway') | CVE: CVE-2026-50751 | Check Point Security Gateway | Check Point Security Gateway Improper Authentication Vulnerability | KEV added: 2026-06-08 | KEV due: 2026-06-11 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-287 → THR-009

EXP-KEV-0019External Remote Services (T1133)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-005 — External Remote Services
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'webpros' (in 'WebPros cPanel & WHM and WP2 (WordPress Squared)') | CVE: CVE-2026-41940 | WebPros cPanel & WHM and WP2 (WordPress Squared) | WebPros cPanel & WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function Vulnerability | KEV added: 2026-04-30 | KEV due: 2026-05-03 | RANSOMWARE-LINKED | Mapping: Product match: 'rdp' → THR-005

EXP-KEV-0020Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'connectwise' (in 'ConnectWise ScreenConnect') | CVE: CVE-2024-1708 | ConnectWise ScreenConnect | ConnectWise ScreenConnect Path Traversal Vulnerability | KEV added: 2026-04-28 | KEV due: 2026-05-12 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-22 → THR-006

EXP-KEV-0024Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'simplehelp' (in 'SimpleHelp SimpleHelp') | CVE: CVE-2024-57728 | SimpleHelp SimpleHelp | SimpleHelp Path Traversal Vulnerability | KEV added: 2026-04-24 | KEV due: 2026-05-08 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-22 → THR-006

EXP-KEV-0025Valid Accounts (Credential Reuse) (T1078)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-009 — Valid Accounts (Credential Reuse)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'simplehelp' (in 'SimpleHelp SimpleHelp') | CVE: CVE-2024-57726 | SimpleHelp SimpleHelp | SimpleHelp Missing Authorization Vulnerability | KEV added: 2026-04-24 | KEV due: 2026-05-08 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-862 → THR-009

EXP-KEV-0027Valid Accounts (Credential Reuse) (T1078)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-009 — Valid Accounts (Credential Reuse)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'papercut' (in 'PaperCut NG/MF') | CVE: CVE-2023-27351 | PaperCut NG/MF | PaperCut NG/MF Improper Authentication Vulnerability | KEV added: 2026-04-20 | KEV due: 2026-05-04 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-287 → THR-009

EXP-KEV-0034Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'microsoft exchange' (in 'Microsoft Exchange Server') | CVE: CVE-2023-21529 | Microsoft Exchange Server | Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability | KEV added: 2026-04-13 | KEV due: 2026-04-27 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-502 → THR-006

EXP-KEV-0048Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco Secure Firewall Management Center (FMC)') | CVE: CVE-2026-20131 | Cisco Secure Firewall Management Center (FMC) | Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management Deserialization of Untrusted Data Vulnerability | KEV added: 2026-03-19 | KEV due: 2026-03-22 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-502 → THR-006

EXP-KEV-0070Command and Scripting Interpreter (T1059)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'beyondtrust' (in 'BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)') | CVE: CVE-2026-1731 | BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) | BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) OS Command Injection Vulnerability | KEV added: 2026-02-13 | KEV due: 2026-02-16 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-0087Web Shell (T1505.003)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-017 — Web Shell
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'smartertools' (in 'SmarterTools SmarterMail') | CVE: CVE-2025-52691 | SmarterTools SmarterMail | SmarterTools SmarterMail Unrestricted Upload of File with Dangerous Type Vulnerability | KEV added: 2026-01-26 | KEV due: 2026-02-16 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-434 → THR-017

EXP-KEV-0125Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'oracle' (in 'Oracle E-Business Suite') | CVE: CVE-2025-61884 | Oracle E-Business Suite | Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability | KEV added: 2025-10-20 | KEV due: 2025-11-10 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-918 → THR-006

EXP-KEV-0143Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'fortra' (in 'Fortra GoAnywhere MFT') | CVE: CVE-2025-10035 | Fortra GoAnywhere MFT | Fortra GoAnywhere MFT Deserialization of Untrusted Data Vulnerability | KEV added: 2025-09-29 | KEV due: 2025-10-20 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-502 → THR-006

EXP-KEV-0165Command and Scripting Interpreter (T1059)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'microsoft sharepoint' (in 'Microsoft SharePoint') | CVE: CVE-2025-49704 | Microsoft SharePoint | Microsoft SharePoint Code Injection Vulnerability | KEV added: 2025-07-22 | KEV due: 2025-07-23 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-94 → THR-010

EXP-KEV-0166Valid Accounts (Credential Reuse) (T1078)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-009 — Valid Accounts (Credential Reuse)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'microsoft sharepoint' (in 'Microsoft SharePoint') | CVE: CVE-2025-49706 | Microsoft SharePoint | Microsoft SharePoint Improper Authentication Vulnerability | KEV added: 2025-07-22 | KEV due: 2025-07-23 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-287 → THR-009

EXP-KEV-0167Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'microsoft sharepoint' (in 'Microsoft SharePoint') | CVE: CVE-2025-53770 | Microsoft SharePoint | Microsoft SharePoint Deserialization of Untrusted Data Vulnerability | KEV added: 2025-07-20 | KEV due: 2025-07-21 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-502 → THR-006

EXP-KEV-0169Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'citrix' (in 'Citrix NetScaler ADC and Gateway') | CVE: CVE-2025-5777 | Citrix NetScaler ADC and Gateway | Citrix NetScaler ADC and Gateway Out-of-Bounds Read Vulnerability | KEV added: 2025-07-10 | KEV due: 2025-07-11 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-125 → THR-018

EXP-KEV-0215Web Shell (T1505.003)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-017 — Web Shell
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'sap' (in 'SAP NetWeaver') | CVE: CVE-2025-31324 | SAP NetWeaver | SAP NetWeaver Unrestricted File Upload Vulnerability | KEV added: 2025-04-29 | KEV due: 2025-05-20 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-434 → THR-017

EXP-KEV-0225External Remote Services (T1133)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-005 — External Remote Services
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'ivanti' (in 'Ivanti Connect Secure, Policy Secure, and ZTA Gateways') | CVE: CVE-2025-22457 | Ivanti Connect Secure, Policy Secure, and ZTA Gateways | Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability | KEV added: 2025-04-04 | KEV due: 2025-04-11 | RANSOMWARE-LINKED | Mapping: Product match: 'ivanti' → THR-005

EXP-KEV-0258Valid Accounts (Credential Reuse) (T1078)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-009 — Valid Accounts (Credential Reuse)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'sonicwall' (in 'SonicWall SonicOS') | CVE: CVE-2024-53704 | SonicWall SonicOS | SonicWall SonicOS SSLVPN Improper Authentication Vulnerability | KEV added: 2025-02-18 | KEV due: 2025-03-11 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-287 → THR-009

EXP-KEV-0259Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'simplehelp' (in 'SimpleHelp SimpleHelp') | CVE: CVE-2024-57727 | SimpleHelp SimpleHelp | SimpleHelp Path Traversal Vulnerability | KEV added: 2025-02-13 | KEV due: 2025-03-06 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-22 → THR-006

EXP-KEV-0272Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'sonicwall' (in 'SonicWall SMA1000 Appliances') | CVE: CVE-2025-23006 | SonicWall SMA1000 Appliances | SonicWall SMA1000 Appliances Deserialization Vulnerability | KEV added: 2025-01-24 | KEV due: 2025-02-14 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-502 → THR-006

EXP-KEV-0280External Remote Services (T1133)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-005 — External Remote Services
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'ivanti' (in 'Ivanti Connect Secure, Policy Secure, and ZTA Gateways') | CVE: CVE-2025-0282 | Ivanti Connect Secure, Policy Secure, and ZTA Gateways | Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability | KEV added: 2025-01-08 | KEV due: 2025-01-15 | RANSOMWARE-LINKED | Mapping: Product match: 'ivanti' → THR-005

EXP-KEV-0281Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'mitel' (in 'Mitel MiCollab') | CVE: CVE-2024-55550 | Mitel MiCollab | Mitel MiCollab Path Traversal Vulnerability | KEV added: 2025-01-07 | KEV due: 2025-01-28 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-22 → THR-006

EXP-KEV-0282Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'mitel' (in 'Mitel MiCollab') | CVE: CVE-2024-41713 | Mitel MiCollab | Mitel MiCollab Path Traversal Vulnerability | KEV added: 2025-01-07 | KEV due: 2025-01-28 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-22 → THR-006

EXP-KEV-0288PowerShell Abuse (T1059.001)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-011 — PowerShell Abuse
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cleo' (in 'Cleo Multiple Products') | CVE: CVE-2024-55956 | Cleo Multiple Products | Cleo Multiple Products Unauthenticated File Upload Vulnerability | KEV added: 2024-12-17 | KEV due: 2025-01-07 | RANSOMWARE-LINKED | Mapping: Product match: 'powershell' → THR-011

EXP-KEV-0290Web Shell (T1505.003)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-017 — Web Shell
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cleo' (in 'Cleo Multiple Products') | CVE: CVE-2024-50623 | Cleo Multiple Products | Cleo Multiple Products Unrestricted File Upload Vulnerability | KEV added: 2024-12-13 | KEV due: 2025-01-03 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-434 → THR-017

EXP-KEV-0292Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'zyxel' (in 'Zyxel Multiple Firewalls') | CVE: CVE-2024-11667 | Zyxel Multiple Firewalls | Zyxel Multiple Firewalls Path Traversal Vulnerability | KEV added: 2024-12-03 | KEV due: 2024-12-24 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-22 → THR-006

EXP-KEV-0294External Remote Services (T1133)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-005 — External Remote Services
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'array networks' (in 'Array Networks AG/vxAG ArrayOS') | CVE: CVE-2023-28461 | Array Networks AG/vxAG ArrayOS | Array Networks AG and vxAG ArrayOS Missing Authentication for Critical Function Vulnerability | KEV added: 2024-11-25 | KEV due: 2024-12-16 | RANSOMWARE-LINKED | Mapping: Product match: 'vpn' → THR-005

EXP-KEV-0315Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'microsoft sharepoint' (in 'Microsoft SharePoint') | CVE: CVE-2024-38094 | Microsoft SharePoint | Microsoft SharePoint Deserialization Vulnerability | KEV added: 2024-10-22 | KEV due: 2024-11-12 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-502 → THR-006

EXP-KEV-0316Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'veeam' (in 'Veeam Backup & Replication') | CVE: CVE-2024-40711 | Veeam Backup & Replication | Veeam Backup and Replication Deserialization Vulnerability | KEV added: 2024-10-17 | KEV due: 2024-11-07 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-502 → THR-006

EXP-KEV-0317Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'mozilla' (in 'Mozilla Firefox') | CVE: CVE-2024-9680 | Mozilla Firefox | Mozilla Firefox Use-After-Free Vulnerability | KEV added: 2024-10-15 | KEV due: 2024-11-05 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-0338SQL Injection (T1190 (Web))CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-059 — SQL Injection
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'progress' (in 'Progress WhatsUp Gold') | CVE: CVE-2024-6670 | Progress WhatsUp Gold | Progress WhatsUp Gold SQL Injection Vulnerability | KEV added: 2024-09-16 | KEV due: 2024-10-07 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-89 → THR-059

EXP-KEV-0357Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'jenkins' (in 'Jenkins Jenkins Command Line Interface (CLI)') | CVE: CVE-2024-23897 | Jenkins Jenkins Command Line Interface (CLI) | Jenkins Command Line Interface (CLI) Path Traversal Vulnerability | KEV added: 2024-08-19 | KEV due: 2024-09-09 | RANSOMWARE-LINKED | Mapping: Product match: 'jenkins' → THR-006

EXP-KEV-0368OS Credential Dumping (T1003)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-024 — OS Credential Dumping
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'vmware' (in 'VMware ESXi') | CVE: CVE-2024-37085 | VMware ESXi | VMware ESXi Authentication Bypass Vulnerability | KEV added: 2024-07-30 | KEV due: 2024-08-20 | RANSOMWARE-LINKED | Mapping: Product match: 'active directory' → THR-024

EXP-KEV-0379Command and Scripting Interpreter (T1059)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'php' (in 'PHP Group PHP') | CVE: CVE-2024-4577 | PHP Group PHP | PHP-CGI OS Command Injection Vulnerability | KEV added: 2024-06-12 | KEV due: 2024-07-03 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-0383External Remote Services (T1133)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-005 — External Remote Services
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'check point' (in 'Check Point Quantum Security Gateways') | CVE: CVE-2024-24919 | Check Point Quantum Security Gateways | Check Point Quantum Security Gateways Information Disclosure Vulnerability | KEV added: 2024-05-30 | KEV due: 2024-06-20 | RANSOMWARE-LINKED | Mapping: Product match: 'vpn' → THR-005

EXP-KEV-0386Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'nextgen' (in 'NextGen Healthcare Mirth Connect') | CVE: CVE-2023-43208 | NextGen Healthcare Mirth Connect | NextGen Healthcare Mirth Connect Deserialization of Untrusted Data Vulnerability | KEV added: 2024-05-20 | KEV due: 2024-06-10 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-502 → THR-006

EXP-KEV-0400Command and Scripting Interpreter (T1059)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'microsoft sharepoint' (in 'Microsoft SharePoint Server') | CVE: CVE-2023-24955 | Microsoft SharePoint Server | Microsoft SharePoint Server Code Injection Vulnerability | KEV added: 2024-03-26 | KEV due: 2024-04-16 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-94 → THR-010

EXP-KEV-0402Command and Scripting Interpreter (T1059)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'ivanti' (in 'Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA)') | CVE: CVE-2021-44529 | Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) | Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) Code Injection Vulnerability | KEV added: 2024-03-25 | KEV due: 2024-04-15 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-94 → THR-010

EXP-KEV-0403SQL Injection (T1190 (Web))CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-059 — SQL Injection
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'forticlient' (in 'Fortinet FortiClient EMS') | CVE: CVE-2023-48788 | Fortinet FortiClient EMS | Fortinet FortiClient EMS SQL Injection Vulnerability | KEV added: 2024-03-25 | KEV due: 2024-04-15 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-89 → THR-059

EXP-KEV-0409External Remote Services (T1133)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-005 — External Remote Services
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)') | CVE: CVE-2020-3259 | Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) | Cisco ASA and FTD Information Disclosure Vulnerability | KEV added: 2024-02-15 | KEV due: 2024-03-07 | RANSOMWARE-LINKED | Mapping: Product match: 'vpn' → THR-005

EXP-KEV-0417Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'ivanti' (in 'Ivanti Connect Secure, Policy Secure, and Neurons') | CVE: CVE-2024-21893 | Ivanti Connect Secure, Policy Secure, and Neurons | Ivanti Connect Secure, Policy Secure, and Neurons Server-Side Request Forgery (SSRF) Vulnerability | KEV added: 2024-01-31 | KEV due: 2024-02-02 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-918 → THR-006

EXP-KEV-0421Valid Accounts (Credential Reuse) (T1078)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-009 — Valid Accounts (Credential Reuse)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'ivanti' (in 'Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core') | CVE: CVE-2023-35082 | Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core | Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core Authentication Bypass Vulnerability | KEV added: 2024-01-18 | KEV due: 2024-02-08 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-287 → THR-009

EXP-KEV-0426Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'microsoft sharepoint' (in 'Microsoft SharePoint Server') | CVE: CVE-2023-29357 | Microsoft SharePoint Server | Microsoft SharePoint Server Privilege Escalation Vulnerability | KEV added: 2024-01-10 | KEV due: 2024-01-31 | RANSOMWARE-LINKED | Mapping: Product match: 'sharepoint' → THR-006

EXP-KEV-0427Valid Accounts (Credential Reuse) (T1078)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-009 — Valid Accounts (Credential Reuse)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'ivanti' (in 'Ivanti Connect Secure and Policy Secure') | CVE: CVE-2023-46805 | Ivanti Connect Secure and Policy Secure | Ivanti Connect Secure and Policy Secure Authentication Bypass Vulnerability | KEV added: 2024-01-10 | KEV due: 2024-01-22 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-287 → THR-009

EXP-KEV-0428Command and Scripting Interpreter (T1059)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'ivanti' (in 'Ivanti Connect Secure and Policy Secure') | CVE: CVE-2024-21887 | Ivanti Connect Secure and Policy Secure | Ivanti Connect Secure and Policy Secure Command Injection Vulnerability | KEV added: 2024-01-10 | KEV due: 2024-01-22 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-77 → THR-010

EXP-KEV-0433Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'adobe coldfusion' (in 'Adobe ColdFusion') | CVE: CVE-2023-29300 | Adobe ColdFusion | Adobe ColdFusion Deserialization of Untrusted Data Vulnerability | KEV added: 2024-01-08 | KEV due: 2024-01-29 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-502 → THR-006

EXP-KEV-0434Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'adobe coldfusion' (in 'Adobe ColdFusion') | CVE: CVE-2023-38203 | Adobe ColdFusion | Adobe ColdFusion Deserialization of Untrusted Data Vulnerability | KEV added: 2024-01-08 | KEV due: 2024-01-29 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-502 → THR-006

EXP-KEV-0438Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'qlik' (in 'Qlik Sense') | CVE: CVE-2023-41266 | Qlik Sense | Qlik Sense Path Traversal Vulnerability | KEV added: 2023-12-07 | KEV due: 2023-12-28 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-0451Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'sysaid' (in 'SysAid SysAid Server') | CVE: CVE-2023-47246 | SysAid SysAid Server | SysAid Server Path Traversal Vulnerability | KEV added: 2023-11-13 | KEV due: 2023-12-04 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-22 → THR-006

EXP-KEV-0458Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'apache activemq' (in 'Apache ActiveMQ') | CVE: CVE-2023-46604 | Apache ActiveMQ | Apache ActiveMQ Deserialization of Untrusted Data Vulnerability | KEV added: 2023-11-02 | KEV due: 2023-11-23 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-502 → THR-006

EXP-KEV-0462Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'citrix' (in 'Citrix NetScaler ADC and NetScaler Gateway') | CVE: CVE-2023-4966 | Citrix NetScaler ADC and NetScaler Gateway | Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability | KEV added: 2023-10-18 | KEV due: 2023-11-08 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-0469Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'progress' (in 'Progress WS_FTP Server') | CVE: CVE-2023-40044 | Progress WS_FTP Server | Progress WS_FTP Server Deserialization of Untrusted Data Vulnerability | KEV added: 2023-10-05 | KEV due: 2023-10-26 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-502 → THR-006

EXP-KEV-0480Command and Scripting Interpreter (T1059)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'zyxel' (in 'Zyxel EMG2926 Routers') | CVE: CVE-2017-6884 | Zyxel EMG2926 Routers | Zyxel EMG2926 Routers Command Injection Vulnerability | KEV added: 2023-09-18 | KEV due: 2023-10-09 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-0483External Remote Services (T1133)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-005 — External Remote Services
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco Adaptive Security Appliance and Firepower Threat Defense') | CVE: CVE-2023-20269 | Cisco Adaptive Security Appliance and Firepower Threat Defense | Cisco Adaptive Security Appliance and Firepower Threat Defense Unauthorized Access Vulnerability | KEV added: 2023-09-13 | KEV due: 2023-10-04 | RANSOMWARE-LINKED | Mapping: Product match: 'vpn' → THR-005

EXP-KEV-0490Valid Accounts (Credential Reuse) (T1078)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-009 — Valid Accounts (Credential Reuse)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'ivanti' (in 'Ivanti Sentry') | CVE: CVE-2023-38035 | Ivanti Sentry | Ivanti Sentry Authentication Bypass Vulnerability | KEV added: 2023-08-22 | KEV due: 2023-09-12 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-863 → THR-009

EXP-KEV-0491Ransomware (Data Encrypted) (T1486)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-040 — Ransomware (Data Encrypted)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'veeam' (in 'Veeam Backup & Replication') | CVE: CVE-2023-27532 | Veeam Backup & Replication | Veeam Backup & Replication Cloud Connect Missing Authentication for Critical Function Vulnerability | KEV added: 2023-08-22 | KEV due: 2023-09-12 | RANSOMWARE-LINKED | Mapping: Product match: 'veeam' → THR-040

EXP-KEV-0497Valid Accounts (Credential Reuse) (T1078)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-009 — Valid Accounts (Credential Reuse)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'ivanti' (in 'Ivanti Endpoint Manager Mobile (EPMM)') | CVE: CVE-2023-35078 | Ivanti Endpoint Manager Mobile (EPMM) | Ivanti Endpoint Manager Mobile Authentication Bypass Vulnerability | KEV added: 2023-07-25 | KEV due: 2023-08-15 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-287 → THR-009

EXP-KEV-0498Command and Scripting Interpreter (T1059)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'citrix' (in 'Citrix NetScaler ADC and NetScaler Gateway') | CVE: CVE-2023-3519 | Citrix NetScaler ADC and NetScaler Gateway | Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability | KEV added: 2023-07-19 | KEV due: 2023-08-09 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-94 → THR-010

EXP-KEV-0506Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'netwrix' (in 'Netwrix Auditor') | CVE: CVE-2022-31199 | Netwrix Auditor | Netwrix Auditor Insecure Object Deserialization Vulnerability | KEV added: 2023-07-11 | KEV due: 2023-08-01 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-502 → THR-006

EXP-KEV-0528SQL Injection (T1190 (Web))CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-059 — SQL Injection
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'progress' (in 'Progress MOVEit Transfer') | CVE: CVE-2023-34362 | Progress MOVEit Transfer | Progress MOVEit Transfer SQL Injection Vulnerability | KEV added: 2023-06-02 | KEV due: 2023-06-23 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-89 → THR-059

EXP-KEV-0545Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'apache log4j' (in 'Apache Log4j2') | CVE: CVE-2021-45046 | Apache Log4j2 | Apache Log4j2 Deserialization of Untrusted Data Vulnerability | KEV added: 2023-05-01 | KEV due: 2023-05-22 | RANSOMWARE-LINKED | Mapping: Product match: 'apache' → THR-006

EXP-KEV-0555Valid Accounts (Credential Reuse) (T1078)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-009 — Valid Accounts (Credential Reuse)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'veritas' (in 'Veritas Backup Exec Agent') | CVE: CVE-2021-27876 | Veritas Backup Exec Agent | Veritas Backup Exec Agent File Access Vulnerability | KEV added: 2023-04-07 | KEV due: 2023-04-28 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-287 → THR-009

EXP-KEV-0556Valid Accounts (Credential Reuse) (T1078)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-009 — Valid Accounts (Credential Reuse)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'veritas' (in 'Veritas Backup Exec Agent') | CVE: CVE-2021-27877 | Veritas Backup Exec Agent | Veritas Backup Exec Agent Improper Authentication Vulnerability | KEV added: 2023-04-07 | KEV due: 2023-04-28 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-287 → THR-009

EXP-KEV-0557Valid Accounts (Credential Reuse) (T1078)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-009 — Valid Accounts (Credential Reuse)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'veritas' (in 'Veritas Backup Exec Agent') | CVE: CVE-2021-27878 | Veritas Backup Exec Agent | Veritas Backup Exec Agent Command Execution Vulnerability | KEV added: 2023-04-07 | KEV due: 2023-04-28 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-287 → THR-009

EXP-KEV-0561Command and Scripting Interpreter (T1059)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'samba' (in 'Samba Samba') | CVE: CVE-2017-7494 | Samba Samba | Samba Remote Code Execution Vulnerability | KEV added: 2023-03-30 | KEV due: 2023-04-20 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-94 → THR-010

EXP-KEV-0576Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'ibm' (in 'IBM Aspera Faspex') | CVE: CVE-2022-47986 | IBM Aspera Faspex | IBM Aspera Faspex Code Execution Vulnerability | KEV added: 2023-02-21 | KEV due: 2023-03-14 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-502 → THR-006

EXP-KEV-0577Command and Scripting Interpreter (T1059)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'mitel' (in 'Mitel MiVoice Connect') | CVE: CVE-2022-41223 | Mitel MiVoice Connect | Mitel MiVoice Connect Code Injection Vulnerability | KEV added: 2023-02-21 | KEV due: 2023-03-14 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-94 → THR-010

EXP-KEV-0578Command and Scripting Interpreter (T1059)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'mitel' (in 'Mitel MiVoice Connect') | CVE: CVE-2022-40765 | Mitel MiVoice Connect | Mitel MiVoice Connect Command Injection Vulnerability | KEV added: 2023-02-21 | KEV due: 2023-03-14 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-77 → THR-010

EXP-KEV-0583Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'intel' (in 'Intel Ethernet Diagnostics Driver for Windows') | CVE: CVE-2015-2291 | Intel Ethernet Diagnostics Driver for Windows | Intel Ethernet Diagnostics Driver for Windows Denial-of-Service Vulnerability | KEV added: 2023-02-10 | KEV due: 2023-03-03 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-0584Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'fortra' (in 'Fortra GoAnywhere MFT') | CVE: CVE-2023-0669 | Fortra GoAnywhere MFT | Fortra GoAnywhere MFT Remote Code Execution Vulnerability | KEV added: 2023-02-10 | KEV due: 2023-03-03 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-502 → THR-006

EXP-KEV-0586Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'telerik' (in 'Telerik User Interface (UI) for ASP.NET AJAX') | CVE: CVE-2017-11357 | Telerik User Interface (UI) for ASP.NET AJAX | Telerik UI for ASP.NET AJAX Insecure Direct Object Reference Vulnerability | KEV added: 2023-01-26 | KEV due: 2023-02-16 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-0587Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'zoho' (in 'Zoho ManageEngine') | CVE: CVE-2022-47966 | Zoho ManageEngine | Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability | KEV added: 2023-01-23 | KEV due: 2023-02-13 | RANSOMWARE-LINKED | Mapping: Product match: 'apache' → THR-006

EXP-KEV-0589Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'microsoft exchange' (in 'Microsoft Exchange Server') | CVE: CVE-2022-41080 | Microsoft Exchange Server | Microsoft Exchange Server Privilege Escalation Vulnerability | KEV added: 2023-01-10 | KEV due: 2023-01-31 | RANSOMWARE-LINKED | Mapping: Product match: 'exchange' → THR-006

EXP-KEV-0596Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'veeam' (in 'Veeam Backup & Replication') | CVE: CVE-2022-26500 | Veeam Backup & Replication | Veeam Backup & Replication Remote Code Execution Vulnerability | KEV added: 2022-12-13 | KEV due: 2023-01-03 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-22 → THR-006

EXP-KEV-0597Ransomware (Data Encrypted) (T1486)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-040 — Ransomware (Data Encrypted)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'veeam' (in 'Veeam Backup & Replication') | CVE: CVE-2022-26501 | Veeam Backup & Replication | Veeam Backup & Replication Remote Code Execution Vulnerability | KEV added: 2022-12-13 | KEV due: 2023-01-03 | RANSOMWARE-LINKED | Mapping: Product match: 'veeam' → THR-040

EXP-KEV-0610Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco AnyConnect Secure') | CVE: CVE-2020-3433 | Cisco AnyConnect Secure | Cisco AnyConnect Secure Mobility Client for Windows DLL Hijacking Vulnerability | KEV added: 2022-10-24 | KEV due: 2022-11-14 | RANSOMWARE-LINKED | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0611Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco AnyConnect Secure') | CVE: CVE-2020-3153 | Cisco AnyConnect Secure | Cisco AnyConnect Secure Mobility Client for Windows Uncontrolled Search Path Vulnerability | KEV added: 2022-10-24 | KEV due: 2022-11-14 | RANSOMWARE-LINKED | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0616Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'microsoft exchange' (in 'Microsoft Exchange Server') | CVE: CVE-2022-41082 | Microsoft Exchange Server | Microsoft Exchange Server Remote Code Execution Vulnerability | KEV added: 2022-09-30 | KEV due: 2022-10-21 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-502 → THR-006

EXP-KEV-0617Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'microsoft exchange' (in 'Microsoft Exchange Server') | CVE: CVE-2022-41040 | Microsoft Exchange Server | Microsoft Exchange Server Server-Side Request Forgery Vulnerability | KEV added: 2022-09-30 | KEV due: 2022-10-21 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-918 → THR-006

EXP-KEV-0636Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'dotcms' (in 'dotCMS dotCMS') | CVE: CVE-2022-26352 | dotCMS dotCMS | dotCMS Unrestricted Upload of File Vulnerability | KEV added: 2022-08-25 | KEV due: 2022-09-15 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-22 → THR-006

EXP-KEV-0640Drive-By Compromise (T1189)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-004 — Drive-By Compromise
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'webrtc' (in 'WebRTC WebRTC') | CVE: CVE-2022-2294 | WebRTC WebRTC | WebRTC Heap Buffer Overflow Vulnerability | KEV added: 2022-08-25 | KEV due: 2022-09-15 | RANSOMWARE-LINKED | Mapping: Product match: 'chrome' → THR-004

EXP-KEV-0653Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'synacor' (in 'Synacor Zimbra Collaboration Suite (ZCS)') | CVE: CVE-2022-27925 | Synacor Zimbra Collaboration Suite (ZCS) | Synacor Zimbra Collaboration Suite (ZCS) Arbitrary File Upload Vulnerability | KEV added: 2022-08-11 | KEV due: 2022-09-01 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-22 → THR-006

EXP-KEV-0655Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'rarlab' (in 'RARLAB UnRAR') | CVE: CVE-2022-30333 | RARLAB UnRAR | RARLAB UnRAR Directory Traversal Vulnerability | KEV added: 2022-08-09 | KEV due: 2022-08-30 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-22 → THR-006

EXP-KEV-0659Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'mitel' (in 'Mitel MiVoice Connect') | CVE: CVE-2022-29499 | Mitel MiVoice Connect | Mitel MiVoice Connect Data Validation Vulnerability | KEV added: 2022-06-27 | KEV due: 2022-07-18 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-0669Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'qnap' (in 'QNAP Photo Station') | CVE: CVE-2019-7195 | QNAP Photo Station | QNAP Photo Station Path Traversal Vulnerability | KEV added: 2022-06-08 | KEV due: 2022-06-22 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-22 → THR-006

EXP-KEV-0670Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'qnap' (in 'QNAP Photo Station') | CVE: CVE-2019-7194 | QNAP Photo Station | QNAP Photo Station Path Traversal Vulnerability | KEV added: 2022-06-08 | KEV due: 2022-06-22 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-22 → THR-006

EXP-KEV-0671Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'qnap' (in 'QNAP QTS') | CVE: CVE-2019-7193 | QNAP QTS | QNAP QTS Improper Input Validation Vulnerability | KEV added: 2022-06-08 | KEV due: 2022-06-22 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-0672Valid Accounts (Credential Reuse) (T1078)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-009 — Valid Accounts (Credential Reuse)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'qnap' (in 'QNAP Photo Station') | CVE: CVE-2019-7192 | QNAP Photo Station | QNAP Photo Station Improper Access Control Vulnerability | KEV added: 2022-06-08 | KEV due: 2022-06-22 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-863 → THR-009

EXP-KEV-0704Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'microsoft silverlight' (in 'Microsoft Silverlight') | CVE: CVE-2016-0034 | Microsoft Silverlight | Microsoft Silverlight Runtime Remote Code Execution Vulnerability | KEV added: 2022-05-25 | KEV due: 2022-06-15 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-0720Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'red hat' (in 'Red Hat JBoss') | CVE: CVE-2010-1428 | Red Hat JBoss | Red Hat JBoss Information Disclosure Vulnerability | KEV added: 2022-05-25 | KEV due: 2022-06-15 | RANSOMWARE-LINKED | Mapping: Product match: 'jboss' → THR-006

EXP-KEV-0721Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'red hat' (in 'Red Hat JBoss') | CVE: CVE-2010-0738 | Red Hat JBoss | Red Hat JBoss Authentication Bypass Vulnerability | KEV added: 2022-05-25 | KEV due: 2022-06-15 | RANSOMWARE-LINKED | Mapping: Product match: 'jboss' → THR-006

EXP-KEV-0723Cross-Site Scripting (XSS) (T1190 (Web))CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-060 — Cross-Site Scripting (XSS)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'qnap' (in 'QNAP Network Attached Storage (NAS)') | CVE: CVE-2018-19953 | QNAP Network Attached Storage (NAS) | QNAP NAS File Station Cross-Site Scripting Vulnerability | KEV added: 2022-05-24 | KEV due: 2022-06-14 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-79 → THR-060

EXP-KEV-0724Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'qnap' (in 'QNAP Network Attached Storage (NAS)') | CVE: CVE-2018-19949 | QNAP Network Attached Storage (NAS) | QNAP NAS File Station Command Injection Vulnerability | KEV added: 2022-05-24 | KEV due: 2022-06-14 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-0725Cross-Site Scripting (XSS) (T1190 (Web))CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-060 — Cross-Site Scripting (XSS)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'qnap' (in 'QNAP Network Attached Storage (NAS)') | CVE: CVE-2018-19943 | QNAP Network Attached Storage (NAS) | QNAP NAS File Station Cross-Site Scripting Vulnerability | KEV added: 2022-05-24 | KEV due: 2022-06-14 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-79 → THR-060

EXP-KEV-0730SQL Injection (T1190 (Web))CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-059 — SQL Injection
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'kaseya' (in 'Kaseya Virtual System/Server Administrator (VSA)') | CVE: CVE-2017-18362 | Kaseya Virtual System/Server Administrator (VSA) | Kaseya VSA SQL Injection Vulnerability | KEV added: 2022-05-24 | KEV due: 2022-06-14 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-89 → THR-059

EXP-KEV-0731Drive-By Compromise (T1189)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-004 — Drive-By Compromise
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'microsoft internet explorer' (in 'Microsoft Internet Explorer and Edge') | CVE: CVE-2016-3351 | Microsoft Internet Explorer and Edge | Microsoft Internet Explorer and Edge Information Disclosure Vulnerability | KEV added: 2022-05-24 | KEV due: 2022-06-14 | RANSOMWARE-LINKED | Mapping: Product match: 'edge' → THR-004

EXP-KEV-0760Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'wso2' (in 'WSO2 Multiple Products') | CVE: CVE-2022-29464 | WSO2 Multiple Products | WSO2 Multiple Products Unrestrictive Upload of File Vulnerability | KEV added: 2022-04-25 | KEV due: 2022-05-16 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-22 → THR-006

EXP-KEV-0765Cross-Site Scripting (XSS) (T1190 (Web))CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-060 — Cross-Site Scripting (XSS)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'synacor' (in 'Synacor Zimbra Collaboration Suite (ZCS)') | CVE: CVE-2018-6882 | Synacor Zimbra Collaboration Suite (ZCS) | Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability | KEV added: 2022-04-19 | KEV due: 2022-05-10 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-79 → THR-060

EXP-KEV-0775Command and Scripting Interpreter (T1059)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'vmware' (in 'VMware Workspace ONE Access and Identity Manager') | CVE: CVE-2022-22954 | VMware Workspace ONE Access and Identity Manager | VMware Workspace ONE Access and Identity Manager Server-Side Template Injection Vulnerability | KEV added: 2022-04-14 | KEV due: 2022-05-05 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-94 → THR-010

EXP-KEV-0777Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'drupal' (in 'Drupal Core') | CVE: CVE-2018-7602 | Drupal Core | Drupal Core Remote Code Execution Vulnerability | KEV added: 2022-04-13 | KEV due: 2022-05-04 | RANSOMWARE-LINKED | Mapping: Product match: 'drupal' → THR-006

EXP-KEV-0778PowerShell Abuse (T1059.001)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-011 — PowerShell Abuse
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'kaseya' (in 'Kaseya Virtual System/Server Administrator (VSA)') | CVE: CVE-2018-20753 | Kaseya Virtual System/Server Administrator (VSA) | Kaseya VSA Remote Code Execution Vulnerability | KEV added: 2022-04-13 | KEV due: 2022-05-04 | RANSOMWARE-LINKED | Mapping: Product match: 'powershell' → THR-011

EXP-KEV-0799Command and Scripting Interpreter (T1059)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'dasan' (in 'Dasan Gigabit Passive Optical Network (GPON) Routers') | CVE: CVE-2018-10562 | Dasan Gigabit Passive Optical Network (GPON) Routers | Dasan GPON Routers Command Injection Vulnerability | KEV added: 2022-03-31 | KEV due: 2022-04-21 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-0806SQL Injection (T1190 (Web))CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-059 — SQL Injection
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'sonicwall' (in 'SonicWall Secure Remote Access (SRA)') | CVE: CVE-2021-20028 | SonicWall Secure Remote Access (SRA) | SonicWall Secure Remote Access (SRA) SQL Injection Vulnerability | KEV added: 2022-03-28 | KEV due: 2022-04-18 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-89 → THR-059

EXP-KEV-0820Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'microsoft internet explorer' (in 'Microsoft Internet Explorer') | CVE: CVE-2013-2551 | Microsoft Internet Explorer | Microsoft Internet Explorer Use-After-Free Vulnerability | KEV added: 2022-03-28 | KEV due: 2022-04-18 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-0826Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'sitecore' (in 'Sitecore XP') | CVE: CVE-2021-42237 | Sitecore XP | Sitecore XP Remote Command Execution Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-502 → THR-006

EXP-KEV-0837Command and Scripting Interpreter (T1059)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'webmin' (in 'Webmin Webmin') | CVE: CVE-2019-15107 | Webmin Webmin | Webmin Command Injection Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-0840Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'php' (in 'PHP FastCGI Process Manager (FPM)') | CVE: CVE-2019-11043 | PHP FastCGI Process Manager (FPM) | PHP FastCGI Process Manager (FPM) Buffer Overflow Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | RANSOMWARE-LINKED | Mapping: Product match: 'php' → THR-006

EXP-KEV-0848Command and Scripting Interpreter (T1059)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'vmware' (in 'VMware Tanzu Spring Data Commons') | CVE: CVE-2018-1273 | VMware Tanzu Spring Data Commons | VMware Tanzu Spring Data Commons Property Binder Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-94 → THR-010

EXP-KEV-0849Command and Scripting Interpreter (T1059)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'quest' (in 'Quest KACE System Management Appliance') | CVE: CVE-2018-11138 | Quest KACE System Management Appliance | Quest KACE System Management Appliance Remote Command Execution Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-0878Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'adobe coldfusion' (in 'Adobe ColdFusion') | CVE: CVE-2010-2861 | Adobe ColdFusion | Adobe ColdFusion Directory Traversal Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-22 → THR-006

EXP-KEV-0907Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'microsoft exchange' (in 'Microsoft Exchange Server') | CVE: CVE-2018-8581 | Microsoft Exchange Server | Microsoft Exchange Server Privilege Escalation Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-17 | RANSOMWARE-LINKED | Mapping: Product match: 'exchange' → THR-006

EXP-KEV-0951Drive-By Compromise (T1189)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-004 — Drive-By Compromise
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'adobe flash' (in 'Adobe Flash Player') | CVE: CVE-2016-1019 | Adobe Flash Player | Adobe Flash Player Arbitrary Code Execution Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | RANSOMWARE-LINKED | Mapping: Product match: 'flash' → THR-004

EXP-KEV-0953Drive-By Compromise (T1189)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-004 — Drive-By Compromise
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'adobe flash' (in 'Adobe Flash Player') | CVE: CVE-2015-7645 | Adobe Flash Player | Adobe Flash Player Arbitrary Code Execution Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | RANSOMWARE-LINKED | Mapping: Product match: 'flash' → THR-004

EXP-KEV-0979Cross-Site Scripting (XSS) (T1190 (Web))CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-060 — Cross-Site Scripting (XSS)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'synacor' (in 'Synacor Zimbra Collaborate Suite (ZCS)') | CVE: CVE-2022-24682 | Synacor Zimbra Collaborate Suite (ZCS) | Synacor Zimbra Collaborate Suite (ZCS) Cross-Site Scripting Vulnerability | KEV added: 2022-02-25 | KEV due: 2022-03-11 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-79 → THR-060

EXP-KEV-0987Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'adobe flash' (in 'Adobe Flash Player') | CVE: CVE-2018-15982 | Adobe Flash Player | Adobe Flash Player Use-After-Free Vulnerability | KEV added: 2022-02-15 | KEV due: 2022-08-15 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-1021Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'vmware' (in 'VMware vRealize Operations Manager API') | CVE: CVE-2021-21975 | VMware vRealize Operations Manager API | VMware Server Side Request Forgery in vRealize Operations Manager API | KEV added: 2022-01-18 | KEV due: 2022-02-01 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-918 → THR-006

EXP-KEV-1046Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'red hat' (in 'Red Hat JBoss Application Server') | CVE: CVE-2017-12149 | Red Hat JBoss Application Server | Red Hat JBoss Application Server Remote Code Execution Vulnerability | KEV added: 2021-12-10 | KEV due: 2022-06-10 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-502 → THR-006

EXP-KEV-1051Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'apache log4j' (in 'Apache Log4j2') | CVE: CVE-2021-44228 | Apache Log4j2 | Apache Log4j2 Remote Code Execution Vulnerability | KEV added: 2021-12-10 | KEV due: 2021-12-24 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-1056Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'microsoft exchange' (in 'Microsoft Exchange') | CVE: CVE-2021-42321 | Microsoft Exchange | Microsoft Exchange Server Remote Code Execution Vulnerability | KEV added: 2021-11-17 | KEV due: 2021-12-01 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-502 → THR-006

EXP-KEV-1058Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'accellion' (in 'Accellion FTA') | CVE: CVE-2021-27104 | Accellion FTA | Accellion FTA OS Command Injection Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-1059Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'accellion' (in 'Accellion FTA') | CVE: CVE-2021-27102 | Accellion FTA | Accellion FTA OS Command Injection Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-1060SQL Injection (T1190 (Web))CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-059 — SQL Injection
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'accellion' (in 'Accellion FTA') | CVE: CVE-2021-27101 | Accellion FTA | Accellion FTA SQL Injection Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-89 → THR-059

EXP-KEV-1061Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'accellion' (in 'Accellion FTA') | CVE: CVE-2021-27103 | Accellion FTA | Accellion FTA Server-Side Request Forgery (SSRF) Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-918 → THR-006

EXP-KEV-1065Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'adobe flash' (in 'Adobe Flash Player') | CVE: CVE-2018-4878 | Adobe Flash Player | Adobe Flash Player Use-After-Free Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-1076Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'apache struts' (in 'Apache Struts') | CVE: CVE-2017-5638 | Apache Struts | Apache Struts Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-1108SQL Injection (T1190 (Web))CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-059 — SQL Injection
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'bqe' (in 'BQE BillQuick Web Suite') | CVE: CVE-2021-42258 | BQE BillQuick Web Suite | BQE BillQuick Web Suite SQL Injection Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-89 → THR-059

EXP-KEV-1110Cross-Site Scripting (XSS) (T1190 (Web))CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-060 — Cross-Site Scripting (XSS)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)') | CVE: CVE-2020-3580 | Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) | Cisco ASA and FTD Cross-Site Scripting (XSS) Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-79 → THR-060

EXP-KEV-1123Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'citrix' (in 'Citrix Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance') | CVE: CVE-2019-19781 | Citrix Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance | Citrix ADC, Gateway, and SD-WAN WANOP Appliance Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-22 → THR-006

EXP-KEV-1124Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'citrix' (in 'Citrix Workspace Application and Receiver for Windows') | CVE: CVE-2019-11634 | Citrix Workspace Application and Receiver for Windows | Citrix Workspace Application and Receiver for Windows Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | RANSOMWARE-LINKED | Mapping: Product match: 'windows' → THR-018

EXP-KEV-1127Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'dotnetnuke' (in 'DotNetNuke (DNN) DotNetNuke (DNN)') | CVE: CVE-2017-9822 | DotNetNuke (DNN) DotNetNuke (DNN) | DotNetNuke (DNN) Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-1130Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'drupal' (in 'Drupal Drupal Core') | CVE: CVE-2018-7600 | Drupal Drupal Core | Drupal Core Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-1131Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'gitlab' (in 'GitLab Community and Enterprise Editions') | CVE: CVE-2021-22205 | GitLab Community and Enterprise Editions | GitLab Community and Enterprise Editions Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-1132Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'exim' (in 'Exim Exim') | CVE: CVE-2018-6789 | Exim Exim | Exim Buffer Overflow Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-1134Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'f5' (in 'F5 BIG-IP') | CVE: CVE-2020-5902 | F5 BIG-IP | F5 BIG-IP Traffic Management User Interface (TMUI) Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-22 → THR-006

EXP-KEV-1135Valid Accounts (Credential Reuse) (T1078)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-009 — Valid Accounts (Credential Reuse)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'f5' (in 'F5 BIG-IP and BIG-IQ Centralized Management') | CVE: CVE-2021-22986 | F5 BIG-IP and BIG-IQ Centralized Management | F5 BIG-IP and BIG-IQ Centralized Management iControl REST Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-863 → THR-009

EXP-KEV-1136Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'forgerock' (in 'ForgeRock Access Management (AM)') | CVE: CVE-2021-35464 | ForgeRock Access Management (AM) | ForgeRock Access Management (AM) Core Server Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-502 → THR-006

EXP-KEV-1186Valid Accounts (Credential Reuse) (T1078)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-009 — Valid Accounts (Credential Reuse)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'microsoft exchange' (in 'Microsoft Exchange Server') | CVE: CVE-2021-34523 | Microsoft Exchange Server | Microsoft Exchange Server Privilege Escalation Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-287 → THR-009

EXP-KEV-1189Valid Accounts (Credential Reuse) (T1078)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-009 — Valid Accounts (Credential Reuse)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'microsoft exchange' (in 'Microsoft Exchange Server') | CVE: CVE-2020-0688 | Microsoft Exchange Server | Microsoft Exchange Server Validation Key Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-287 → THR-009

EXP-KEV-1192Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'microsoft exchange' (in 'Microsoft Exchange Server') | CVE: CVE-2021-34473 | Microsoft Exchange Server | Microsoft Exchange Server Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-918 → THR-006

EXP-KEV-1196Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'microsoft exchange' (in 'Microsoft Exchange Server') | CVE: CVE-2021-31207 | Microsoft Exchange Server | Microsoft Exchange Server Security Feature Bypass Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-1200Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'microsoft internet explorer' (in 'Microsoft Internet Explorer') | CVE: CVE-2021-26411 | Microsoft Internet Explorer | Microsoft Internet Explorer Memory Corruption Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-1214Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'microsoft internet explorer' (in 'Microsoft Internet Explorer') | CVE: CVE-2019-1367 | Microsoft Internet Explorer | Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-1220Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'microsoft exchange' (in 'Microsoft Exchange Server') | CVE: CVE-2021-26855 | Microsoft Exchange Server | Microsoft Exchange Server Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-918 → THR-006

EXP-KEV-1221Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'microsoft exchange' (in 'Microsoft Exchange Server') | CVE: CVE-2021-26858 | Microsoft Exchange Server | Microsoft Exchange Server Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | RANSOMWARE-LINKED | Mapping: Product match: 'exchange' → THR-006

EXP-KEV-1222Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'microsoft exchange' (in 'Microsoft Exchange Server') | CVE: CVE-2021-27065 | Microsoft Exchange Server | Microsoft Exchange Server Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | RANSOMWARE-LINKED | Mapping: Product match: 'exchange' → THR-006

EXP-KEV-1227Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'microsoft sharepoint' (in 'Microsoft SharePoint') | CVE: CVE-2019-0604 | Microsoft SharePoint | Microsoft SharePoint Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-1228Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'microsoft exchange' (in 'Microsoft Exchange Server') | CVE: CVE-2021-26857 | Microsoft Exchange Server | Microsoft Exchange Server Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-502 → THR-006

EXP-KEV-1243Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'progress' (in 'Progress Telerik UI for ASP.NET AJAX') | CVE: CVE-2019-18935 | Progress Telerik UI for ASP.NET AJAX | Progress Telerik UI for ASP.NET AJAX Deserialization of Untrusted Data Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-502 → THR-006

EXP-KEV-1244Valid Accounts (Credential Reuse) (T1078)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-009 — Valid Accounts (Credential Reuse)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'ivanti' (in 'Ivanti Pulse Connect Secure') | CVE: CVE-2021-22893 | Ivanti Pulse Connect Secure | Ivanti Pulse Connect Secure Use-After-Free Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-287 → THR-009

EXP-KEV-1250Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'ivanti' (in 'Ivanti Pulse Connect Secure') | CVE: CVE-2019-11510 | Ivanti Pulse Connect Secure | Ivanti Pulse Connect Secure Arbitrary File Read Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-22 → THR-006

EXP-KEV-1251Command and Scripting Interpreter (T1059)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'ivanti' (in 'Ivanti Pulse Connect Secure and Pulse Policy Secure') | CVE: CVE-2019-11539 | Ivanti Pulse Connect Secure and Pulse Policy Secure | Ivanti Pulse Connect Secure and Policy Secure Command Injection Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-1257Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'sap' (in 'SAP Customer Relationship Management (CRM)') | CVE: CVE-2018-2380 | SAP Customer Relationship Management (CRM) | SAP Customer Relationship Management (CRM) Path Traversal Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-22 → THR-006

EXP-KEV-1259Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'solarwinds' (in 'SolarWinds Serv-U') | CVE: CVE-2021-35211 | SolarWinds Serv-U | SolarWinds Serv-U Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-1260SQL Injection (T1190 (Web))CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-059 — SQL Injection
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'sonicwall' (in 'SonicWall SMA100') | CVE: CVE-2019-7481 | SonicWall SMA100 | SonicWall SMA100 SQL Injection Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-89 → THR-059

EXP-KEV-1261Web Shell (T1505.003)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-017 — Web Shell
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'sonicwall' (in 'SonicWall SonicWall Email Security') | CVE: CVE-2021-20022 | SonicWall SonicWall Email Security | SonicWall Email Security Unrestricted Upload of File Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-434 → THR-017

EXP-KEV-1262Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'sonicwall' (in 'SonicWall SonicWall Email Security') | CVE: CVE-2021-20023 | SonicWall SonicWall Email Security | SonicWall Email Security Path Traversal Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-22 → THR-006

EXP-KEV-1263SQL Injection (T1190 (Web))CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-059 — SQL Injection
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'sonicwall' (in 'SonicWall SSLVPN SMA100') | CVE: CVE-2021-20016 | SonicWall SSLVPN SMA100 | SonicWall SSLVPN SMA100 SQL Injection Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-89 → THR-059

EXP-KEV-1264SQL Injection (T1190 (Web))CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-059 — SQL Injection
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'sophos' (in 'Sophos SFOS') | CVE: CVE-2020-12271 | Sophos SFOS | Sophos SFOS SQL Injection Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-89 → THR-059

EXP-KEV-1284Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'vmware' (in 'VMware VMware ESXi and Horizon DaaS') | CVE: CVE-2019-5544 | VMware VMware ESXi and Horizon DaaS | VMware ESXi and Horizon DaaS OpenSLP Heap-Based Buffer Overflow Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-1285Exploitation for Privilege Escalation (T1068)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'vmware' (in 'VMware ESXi') | CVE: CVE-2020-3992 | VMware ESXi | VMware ESXi OpenSLP Use-After-Free Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-1287Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'vmware' (in 'VMware vCenter Server') | CVE: CVE-2021-21985 | VMware vCenter Server | VMware vCenter Server Improper Input Validation Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | RANSOMWARE-LINKED | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-1295Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'oracle' (in 'Oracle PeopleSoft Enterprise PeopleTools') | CVE: CVE-2026-35273 | Oracle PeopleSoft Enterprise PeopleTools | Oracle PeopleSoft Enterprise PeopleTools Missing Authentication for Critical Function Vulnerability | KEV added: 2026-06-12 | KEV due: 2026-06-15 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1300Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'nx console' (in 'Nx Nx Console') | CVE: CVE-2026-48027 | Nx Nx Console | Nx Console Embedded Malicious Code Vulnerability | KEV added: 2026-05-27 | KEV due: 2026-06-10 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1301Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'tanstack' (in 'TanStack TanStack') | CVE: CVE-2026-45321 | TanStack TanStack | TanStack Unspecified Vulnerability | KEV added: 2026-05-27 | KEV due: 2026-06-10 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1315Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'jetbrains' (in 'JetBrains TeamCity') | CVE: CVE-2024-27199 | JetBrains TeamCity | JetBrains TeamCity Relative Path Traversal Vulnerability | KEV added: 2026-04-20 | KEV due: 2026-05-04 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1329Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'smartertools' (in 'SmarterTools SmarterMail') | CVE: CVE-2026-24423 | SmarterTools SmarterMail | SmarterTools SmarterMail Missing Authentication for Critical Function Vulnerability | KEV added: 2026-02-05 | KEV due: 2026-02-26 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1330Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'smartertools' (in 'SmarterTools SmarterMail') | CVE: CVE-2026-23760 | SmarterTools SmarterMail | SmarterTools SmarterMail Authentication Bypass Using an Alternate Path or Channel Vulnerability | KEV added: 2026-01-26 | KEV due: 2026-02-16 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1338Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'meta' (in 'Meta React Server Components') | CVE: CVE-2025-55182 | Meta React Server Components | Meta React Server Components Remote Code Execution Vulnerability | KEV added: 2025-12-05 | KEV due: 2025-12-12 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1350Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'oracle' (in 'Oracle E-Business Suite') | CVE: CVE-2025-61882 | Oracle E-Business Suite | Oracle E-Business Suite Unspecified Vulnerability | KEV added: 2025-10-06 | KEV due: 2025-10-27 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1375Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'crushftp' (in 'CrushFTP CrushFTP') | CVE: CVE-2025-31161 | CrushFTP CrushFTP | CrushFTP Authentication Bypass Vulnerability | KEV added: 2025-04-07 | KEV due: 2025-04-28 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1381Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'vmware' (in 'VMware ESXi') | CVE: CVE-2025-22225 | VMware ESXi | VMware ESXi Arbitrary Write Vulnerability | KEV added: 2025-03-04 | KEV due: 2025-03-25 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1391Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'qlik' (in 'Qlik Sense') | CVE: CVE-2023-48365 | Qlik Sense | Qlik Sense HTTP Tunneling Vulnerability | KEV added: 2025-01-13 | KEV due: 2025-02-03 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1396Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cyberpersons' (in 'CyberPersons CyberPanel') | CVE: CVE-2024-51378 | CyberPersons CyberPanel | CyberPanel Incorrect Default Permissions Vulnerability | KEV added: 2024-12-04 | KEV due: 2024-12-25 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1401Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cyberpersons' (in 'CyberPersons CyberPanel') | CVE: CVE-2024-51567 | CyberPersons CyberPanel | CyberPanel Incorrect Default Permissions Vulnerability | KEV added: 2024-11-07 | KEV due: 2024-11-28 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1406Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'sonicwall' (in 'SonicWall SonicOS') | CVE: CVE-2024-40766 | SonicWall SonicOS | SonicWall SonicOS Improper Access Control Vulnerability | KEV added: 2024-09-09 | KEV due: 2024-09-30 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1422Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'jetbrains' (in 'JetBrains TeamCity') | CVE: CVE-2024-27198 | JetBrains TeamCity | JetBrains TeamCity Authentication Bypass Vulnerability | KEV added: 2024-03-07 | KEV due: 2024-03-28 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1424Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'connectwise' (in 'ConnectWise ScreenConnect') | CVE: CVE-2024-1709 | ConnectWise ScreenConnect | ConnectWise ScreenConnect Authentication Bypass Vulnerability | KEV added: 2024-02-22 | KEV due: 2024-02-29 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1427Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'qlik' (in 'Qlik Sense') | CVE: CVE-2023-41265 | Qlik Sense | Qlik Sense HTTP Tunneling Vulnerability | KEV added: 2023-12-07 | KEV due: 2023-12-28 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1432Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'f5' (in 'F5 BIG-IP Configuration Utility') | CVE: CVE-2023-46747 | F5 BIG-IP Configuration Utility | F5 BIG-IP Configuration Utility Authentication Bypass Vulnerability | KEV added: 2023-10-31 | KEV due: 2023-11-21 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1434Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'jetbrains' (in 'JetBrains TeamCity') | CVE: CVE-2023-42793 | JetBrains TeamCity | JetBrains TeamCity Authentication Bypass Vulnerability | KEV added: 2023-10-04 | KEV due: 2023-10-25 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1437Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'laravel' (in 'Laravel Ignition') | CVE: CVE-2021-3129 | Laravel Ignition | Laravel Ignition File Upload Vulnerability | KEV added: 2023-09-18 | KEV due: 2023-10-09 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1439Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'rarlab' (in 'RARLAB WinRAR') | CVE: CVE-2023-38831 | RARLAB WinRAR | RARLAB WinRAR Code Execution Vulnerability | KEV added: 2023-08-24 | KEV due: 2023-09-14 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1450Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'papercut' (in 'PaperCut MF/NG') | CVE: CVE-2023-27350 | PaperCut MF/NG | PaperCut MF/NG Improper Access Control Vulnerability | KEV added: 2023-04-21 | KEV due: 2023-05-12 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1454Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'zk framework' (in 'ZK Framework AuUploader') | CVE: CVE-2022-36537 | ZK Framework AuUploader | ZK Framework AuUploader Unspecified Vulnerability | KEV added: 2023-02-27 | KEV due: 2023-03-20 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1456Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'terramaster' (in 'TerraMaster TerraMaster OS') | CVE: CVE-2022-24990 | TerraMaster TerraMaster OS | TerraMaster OS Remote Command Execution Vulnerability | KEV added: 2023-02-10 | KEV due: 2023-03-03 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1457Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'oracle' (in 'Oracle E-Business Suite') | CVE: CVE-2022-21587 | Oracle E-Business Suite | Oracle E-Business Suite Unspecified Vulnerability | KEV added: 2023-02-02 | KEV due: 2023-02-23 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1460Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'gigabyte' (in 'GIGABYTE Multiple Products') | CVE: CVE-2018-19323 | GIGABYTE Multiple Products | GIGABYTE Multiple Products Privilege Escalation Vulnerability | KEV added: 2022-10-24 | KEV due: 2022-11-14 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1461Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'gigabyte' (in 'GIGABYTE Multiple Products') | CVE: CVE-2018-19322 | GIGABYTE Multiple Products | GIGABYTE Multiple Products Code Execution Vulnerability | KEV added: 2022-10-24 | KEV due: 2022-11-14 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1462Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'gigabyte' (in 'GIGABYTE Multiple Products') | CVE: CVE-2018-19321 | GIGABYTE Multiple Products | GIGABYTE Multiple Products Privilege Escalation Vulnerability | KEV added: 2022-10-24 | KEV due: 2022-11-14 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1463Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'gigabyte' (in 'GIGABYTE Multiple Products') | CVE: CVE-2018-19320 | GIGABYTE Multiple Products | GIGABYTE Multiple Products Unspecified Vulnerability | KEV added: 2022-10-24 | KEV due: 2022-11-14 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1465Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'qnap' (in 'QNAP Photo Station') | CVE: CVE-2022-27593 | QNAP Photo Station | QNAP Photo Station Externally Controlled Reference Vulnerability | KEV added: 2022-09-08 | KEV due: 2022-09-29 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1469Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'synacor' (in 'Synacor Zimbra Collaboration Suite (ZCS)') | CVE: CVE-2022-37042 | Synacor Zimbra Collaboration Suite (ZCS) | Synacor Zimbra Collaboration Suite (ZCS) Authentication Bypass Vulnerability | KEV added: 2022-08-11 | KEV due: 2022-09-01 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1470Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'synacor' (in 'Synacor Zimbra Collaboration Suite (ZCS)') | CVE: CVE-2022-27924 | Synacor Zimbra Collaboration Suite (ZCS) | Synacor Zimbra Collaboration Suite (ZCS) Command Injection Vulnerability | KEV added: 2022-08-04 | KEV due: 2022-08-25 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1483Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'ibm' (in 'IBM InfoSphere BigInsights') | CVE: CVE-2013-3993 | IBM InfoSphere BigInsights | IBM InfoSphere BigInsights Invalid Input Vulnerability | KEV added: 2022-05-25 | KEV due: 2022-06-15 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1485Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'oracle' (in 'Oracle Java Runtime Environment (JRE)') | CVE: CVE-2013-0431 | Oracle Java Runtime Environment (JRE) | Oracle JRE Sandbox Bypass Vulnerability | KEV added: 2022-05-25 | KEV due: 2022-06-15 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1486Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'oracle' (in 'Oracle Java Runtime Environment (JRE)') | CVE: CVE-2013-0422 | Oracle Java Runtime Environment (JRE) | Oracle JRE Remote Code Execution Vulnerability | KEV added: 2022-05-25 | KEV due: 2022-06-15 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1487Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'microsoft silverlight' (in 'Microsoft Silverlight') | CVE: CVE-2013-0074 | Microsoft Silverlight | Microsoft Silverlight Double Dereference Vulnerability | KEV added: 2022-05-25 | KEV due: 2022-06-15 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1488Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'oracle' (in 'Oracle Fusion Middleware') | CVE: CVE-2012-1710 | Oracle Fusion Middleware | Oracle Fusion Middleware Unspecified Vulnerability | KEV added: 2022-05-25 | KEV due: 2022-06-15 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1497Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'f5' (in 'F5 BIG-IP') | CVE: CVE-2022-1388 | F5 BIG-IP | F5 BIG-IP Missing Authentication Vulnerability | KEV added: 2022-05-10 | KEV due: 2022-05-31 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1510Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'qnap' (in 'QNAP Network Attached Storage (NAS)') | CVE: CVE-2021-28799 | QNAP Network Attached Storage (NAS) | QNAP NAS Improper Authorization Vulnerability | KEV added: 2022-03-31 | KEV due: 2022-04-21 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1516Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'oracle' (in 'Oracle Java SE') | CVE: CVE-2013-2465 | Oracle Java SE | Oracle Java SE Unspecified Vulnerability | KEV added: 2022-03-28 | KEV due: 2022-04-18 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1522Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'citrix' (in 'Citrix ShareFile') | CVE: CVE-2021-22941 | Citrix ShareFile | Citrix ShareFile Improper Access Control Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1534Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'adobe blazeds' (in 'Adobe BlazeDS') | CVE: CVE-2009-3960 | Adobe BlazeDS | Adobe BlazeDS Information Disclosure Vulnerability | KEV added: 2022-03-07 | KEV due: 2022-09-07 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1548Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'oracle' (in 'Oracle Java SE') | CVE: CVE-2012-4681 | Oracle Java SE | Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1549Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'oracle' (in 'Oracle Java SE') | CVE: CVE-2012-1723 | Oracle Java SE | Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1550Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'oracle' (in 'Oracle Java SE') | CVE: CVE-2012-0507 | Oracle Java SE | Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1554Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'microsoft internet explorer' (in 'Microsoft Internet Explorer') | CVE: CVE-2019-0752 | Microsoft Internet Explorer | Microsoft Internet Explorer Type Confusion Vulnerability | KEV added: 2022-02-15 | KEV due: 2022-08-15 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1555Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'rarlab' (in 'RARLAB WinRAR') | CVE: CVE-2018-20250 | RARLAB WinRAR | WinRAR Absolute Path Traversal Vulnerability | KEV added: 2022-02-15 | KEV due: 2022-08-15 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1556Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'oracle' (in 'Oracle WebLogic Server') | CVE: CVE-2017-10271 | Oracle WebLogic Server | Oracle Corporation WebLogic Server Remote Code Execution Vulnerability | KEV added: 2022-02-10 | KEV due: 2022-08-10 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1558Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'sonicwall' (in 'SonicWall SMA 100 Appliances') | CVE: CVE-2021-20038 | SonicWall SMA 100 Appliances | SonicWall SMA 100 Appliances Stack-Based Buffer Overflow Vulnerability | KEV added: 2022-01-28 | KEV due: 2022-02-11 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1562Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'oracle' (in 'Oracle WebLogic Server') | CVE: CVE-2019-2725 | Oracle WebLogic Server | Oracle WebLogic Server, Injection | KEV added: 2022-01-10 | KEV due: 2022-07-10 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1573Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'citrix' (in 'Citrix StoreFront Server') | CVE: CVE-2019-13608 | Citrix StoreFront Server | Citrix StoreFront Server XML External Entity (XXE) Processing Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1578Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'kaseya' (in 'Kaseya Virtual System/Server Administrator (VSA)') | CVE: CVE-2021-30116 | Kaseya Virtual System/Server Administrator (VSA) | Kaseya Virtual System/Server Administrator (VSA) Information Disclosure Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1580Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'microsoft open management infrastructure' (in 'Microsoft Open Management Infrastructure (OMI)') | CVE: CVE-2021-38647 | Microsoft Open Management Infrastructure (OMI) | Microsoft Open Management Infrastructure (OMI) Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1612Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'sonicwall' (in 'SonicWall SonicWall Email Security') | CVE: CVE-2021-20021 | SonicWall SonicWall Email Security | SonicWall Email Security Improper Privilege Management Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1615Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'vmware' (in 'VMware vCenter Server') | CVE: CVE-2021-22005 | VMware vCenter Server | VMware vCenter Server File Upload Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1617Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'vmware' (in 'VMware vCenter Server') | CVE: CVE-2021-21972 | VMware vCenter Server | VMware vCenter Server Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1618Exploit Public-Facing Application (T1190)CriticalSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'zoho' (in 'Zoho ManageEngine') | CVE: CVE-2021-40539 | Zoho ManageEngine | Zoho ManageEngine ADSelfService Plus Authentication Bypass Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | RANSOMWARE-LINKED | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-0001Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'ivanti' (in 'Ivanti Sentry') | CVE: CVE-2026-10520 | Ivanti Sentry | Ivanti Sentry OS Command Injection Vulnerability | KEV added: 2026-06-11 | KEV due: 2026-06-14 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-0003Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'berriai' (in 'BerriAI LiteLLM') | CVE: CVE-2026-42271 | BerriAI LiteLLM | BerriAI LiteLLM Command Injection Vulnerability | KEV added: 2026-06-08 | KEV due: 2026-06-22 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-0005Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'mirasvit' (in 'Mirasvit Mirasvit Full Page Cache Warmer') | CVE: CVE-2026-45247 | Mirasvit Mirasvit Full Page Cache Warmer | Mirasvit Full Page Cache Warmer Deserialization of Untrusted Data Vulnerability | KEV added: 2026-06-03 | KEV due: 2026-06-06 | Mapping: CWE mapping: CWE-502 → THR-006

EXP-KEV-0009SQL Injection (T1190 (Web))HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-059 — SQL Injection
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'drupal' (in 'Drupal Core') | CVE: CVE-2026-9082 | Drupal Core | Drupal Core SQL Injection Vulnerability | KEV added: 2026-05-22 | KEV due: 2026-05-27 | Mapping: CWE mapping: CWE-89 → THR-059

EXP-KEV-0012Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'microsoft internet explorer' (in 'Microsoft Internet Explorer') | CVE: CVE-2010-0249 | Microsoft Internet Explorer | Microsoft Internet Explorer Use-After-Free Vulnerability | KEV added: 2026-05-20 | KEV due: 2026-06-03 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-0014Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-009 — Valid Accounts (Credential Reuse)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco Catalyst SD-WAN') | CVE: CVE-2026-20182 | Cisco Catalyst SD-WAN | Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability | KEV added: 2026-05-14 | KEV due: 2026-05-17 | Mapping: CWE mapping: CWE-287 → THR-009

EXP-KEV-0015SQL Injection (T1190 (Web))HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-059 — SQL Injection
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'berriai' (in 'BerriAI LiteLLM') | CVE: CVE-2026-42208 | BerriAI LiteLLM | BerriAI LiteLLM SQL Injection Vulnerability | KEV added: 2026-05-08 | KEV due: 2026-05-11 | Mapping: CWE mapping: CWE-89 → THR-059

EXP-KEV-0016Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'ivanti' (in 'Ivanti Endpoint Manager Mobile (EPMM)') | CVE: CVE-2026-6973 | Ivanti Endpoint Manager Mobile (EPMM) | Ivanti Endpoint Manager Mobile (EPMM) Improper Input Validation Vulnerability | KEV added: 2026-05-07 | KEV due: 2026-05-10 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-0023Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'samsung' (in 'Samsung MagicINFO 9 Server') | CVE: CVE-2024-7399 | Samsung MagicINFO 9 Server | Samsung MagicINFO 9 Server Path Traversal Vulnerability | KEV added: 2026-04-24 | KEV due: 2026-05-08 | Mapping: CWE mapping: CWE-22 → THR-006

EXP-KEV-0026Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'kentico' (in 'Kentico Kentico Xperience') | CVE: CVE-2025-2749 | Kentico Kentico Xperience | Kentico Xperience Path Traversal Vulnerability | KEV added: 2026-04-20 | KEV due: 2026-05-04 | Mapping: CWE mapping: CWE-22 → THR-006

EXP-KEV-0028Cross-Site Scripting (XSS) (T1190 (Web))HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-060 — Cross-Site Scripting (XSS)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'synacor' (in 'Synacor Zimbra Collaboration Suite (ZCS)') | CVE: CVE-2025-48700 | Synacor Zimbra Collaboration Suite (ZCS) | Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability | KEV added: 2026-04-20 | KEV due: 2026-04-23 | Mapping: CWE mapping: CWE-79 → THR-060

EXP-KEV-0029Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-009 — Valid Accounts (Credential Reuse)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'quest' (in 'Quest KACE Systems Management Appliance (SMA)') | CVE: CVE-2025-32975 | Quest KACE Systems Management Appliance (SMA) | Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability | KEV added: 2026-04-20 | KEV due: 2026-05-04 | Mapping: CWE mapping: CWE-287 → THR-009

EXP-KEV-0030Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'apache activemq' (in 'Apache ActiveMQ') | CVE: CVE-2026-34197 | Apache ActiveMQ | Apache ActiveMQ Improper Input Validation Vulnerability | KEV added: 2026-04-16 | KEV due: 2026-04-30 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-0032Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'microsoft sharepoint' (in 'Microsoft SharePoint Server') | CVE: CVE-2026-32201 | Microsoft SharePoint Server | Microsoft SharePoint Server Improper Input Validation Vulnerability | KEV added: 2026-04-14 | KEV due: 2026-04-28 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-0037SQL Injection (T1190 (Web))HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-059 — SQL Injection
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'forticlient' (in 'Fortinet FortiClient EMS') | CVE: CVE-2026-21643 | Fortinet FortiClient EMS | Fortinet FortiClient EMS SQL Injection Vulnerability | KEV added: 2026-04-13 | KEV due: 2026-04-16 | Mapping: CWE mapping: CWE-89 → THR-059

EXP-KEV-0038Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'ivanti' (in 'Ivanti Endpoint Manager Mobile (EPMM)') | CVE: CVE-2026-1340 | Ivanti Endpoint Manager Mobile (EPMM) | Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability | KEV added: 2026-04-08 | KEV due: 2026-04-11 | Mapping: CWE mapping: CWE-94 → THR-010

EXP-KEV-0039External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-005 — External Remote Services
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'forticlient' (in 'Fortinet FortiClient EMS') | CVE: CVE-2026-35616 | Fortinet FortiClient EMS | Fortinet FortiClient EMS Improper Access Control Vulnerability | KEV added: 2026-04-06 | KEV due: 2026-04-09 | Mapping: Product match: 'fortinet' → THR-005

EXP-KEV-0041Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'citrix' (in 'Citrix NetScaler') | CVE: CVE-2026-3055 | Citrix NetScaler | Citrix NetScaler Out-of-Bounds Read Vulnerability | KEV added: 2026-03-30 | KEV due: 2026-04-02 | Mapping: CWE mapping: CWE-125 → THR-018

EXP-KEV-0042Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'langflow' (in 'Langflow Langflow') | CVE: CVE-2026-33017 | Langflow Langflow | Langflow Code Injection Vulnerability | KEV added: 2026-03-25 | KEV due: 2026-04-08 | Mapping: CWE mapping: CWE-94 → THR-010

EXP-KEV-0043Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'craft cms' (in 'Craft CMS Craft CMS') | CVE: CVE-2025-32432 | Craft CMS Craft CMS | Craft CMS Code Injection Vulnerability | KEV added: 2026-03-20 | KEV due: 2026-04-03 | Mapping: CWE mapping: CWE-94 → THR-010

EXP-KEV-0044Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'laravel' (in 'Laravel Livewire') | CVE: CVE-2025-54068 | Laravel Livewire | Laravel Livewire Code Injection Vulnerability | KEV added: 2026-03-20 | KEV due: 2026-04-03 | Mapping: CWE mapping: CWE-94 → THR-010

EXP-KEV-0049Cross-Site Scripting (XSS) (T1190 (Web))HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-060 — Cross-Site Scripting (XSS)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'synacor' (in 'Synacor Zimbra Collaboration Suite (ZCS)') | CVE: CVE-2025-66376 | Synacor Zimbra Collaboration Suite (ZCS) | Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting Vulnerability | KEV added: 2026-03-18 | KEV due: 2026-04-01 | Mapping: CWE mapping: CWE-79 → THR-060

EXP-KEV-0050Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'microsoft sharepoint' (in 'Microsoft SharePoint') | CVE: CVE-2026-20963 | Microsoft SharePoint | Microsoft SharePoint Deserialization of Untrusted Data Vulnerability | KEV added: 2026-03-18 | KEV due: 2026-03-21 | Mapping: CWE mapping: CWE-502 → THR-006

EXP-KEV-0053Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'omnissa' (in 'Omnissa Workspace One UEM') | CVE: CVE-2021-22054 | Omnissa Workspace One UEM | Omnissa Workspace ONE Server-Side Request Forgery | KEV added: 2026-03-09 | KEV due: 2026-03-23 | Mapping: CWE mapping: CWE-918 → THR-006

EXP-KEV-0054Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'solarwinds' (in 'SolarWinds Web Help Desk') | CVE: CVE-2025-26399 | SolarWinds Web Help Desk | SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability | KEV added: 2026-03-09 | KEV due: 2026-03-12 | Mapping: CWE mapping: CWE-502 → THR-006

EXP-KEV-0055External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-005 — External Remote Services
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'ivanti' (in 'Ivanti Endpoint Manager (EPM)') | CVE: CVE-2026-1603 | Ivanti Endpoint Manager (EPM) | Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability | KEV added: 2026-03-09 | KEV due: 2026-03-23 | Mapping: Product match: 'ivanti' → THR-005

EXP-KEV-0056Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-009 — Valid Accounts (Credential Reuse)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'hikvision' (in 'Hikvision Multiple Products') | CVE: CVE-2017-7921 | Hikvision Multiple Products | Hikvision Multiple Products Improper Authentication Vulnerability | KEV added: 2026-03-05 | KEV due: 2026-03-26 | Mapping: CWE mapping: CWE-287 → THR-009

EXP-KEV-0060Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'broadcom' (in 'Broadcom VMware Aria Operations') | CVE: CVE-2026-22719 | Broadcom VMware Aria Operations | Broadcom VMware Aria Operations Command Injection Vulnerability | KEV added: 2026-03-03 | KEV due: 2026-03-24 | Mapping: CWE mapping: CWE-77 → THR-010

EXP-KEV-0061Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-009 — Valid Accounts (Credential Reuse)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco Catalyst SD-WAN Controller and Manager') | CVE: CVE-2026-20127 | Cisco Catalyst SD-WAN Controller and Manager | Cisco Catalyst SD-WAN Controller and Manager Authentication Bypass Vulnerability | KEV added: 2026-02-25 | KEV due: 2026-02-27 | Mapping: CWE mapping: CWE-287 → THR-009

EXP-KEV-0062Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'soliton' (in 'Soliton Systems K.K FileZen') | CVE: CVE-2026-25108 | Soliton Systems K.K FileZen | Soliton Systems K.K FileZen OS Command Injection Vulnerability | KEV added: 2026-02-24 | KEV due: 2026-03-17 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-0063Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'roundcube' (in 'Roundcube Webmail') | CVE: CVE-2025-49113 | Roundcube Webmail | RoundCube Webmail Deserialization of Untrusted Data Vulnerability | KEV added: 2026-02-20 | KEV due: 2026-03-13 | Mapping: CWE mapping: CWE-502 → THR-006

EXP-KEV-0064Cross-Site Scripting (XSS) (T1190 (Web))HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-060 — Cross-Site Scripting (XSS)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'roundcube' (in 'Roundcube Webmail') | CVE: CVE-2025-68461 | Roundcube Webmail | RoundCube Webmail Cross-site Scripting Vulnerability | KEV added: 2026-02-20 | KEV due: 2026-03-13 | Mapping: CWE mapping: CWE-79 → THR-060

EXP-KEV-0065Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'gitlab' (in 'GitLab GitLab') | CVE: CVE-2021-22175 | GitLab GitLab | GitLab Server-Side Request Forgery (SSRF) Vulnerability | KEV added: 2026-02-18 | KEV due: 2026-03-11 | Mapping: CWE mapping: CWE-918 → THR-006

EXP-KEV-0066Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'synacor' (in 'Synacor Zimbra Collaboration Suite') | CVE: CVE-2020-7796 | Synacor Zimbra Collaboration Suite | Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery Vulnerability | KEV added: 2026-02-17 | KEV due: 2026-03-10 | Mapping: CWE mapping: CWE-918 → THR-006

EXP-KEV-0067Web Shell (T1505.003)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-017 — Web Shell
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'teamt5' (in 'TeamT5 ThreatSonar Anti-Ransomware') | CVE: CVE-2024-7694 | TeamT5 ThreatSonar Anti-Ransomware | TeamT5 ThreatSonar Anti-Ransomware Unrestricted Upload of File with Dangerous Type Vulnerability | KEV added: 2026-02-17 | KEV due: 2026-03-10 | Mapping: CWE mapping: CWE-434 → THR-017

EXP-KEV-0072SQL Injection (T1190 (Web))HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-059 — SQL Injection
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'microsoft configuration manager' (in 'Microsoft Configuration Manager') | CVE: CVE-2024-43468 | Microsoft Configuration Manager | Microsoft Configuration Manager SQL Injection Vulnerability | KEV added: 2026-02-12 | KEV due: 2026-03-05 | Mapping: CWE mapping: CWE-89 → THR-059

EXP-KEV-0079Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'react native' (in 'React Native Community CLI') | CVE: CVE-2025-11953 | React Native Community CLI | React Native Community CLI OS Command Injection Vulnerability | KEV added: 2026-02-05 | KEV due: 2026-02-26 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-0080Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'gitlab' (in 'GitLab Community and Enterprise Editions') | CVE: CVE-2021-39935 | GitLab Community and Enterprise Editions | GitLab Community and Enterprise Editions Server-Side Request Forgery (SSRF) Vulnerability | KEV added: 2026-02-03 | KEV due: 2026-02-24 | Mapping: CWE mapping: CWE-918 → THR-006

EXP-KEV-0081Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'sangoma' (in 'Sangoma FreePBX') | CVE: CVE-2025-64328 | Sangoma FreePBX | Sangoma FreePBX OS Command Injection Vulnerability | KEV added: 2026-02-03 | KEV due: 2026-02-24 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-0082Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-009 — Valid Accounts (Credential Reuse)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'sangoma' (in 'Sangoma FreePBX') | CVE: CVE-2019-19006 | Sangoma FreePBX | Sangoma FreePBX Improper Authentication Vulnerability | KEV added: 2026-02-03 | KEV due: 2026-02-24 | Mapping: CWE mapping: CWE-287 → THR-009

EXP-KEV-0083Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'solarwinds' (in 'SolarWinds Web Help Desk') | CVE: CVE-2025-40551 | SolarWinds Web Help Desk | SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability | KEV added: 2026-02-03 | KEV due: 2026-02-06 | Mapping: CWE mapping: CWE-502 → THR-006

EXP-KEV-0084Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'ivanti' (in 'Ivanti Endpoint Manager Mobile (EPMM)') | CVE: CVE-2026-1281 | Ivanti Endpoint Manager Mobile (EPMM) | Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability | KEV added: 2026-01-29 | KEV due: 2026-02-01 | Mapping: CWE mapping: CWE-94 → THR-010

EXP-KEV-0089Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'broadcom' (in 'Broadcom VMware vCenter Server') | CVE: CVE-2024-37079 | Broadcom VMware vCenter Server | Broadcom VMware vCenter Server Out-of-bounds Write Vulnerability | KEV added: 2026-01-23 | KEV due: 2026-02-13 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-0090Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'synacor' (in 'Synacor Zimbra Collaboration Suite (ZCS)') | CVE: CVE-2025-68645 | Synacor Zimbra Collaboration Suite (ZCS) | Synacor Zimbra Collaboration Suite (ZCS) PHP Remote File Inclusion Vulnerability | KEV added: 2026-01-22 | KEV due: 2026-02-12 | Mapping: Product match: 'php' → THR-006

EXP-KEV-0091Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'prettier' (in 'Prettier eslint-config-prettier') | CVE: CVE-2025-54313 | Prettier eslint-config-prettier | Prettier eslint-config-prettier Embedded Malicious Code Vulnerability | KEV added: 2026-01-22 | KEV due: 2026-02-12 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0092Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco Unified Communications Manager') | CVE: CVE-2026-20045 | Cisco Unified Communications Manager | Cisco Unified Communications Products Code Injection Vulnerability | KEV added: 2026-01-21 | KEV due: 2026-02-11 | Mapping: CWE mapping: CWE-94 → THR-010

EXP-KEV-0094Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'gogs' (in 'Gogs Gogs') | CVE: CVE-2025-8110 | Gogs Gogs | Gogs Path Traversal Vulnerability | KEV added: 2026-01-12 | KEV due: 2026-02-02 | Mapping: CWE mapping: CWE-22 → THR-006

EXP-KEV-0096Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'hewlett' (in 'Hewlett Packard Enterprise (HPE) OneView') | CVE: CVE-2025-37164 | Hewlett Packard Enterprise (HPE) OneView | Hewlett Packard Enterprise (HPE) OneView Code Injection Vulnerability | KEV added: 2026-01-07 | KEV due: 2026-01-28 | Mapping: CWE mapping: CWE-94 → THR-010

EXP-KEV-0097Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'mongodb' (in 'MongoDB MongoDB and MongoDB Server') | CVE: CVE-2025-14847 | MongoDB MongoDB and MongoDB Server | MongoDB and MongoDB Server Improper Handling of Length Parameter Inconsistency Vulnerability | KEV added: 2025-12-29 | KEV due: 2026-01-19 | Mapping: Product match: 'mongodb' → THR-006

EXP-KEV-0098Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-009 — Valid Accounts (Credential Reuse)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'digiever' (in 'Digiever DS-2105 Pro') | CVE: CVE-2023-52163 | Digiever DS-2105 Pro | Digiever DS-2105 Pro Missing Authorization Vulnerability | KEV added: 2025-12-22 | KEV due: 2026-01-12 | Mapping: CWE mapping: CWE-862 → THR-009

EXP-KEV-0099Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'watchguard' (in 'WatchGuard Firebox') | CVE: CVE-2025-14733 | WatchGuard Firebox | WatchGuard Firebox Out of Bounds Write Vulnerability | KEV added: 2025-12-19 | KEV due: 2025-12-26 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-0100Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-009 — Valid Accounts (Credential Reuse)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'sonicwall' (in 'SonicWall SMA1000 appliance') | CVE: CVE-2025-40602 | SonicWall SMA1000 appliance | SonicWall SMA1000 Missing Authorization Vulnerability | KEV added: 2025-12-17 | KEV due: 2025-12-24 | Mapping: CWE mapping: CWE-862 → THR-009

EXP-KEV-0101Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco Multiple Products') | CVE: CVE-2025-20393 | Cisco Multiple Products | Cisco Multiple Products Improper Input Validation Vulnerability | KEV added: 2025-12-17 | KEV due: 2025-12-24 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-0104Web Shell (T1505.003)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-017 — Web Shell
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'sierra wireless' (in 'Sierra Wireless AirLink ALEOS') | CVE: CVE-2018-4063 | Sierra Wireless AirLink ALEOS | Sierra Wireless AirLink ALEOS Unrestricted Upload of File with Dangerous Type Vulnerability | KEV added: 2025-12-12 | KEV due: 2026-01-02 | Mapping: CWE mapping: CWE-434 → THR-017

EXP-KEV-0106Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'rarlab' (in 'RARLAB WinRAR') | CVE: CVE-2025-6218 | RARLAB WinRAR | RARLAB WinRAR Path Traversal Vulnerability | KEV added: 2025-12-09 | KEV due: 2025-12-30 | Mapping: CWE mapping: CWE-22 → THR-006

EXP-KEV-0108Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'array networks' (in 'Array Networks ArrayOS AG') | CVE: CVE-2025-66644 | Array Networks ArrayOS AG | Array Networks ArrayOS AG OS Command Injection Vulnerability | KEV added: 2025-12-08 | KEV due: 2025-12-29 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-0109Web Shell (T1505.003)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-017 — Web Shell
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'openplc' (in 'OpenPLC ScadaBR') | CVE: CVE-2021-26828 | OpenPLC ScadaBR | OpenPLC ScadaBR Unrestricted Upload of File with Dangerous Type Vulnerability | KEV added: 2025-12-03 | KEV due: 2025-12-24 | Mapping: CWE mapping: CWE-434 → THR-017

EXP-KEV-0112Cross-Site Scripting (XSS) (T1190 (Web))HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-060 — Cross-Site Scripting (XSS)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'openplc' (in 'OpenPLC ScadaBR') | CVE: CVE-2021-26829 | OpenPLC ScadaBR | OpenPLC ScadaBR Cross-site Scripting Vulnerability | KEV added: 2025-11-28 | KEV due: 2025-12-19 | Mapping: CWE mapping: CWE-79 → THR-060

EXP-KEV-0116Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'watchguard' (in 'WatchGuard Firebox') | CVE: CVE-2025-9242 | WatchGuard Firebox | WatchGuard Firebox Out-of-Bounds Write Vulnerability | KEV added: 2025-11-12 | KEV due: 2025-12-03 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-0117Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'samsung' (in 'Samsung Mobile Devices') | CVE: CVE-2025-21042 | Samsung Mobile Devices | Samsung Mobile Devices Out-of-Bounds Write Vulnerability | KEV added: 2025-11-10 | KEV due: 2025-12-01 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-0118Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cwp' (in 'CWP Control Web Panel') | CVE: CVE-2025-48703 | CWP Control Web Panel | CWP Control Web Panel OS Command Injection Vulnerability | KEV added: 2025-11-04 | KEV due: 2025-11-25 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-0119Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'dassault' (in 'Dassault Systèmes DELMIA Apriso') | CVE: CVE-2025-6204 | Dassault Systèmes DELMIA Apriso | Dassault Systèmes DELMIA Apriso Code Injection Vulnerability | KEV added: 2025-10-28 | KEV due: 2025-11-18 | Mapping: CWE mapping: CWE-94 → THR-010

EXP-KEV-0120Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-009 — Valid Accounts (Credential Reuse)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'dassault' (in 'Dassault Systèmes DELMIA Apriso') | CVE: CVE-2025-6205 | Dassault Systèmes DELMIA Apriso | Dassault Systèmes DELMIA Apriso Missing Authorization Vulnerability | KEV added: 2025-10-28 | KEV due: 2025-11-18 | Mapping: CWE mapping: CWE-862 → THR-009

EXP-KEV-0121Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'adobe commerce' (in 'Adobe Commerce and Magento') | CVE: CVE-2025-54236 | Adobe Commerce and Magento | Adobe Commerce and Magento Improper Input Validation Vulnerability | KEV added: 2025-10-24 | KEV due: 2025-11-14 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-0126Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-004 — Drive-By Compromise
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'igel' (in 'IGEL IGEL OS') | CVE: CVE-2025-47827 | IGEL IGEL OS | IGEL OS Use of a Key Past its Expiration Date Vulnerability | KEV added: 2025-10-14 | KEV due: 2025-11-04 | Mapping: Product match: 'flash' → THR-004

EXP-KEV-0129Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-009 — Valid Accounts (Credential Reuse)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'skysea' (in 'SKYSEA Client View') | CVE: CVE-2016-7836 | SKYSEA Client View | SKYSEA Client View Improper Authentication Vulnerability | KEV added: 2025-10-14 | KEV due: 2025-11-04 | Mapping: CWE mapping: CWE-287 → THR-009

EXP-KEV-0130Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'grafana' (in 'Grafana Labs Grafana') | CVE: CVE-2021-43798 | Grafana Labs Grafana | Grafana Path Traversal Vulnerability | KEV added: 2025-10-09 | KEV due: 2025-10-30 | Mapping: CWE mapping: CWE-22 → THR-006

EXP-KEV-0131Cross-Site Scripting (XSS) (T1190 (Web))HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-060 — Cross-Site Scripting (XSS)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'synacor' (in 'Synacor Zimbra Collaboration Suite (ZCS)') | CVE: CVE-2025-27915 | Synacor Zimbra Collaboration Suite (ZCS) | Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability | KEV added: 2025-10-07 | KEV due: 2025-10-28 | Mapping: CWE mapping: CWE-79 → THR-060

EXP-KEV-0136Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-004 — Drive-By Compromise
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'mozilla' (in 'Mozilla Multiple Products') | CVE: CVE-2010-3765 | Mozilla Multiple Products | Mozilla Multiple Products Remote Code Execution Vulnerability | KEV added: 2025-10-06 | KEV due: 2025-10-27 | Mapping: Product match: 'firefox' → THR-004

EXP-KEV-0137Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'gnu' (in 'GNU GNU Bash') | CVE: CVE-2014-6278 | GNU GNU Bash | GNU Bash OS Command Injection Vulnerability | KEV added: 2025-10-02 | KEV due: 2025-10-23 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-0138Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'jenkins' (in 'Jenkins Jenkins') | CVE: CVE-2017-1000353 | Jenkins Jenkins | Jenkins Remote Code Execution Vulnerability | KEV added: 2025-10-02 | KEV due: 2025-10-23 | Mapping: Product match: 'jenkins' → THR-006

EXP-KEV-0139Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-009 — Valid Accounts (Credential Reuse)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'juniper' (in 'Juniper ScreenOS') | CVE: CVE-2015-7755 | Juniper ScreenOS | Juniper ScreenOS Improper Authentication Vulnerability | KEV added: 2025-10-02 | KEV due: 2025-10-23 | Mapping: CWE mapping: CWE-287 → THR-009

EXP-KEV-0140Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'samsung' (in 'Samsung Mobile Devices') | CVE: CVE-2025-21043 | Samsung Mobile Devices | Samsung Mobile Devices Out-of-Bounds Write Vulnerability | KEV added: 2025-10-02 | KEV due: 2025-10-23 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-0141Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'smartbedded' (in 'Smartbedded Meteobridge') | CVE: CVE-2025-4008 | Smartbedded Meteobridge | Smartbedded Meteobridge Command Injection Vulnerability | KEV added: 2025-10-02 | KEV due: 2025-10-23 | Mapping: CWE mapping: CWE-77 → THR-010

EXP-KEV-0142Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'libraesva' (in 'Libraesva Email Security Gateway') | CVE: CVE-2025-59689 | Libraesva Email Security Gateway | Libraesva Email Security Gateway Command Injection Vulnerability | KEV added: 2025-09-29 | KEV due: 2025-10-20 | Mapping: CWE mapping: CWE-77 → THR-010

EXP-KEV-0144External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-005 — External Remote Services
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS and IOS XE') | CVE: CVE-2025-20352 | Cisco IOS and IOS XE | Cisco IOS and IOS XE Software SNMP Denial of Service and Remote Code Execution Vulnerability | KEV added: 2025-09-29 | KEV due: 2025-10-20 | Mapping: Product match: 'cisco ios' → THR-005

EXP-KEV-0145Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'adminer' (in 'Adminer Adminer') | CVE: CVE-2021-21311 | Adminer Adminer | Adminer Server-Side Request Forgery Vulnerability | KEV added: 2025-09-29 | KEV due: 2025-10-20 | Mapping: CWE mapping: CWE-918 → THR-006

EXP-KEV-0146Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-009 — Valid Accounts (Credential Reuse)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense') | CVE: CVE-2025-20362 | Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense | Cisco Secure Firewall Adaptive Security (ASA) Appliance and Secure Firewall Threat Defense (FTD) Missing Authorization Vulnerability | KEV added: 2025-09-25 | KEV due: 2025-09-26 | Mapping: CWE mapping: CWE-862 → THR-009

EXP-KEV-0147External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-005 — External Remote Services
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense') | CVE: CVE-2025-20333 | Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense | Cisco Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) Buffer Overflow Vulnerability | KEV added: 2025-09-25 | KEV due: 2025-09-26 | Mapping: Product match: 'vpn' → THR-005

EXP-KEV-0148Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'dassault' (in 'Dassault Systèmes DELMIA Apriso') | CVE: CVE-2025-5086 | Dassault Systèmes DELMIA Apriso | Dassault Systèmes DELMIA Apriso Deserialization of Untrusted Data Vulnerability | KEV added: 2025-09-11 | KEV due: 2025-10-02 | Mapping: CWE mapping: CWE-502 → THR-006

EXP-KEV-0151Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'sitecore' (in 'Sitecore Multiple Products') | CVE: CVE-2025-53690 | Sitecore Multiple Products | Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability | KEV added: 2025-09-04 | KEV due: 2025-09-25 | Mapping: CWE mapping: CWE-502 → THR-006

EXP-KEV-0152Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'tp-link' (in 'TP-Link Multiple Routers') | CVE: CVE-2025-9377 | TP-Link Multiple Routers | TP-Link Archer C7(EU) and TL-WR841N/ND(MS) OS Command Injection Vulnerability | KEV added: 2025-09-03 | KEV due: 2025-09-24 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-0153Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-009 — Valid Accounts (Credential Reuse)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'meta' (in 'Meta Platforms WhatsApp') | CVE: CVE-2025-55177 | Meta Platforms WhatsApp | Meta Platforms WhatsApp Incorrect Authorization Vulnerability | KEV added: 2025-09-02 | KEV due: 2025-09-23 | Mapping: CWE mapping: CWE-863 → THR-009

EXP-KEV-0154SQL Injection (T1190 (Web))HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-059 — SQL Injection
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'sangoma' (in 'Sangoma FreePBX') | CVE: CVE-2025-57819 | Sangoma FreePBX | Sangoma FreePBX Authentication Bypass Vulnerability | KEV added: 2025-08-29 | KEV due: 2025-09-19 | Mapping: CWE mapping: CWE-89 → THR-059

EXP-KEV-0155Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'citrix' (in 'Citrix NetScaler') | CVE: CVE-2025-7775 | Citrix NetScaler | Citrix NetScaler Memory Overflow Vulnerability | KEV added: 2025-08-26 | KEV due: 2025-08-28 | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-0156Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'citrix' (in 'Citrix Session Recording') | CVE: CVE-2024-8068 | Citrix Session Recording | Citrix Session Recording Improper Privilege Management Vulnerability | KEV added: 2025-08-25 | KEV due: 2025-09-15 | Mapping: CWE mapping: CWE-269 → THR-018

EXP-KEV-0157Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'citrix' (in 'Citrix Session Recording') | CVE: CVE-2024-8069 | Citrix Session Recording | Citrix Session Recording Deserialization of Untrusted Data Vulnerability | KEV added: 2025-08-25 | KEV due: 2025-09-15 | Mapping: CWE mapping: CWE-502 → THR-006

EXP-KEV-0159Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'trend micro' (in 'Trend Micro Apex One') | CVE: CVE-2025-54948 | Trend Micro Apex One | Trend Micro Apex One OS Command Injection Vulnerability | KEV added: 2025-08-18 | KEV due: 2025-09-08 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-0160Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'rarlab' (in 'RARLAB WinRAR') | CVE: CVE-2025-8088 | RARLAB WinRAR | RARLAB WinRAR Path Traversal Vulnerability | KEV added: 2025-08-12 | KEV due: 2025-09-02 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0163Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'papercut' (in 'PaperCut NG/MF') | CVE: CVE-2023-2533 | PaperCut NG/MF | PaperCut NG/MF Cross-Site Request Forgery (CSRF) Vulnerability | KEV added: 2025-07-28 | KEV due: 2025-08-18 | Mapping: CWE mapping: CWE-352 → THR-006

EXP-KEV-0170Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'synacor' (in 'Synacor Zimbra Collaboration Suite (ZCS)') | CVE: CVE-2019-9621 | Synacor Zimbra Collaboration Suite (ZCS) | Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery (SSRF) Vulnerability | KEV added: 2025-07-07 | KEV due: 2025-07-28 | Mapping: CWE mapping: CWE-918 → THR-006

EXP-KEV-0171Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'rails' (in 'Rails Ruby on Rails') | CVE: CVE-2019-5418 | Rails Ruby on Rails | Rails Ruby on Rails Path Traversal Vulnerability | KEV added: 2025-07-07 | KEV due: 2025-07-28 | Mapping: CWE mapping: CWE-22 → THR-006

EXP-KEV-0172Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'php' (in 'PHP PHPMailer') | CVE: CVE-2016-10033 | PHP PHPMailer | PHPMailer Command Injection Vulnerability | KEV added: 2025-07-07 | KEV due: 2025-07-28 | Mapping: CWE mapping: CWE-77 → THR-010

EXP-KEV-0173Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'looking glass' (in 'Looking Glass Multi-Router Looking Glass (MRLG)') | CVE: CVE-2014-3931 | Looking Glass Multi-Router Looking Glass (MRLG) | Multi-Router Looking Glass (MRLG) Buffer Overflow Vulnerability | KEV added: 2025-07-07 | KEV due: 2025-07-28 | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-0175Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'telemessage' (in 'TeleMessage TM SGNL') | CVE: CVE-2025-48927 | TeleMessage TM SGNL | TeleMessage TM SGNL Initialization of a Resource with an Insecure Default Vulnerability | KEV added: 2025-07-01 | KEV due: 2025-07-22 | Mapping: Product match: 'spring' → THR-006

EXP-KEV-0176Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'citrix' (in 'Citrix NetScaler ADC and Gateway') | CVE: CVE-2025-6543 | Citrix NetScaler ADC and Gateway | Citrix NetScaler ADC and Gateway Buffer Overflow Vulnerability | KEV added: 2025-06-30 | KEV due: 2025-07-21 | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-0180Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'tp-link' (in 'TP-Link Multiple Routers') | CVE: CVE-2023-33538 | TP-Link Multiple Routers | TP-Link Multiple Routers Command Injection Vulnerability | KEV added: 2025-06-16 | KEV due: 2025-07-07 | Mapping: CWE mapping: CWE-77 → THR-010

EXP-KEV-0183Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'wazuh' (in 'Wazuh Wazuh Server') | CVE: CVE-2025-24016 | Wazuh Wazuh Server | Wazuh Server Deserialization of Untrusted Data Vulnerability | KEV added: 2025-06-10 | KEV due: 2025-07-01 | Mapping: CWE mapping: CWE-502 → THR-006

EXP-KEV-0184Cross-Site Scripting (XSS) (T1190 (Web))HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-060 — Cross-Site Scripting (XSS)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'roundcube' (in 'Roundcube Webmail') | CVE: CVE-2024-42009 | Roundcube Webmail | RoundCube Webmail Cross-Site Scripting Vulnerability | KEV added: 2025-06-09 | KEV due: 2025-06-30 | Mapping: CWE mapping: CWE-79 → THR-060

EXP-KEV-0186Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-009 — Valid Accounts (Credential Reuse)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'qualcomm' (in 'Qualcomm Multiple Chipsets') | CVE: CVE-2025-21479 | Qualcomm Multiple Chipsets | Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability | KEV added: 2025-06-03 | KEV due: 2025-06-24 | Mapping: CWE mapping: CWE-863 → THR-009

EXP-KEV-0187Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-009 — Valid Accounts (Credential Reuse)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'qualcomm' (in 'Qualcomm Multiple Chipsets') | CVE: CVE-2025-21480 | Qualcomm Multiple Chipsets | Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability | KEV added: 2025-06-03 | KEV due: 2025-06-24 | Mapping: CWE mapping: CWE-863 → THR-009

EXP-KEV-0188Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'qualcomm' (in 'Qualcomm Multiple Chipsets') | CVE: CVE-2025-27038 | Qualcomm Multiple Chipsets | Qualcomm Multiple Chipsets Use-After-Free Vulnerability | KEV added: 2025-06-03 | KEV due: 2025-06-24 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-0189Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-009 — Valid Accounts (Credential Reuse)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'asus' (in 'ASUS Routers') | CVE: CVE-2021-32030 | ASUS Routers | ASUS Routers Improper Authentication Vulnerability | KEV added: 2025-06-02 | KEV due: 2025-06-23 | Mapping: CWE mapping: CWE-287 → THR-009

EXP-KEV-0190Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-009 — Valid Accounts (Credential Reuse)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'connectwise' (in 'ConnectWise ScreenConnect') | CVE: CVE-2025-3935 | ConnectWise ScreenConnect | ConnectWise ScreenConnect Improper Authentication Vulnerability | KEV added: 2025-06-02 | KEV due: 2025-06-23 | Mapping: CWE mapping: CWE-287 → THR-009

EXP-KEV-0191Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'craft cms' (in 'Craft CMS Craft CMS') | CVE: CVE-2025-35939 | Craft CMS Craft CMS | Craft CMS External Control of Assumed-Immutable Web Parameter Vulnerability | KEV added: 2025-06-02 | KEV due: 2025-06-23 | Mapping: Product match: 'php' → THR-006

EXP-KEV-0192Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'craft cms' (in 'Craft CMS Craft CMS') | CVE: CVE-2024-56145 | Craft CMS Craft CMS | Craft CMS Code Injection Vulnerability | KEV added: 2025-06-02 | KEV due: 2025-06-23 | Mapping: CWE mapping: CWE-94 → THR-010

EXP-KEV-0193Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'asus' (in 'ASUS RT-AX55 Routers') | CVE: CVE-2023-39780 | ASUS RT-AX55 Routers | ASUS RT-AX55 Routers OS Command Injection Vulnerability | KEV added: 2025-06-02 | KEV due: 2025-06-23 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-0194Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'samsung' (in 'Samsung MagicINFO 9 Server') | CVE: CVE-2025-4632 | Samsung MagicINFO 9 Server | Samsung MagicINFO 9 Server Path Traversal Vulnerability | KEV added: 2025-05-22 | KEV due: 2025-06-12 | Mapping: CWE mapping: CWE-22 → THR-006

EXP-KEV-0195Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'zkteco' (in 'ZKTeco BioTime') | CVE: CVE-2023-38950 | ZKTeco BioTime | ZKTeco BioTime Path Traversal Vulnerability | KEV added: 2025-05-19 | KEV due: 2025-06-09 | Mapping: CWE mapping: CWE-22 → THR-006

EXP-KEV-0196Cross-Site Scripting (XSS) (T1190 (Web))HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-060 — Cross-Site Scripting (XSS)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'synacor' (in 'Synacor Zimbra Collaboration Suite (ZCS)') | CVE: CVE-2024-27443 | Synacor Zimbra Collaboration Suite (ZCS) | Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability | KEV added: 2025-05-19 | KEV due: 2025-06-09 | Mapping: CWE mapping: CWE-79 → THR-060

EXP-KEV-0197Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'srimax' (in 'Srimax Output Messenger') | CVE: CVE-2025-27920 | Srimax Output Messenger | Srimax Output Messenger Directory Traversal Vulnerability | KEV added: 2025-05-19 | KEV due: 2025-06-09 | Mapping: CWE mapping: CWE-22 → THR-006

EXP-KEV-0198Cross-Site Scripting (XSS) (T1190 (Web))HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-060 — Cross-Site Scripting (XSS)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'mdaemon' (in 'MDaemon Email Server') | CVE: CVE-2024-11182 | MDaemon Email Server | MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability | KEV added: 2025-05-19 | KEV due: 2025-06-09 | Mapping: CWE mapping: CWE-79 → THR-060

EXP-KEV-0199Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'ivanti' (in 'Ivanti Endpoint Manager Mobile (EPMM)') | CVE: CVE-2025-4428 | Ivanti Endpoint Manager Mobile (EPMM) | Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability | KEV added: 2025-05-19 | KEV due: 2025-06-09 | Mapping: CWE mapping: CWE-94 → THR-010

EXP-KEV-0200External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-005 — External Remote Services
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'ivanti' (in 'Ivanti Endpoint Manager Mobile (EPMM)') | CVE: CVE-2025-4427 | Ivanti Endpoint Manager Mobile (EPMM) | Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability | KEV added: 2025-05-19 | KEV due: 2025-06-09 | Mapping: Product match: 'ivanti' → THR-005

EXP-KEV-0201Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'sap' (in 'SAP NetWeaver') | CVE: CVE-2025-42999 | SAP NetWeaver | SAP NetWeaver Deserialization Vulnerability | KEV added: 2025-05-15 | KEV due: 2025-06-05 | Mapping: CWE mapping: CWE-502 → THR-006

EXP-KEV-0202Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'draytek' (in 'DrayTek Vigor Routers') | CVE: CVE-2024-12987 | DrayTek Vigor Routers | DrayTek Vigor Routers OS Command Injection Vulnerability | KEV added: 2025-05-15 | KEV due: 2025-06-05 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-0209Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'geovision' (in 'GeoVision Multiple Devices') | CVE: CVE-2024-11120 | GeoVision Multiple Devices | GeoVision Devices OS Command Injection Vulnerability | KEV added: 2025-05-07 | KEV due: 2025-05-28 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-0210Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'geovision' (in 'GeoVision Multiple Devices') | CVE: CVE-2024-6047 | GeoVision Multiple Devices | GeoVision Devices OS Command Injection Vulnerability | KEV added: 2025-05-07 | KEV due: 2025-05-28 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-0211Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'freetype' (in 'FreeType FreeType') | CVE: CVE-2025-27363 | FreeType FreeType | FreeType Out-of-Bounds Write Vulnerability | KEV added: 2025-05-06 | KEV due: 2025-05-27 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-0212Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'commvault' (in 'Commvault Command Center') | CVE: CVE-2025-34028 | Commvault Command Center | Commvault Command Center Path Traversal Vulnerability | KEV added: 2025-05-02 | KEV due: 2025-05-23 | Mapping: CWE mapping: CWE-22 → THR-006

EXP-KEV-0214Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'sonicwall' (in 'SonicWall SMA100 Appliances') | CVE: CVE-2023-44221 | SonicWall SMA100 Appliances | SonicWall SMA100 Appliances OS Command Injection Vulnerability | KEV added: 2025-05-01 | KEV due: 2025-05-22 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-0216Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'broadcom' (in 'Broadcom Brocade Fabric OS') | CVE: CVE-2025-1976 | Broadcom Brocade Fabric OS | Broadcom Brocade Fabric OS Code Injection Vulnerability | KEV added: 2025-04-28 | KEV due: 2025-05-19 | Mapping: CWE mapping: CWE-94 → THR-010

EXP-KEV-0217Ransomware (Data Encrypted) (T1486)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-040 — Ransomware (Data Encrypted)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'commvault' (in 'Commvault Web Server') | CVE: CVE-2025-3928 | Commvault Web Server | Commvault Web Server Unspecified Vulnerability | KEV added: 2025-04-28 | KEV due: 2025-05-19 | Mapping: Product match: 'commvault' → THR-040

EXP-KEV-0221Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'sonicwall' (in 'SonicWall SMA100 Appliances') | CVE: CVE-2021-20035 | SonicWall SMA100 Appliances | SonicWall SMA100 Appliances OS Command Injection Vulnerability | KEV added: 2025-04-16 | KEV due: 2025-05-07 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-0228Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'sitecore' (in 'Sitecore CMS and Experience Platform (XP)') | CVE: CVE-2019-9875 | Sitecore CMS and Experience Platform (XP) | Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability | KEV added: 2025-03-26 | KEV due: 2025-04-16 | Mapping: CWE mapping: CWE-502 → THR-006

EXP-KEV-0229Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'sitecore' (in 'Sitecore CMS and Experience Platform (XP)') | CVE: CVE-2019-9874 | Sitecore CMS and Experience Platform (XP) | Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability | KEV added: 2025-03-26 | KEV due: 2025-04-16 | Mapping: CWE mapping: CWE-502 → THR-006

EXP-KEV-0230Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'sap' (in 'SAP NetWeaver') | CVE: CVE-2017-12637 | SAP NetWeaver | SAP NetWeaver Directory Traversal Vulnerability | KEV added: 2025-03-19 | KEV due: 2025-04-09 | Mapping: CWE mapping: CWE-22 → THR-006

EXP-KEV-0231Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'edimax' (in 'Edimax IC-7100 IP Camera') | CVE: CVE-2025-1316 | Edimax IC-7100 IP Camera | Edimax IC-7100 IP Camera OS Command Injection Vulnerability | KEV added: 2025-03-19 | KEV due: 2025-04-09 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-0240External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-005 — External Remote Services
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'ivanti' (in 'Ivanti Endpoint Manager (EPM)') | CVE: CVE-2024-13161 | Ivanti Endpoint Manager (EPM) | Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability | KEV added: 2025-03-10 | KEV due: 2025-03-31 | Mapping: Product match: 'ivanti' → THR-005

EXP-KEV-0241External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-005 — External Remote Services
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'ivanti' (in 'Ivanti Endpoint Manager (EPM)') | CVE: CVE-2024-13160 | Ivanti Endpoint Manager (EPM) | Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability | KEV added: 2025-03-10 | KEV due: 2025-03-31 | Mapping: Product match: 'ivanti' → THR-005

EXP-KEV-0242External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-005 — External Remote Services
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'ivanti' (in 'Ivanti Endpoint Manager (EPM)') | CVE: CVE-2024-13159 | Ivanti Endpoint Manager (EPM) | Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability | KEV added: 2025-03-10 | KEV due: 2025-03-31 | Mapping: Product match: 'ivanti' → THR-005

EXP-KEV-0243Web Shell (T1505.003)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-017 — Web Shell
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'advantive' (in 'Advantive VeraCore') | CVE: CVE-2024-57968 | Advantive VeraCore | Advantive VeraCore Unrestricted File Upload Vulnerability | KEV added: 2025-03-10 | KEV due: 2025-03-31 | Mapping: CWE mapping: CWE-434 → THR-017

EXP-KEV-0244SQL Injection (T1190 (Web))HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-059 — SQL Injection
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'advantive' (in 'Advantive VeraCore') | CVE: CVE-2025-25181 | Advantive VeraCore | Advantive VeraCore SQL Injection Vulnerability | KEV added: 2025-03-10 | KEV due: 2025-03-31 | Mapping: CWE mapping: CWE-89 → THR-059

EXP-KEV-0245Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'vmware' (in 'VMware ESXi, Workstation, and Fusion') | CVE: CVE-2025-22226 | VMware ESXi, Workstation, and Fusion | VMware ESXi, Workstation, and Fusion Information Disclosure Vulnerability | KEV added: 2025-03-04 | KEV due: 2025-03-25 | Mapping: CWE mapping: CWE-125 → THR-018

EXP-KEV-0247Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'progress' (in 'Progress WhatsUp Gold') | CVE: CVE-2024-4885 | Progress WhatsUp Gold | Progress WhatsUp Gold Path Traversal Vulnerability | KEV added: 2025-03-03 | KEV due: 2025-03-24 | Mapping: CWE mapping: CWE-22 → THR-006

EXP-KEV-0249Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'hitachi' (in 'Hitachi Vantara Pentaho Business Analytics (BA) Server') | CVE: CVE-2022-43769 | Hitachi Vantara Pentaho Business Analytics (BA) Server | Hitachi Vantara Pentaho BA Server Special Element Injection Vulnerability | KEV added: 2025-03-03 | KEV due: 2025-03-24 | Mapping: Product match: 'spring' → THR-006

EXP-KEV-0250Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco Small Business RV Series Routers') | CVE: CVE-2023-20118 | Cisco Small Business RV Series Routers | Cisco Small Business RV Series Routers Command Injection Vulnerability | KEV added: 2025-03-03 | KEV due: 2025-03-24 | Mapping: CWE mapping: CWE-77 → THR-010

EXP-KEV-0251Cross-Site Scripting (XSS) (T1190 (Web))HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-060 — Cross-Site Scripting (XSS)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'synacor' (in 'Synacor Zimbra Collaboration Suite (ZCS)') | CVE: CVE-2023-34192 | Synacor Zimbra Collaboration Suite (ZCS) | Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability | KEV added: 2025-02-25 | KEV due: 2025-03-18 | Mapping: CWE mapping: CWE-79 → THR-060

EXP-KEV-0252Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'microsoft partner center' (in 'Microsoft Partner Center') | CVE: CVE-2024-49035 | Microsoft Partner Center | Microsoft Partner Center Improper Access Control Vulnerability | KEV added: 2025-02-25 | KEV due: 2025-03-18 | Mapping: CWE mapping: CWE-269 → THR-018

EXP-KEV-0253Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'oracle' (in 'Oracle Agile Product Lifecycle Management (PLM)') | CVE: CVE-2024-20953 | Oracle Agile Product Lifecycle Management (PLM) | Oracle Agile Product Lifecycle Management (PLM) Deserialization Vulnerability | KEV added: 2025-02-24 | KEV due: 2025-03-17 | Mapping: CWE mapping: CWE-502 → THR-006

EXP-KEV-0254Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'adobe coldfusion' (in 'Adobe ColdFusion') | CVE: CVE-2017-3066 | Adobe ColdFusion | Adobe ColdFusion Deserialization Vulnerability | KEV added: 2025-02-24 | KEV due: 2025-03-17 | Mapping: CWE mapping: CWE-502 → THR-006

EXP-KEV-0256Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'craft cms' (in 'Craft CMS Craft CMS') | CVE: CVE-2025-23209 | Craft CMS Craft CMS | Craft CMS Code Injection Vulnerability | KEV added: 2025-02-20 | KEV due: 2025-03-13 | Mapping: CWE mapping: CWE-94 → THR-010

EXP-KEV-0261Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'zyxel' (in 'Zyxel DSL CPE Devices') | CVE: CVE-2024-40891 | Zyxel DSL CPE Devices | Zyxel DSL CPE OS Command Injection Vulnerability | KEV added: 2025-02-11 | KEV due: 2025-03-04 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-0262Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'zyxel' (in 'Zyxel DSL CPE Devices') | CVE: CVE-2024-40890 | Zyxel DSL CPE Devices | Zyxel DSL CPE OS Command Injection Vulnerability | KEV added: 2025-02-11 | KEV due: 2025-03-04 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-0265Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'trimble' (in 'Trimble Cityworks') | CVE: CVE-2025-0994 | Trimble Cityworks | Trimble Cityworks Deserialization Vulnerability | KEV added: 2025-02-07 | KEV due: 2025-02-28 | Mapping: CWE mapping: CWE-502 → THR-006

EXP-KEV-0266SQL Injection (T1190 (Web))HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-059 — SQL Injection
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'sophos' (in 'Sophos CyberoamOS') | CVE: CVE-2020-29574 | Sophos CyberoamOS | CyberoamOS (CROS) SQL Injection Vulnerability | KEV added: 2025-02-06 | KEV due: 2025-02-27 | Mapping: CWE mapping: CWE-89 → THR-059

EXP-KEV-0269Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'paessler' (in 'Paessler PRTG Network Monitor') | CVE: CVE-2018-9276 | Paessler PRTG Network Monitor | Paessler PRTG Network Monitor OS Command Injection Vulnerability | KEV added: 2025-02-04 | KEV due: 2025-02-25 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-0270Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'apache ofbiz' (in 'Apache OFBiz') | CVE: CVE-2024-45195 | Apache OFBiz | Apache OFBiz Forced Browsing Vulnerability | KEV added: 2025-02-04 | KEV due: 2025-02-25 | Mapping: Product match: 'apache' → THR-006

EXP-KEV-0273Cross-Site Scripting (XSS) (T1190 (Web))HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-060 — Cross-Site Scripting (XSS)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'jquery' (in 'JQuery JQuery') | CVE: CVE-2020-11023 | JQuery JQuery | JQuery Cross-Site Scripting (XSS) Vulnerability | KEV added: 2025-01-23 | KEV due: 2025-02-13 | Mapping: CWE mapping: CWE-79 → THR-060

EXP-KEV-0274Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'aviatrix' (in 'Aviatrix Controllers') | CVE: CVE-2024-50603 | Aviatrix Controllers | Aviatrix Controllers OS Command Injection Vulnerability | KEV added: 2025-01-16 | KEV due: 2025-02-06 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-0279Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'beyondtrust' (in 'BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS)') | CVE: CVE-2024-12686 | BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) | BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) OS Command Injection Vulnerability | KEV added: 2025-01-13 | KEV due: 2025-02-03 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-0284Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'beyondtrust' (in 'BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS)') | CVE: CVE-2024-12356 | BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) | BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) Command Injection Vulnerability | KEV added: 2024-12-19 | KEV due: 2024-12-27 | Mapping: CWE mapping: CWE-77 → THR-010

EXP-KEV-0285Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'reolink' (in 'Reolink RLC-410W IP Camera') | CVE: CVE-2021-40407 | Reolink RLC-410W IP Camera | Reolink RLC-410W IP Camera OS Command Injection Vulnerability | KEV added: 2024-12-18 | KEV due: 2025-01-08 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-0286Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'reolink' (in 'Reolink Multiple IP Cameras') | CVE: CVE-2019-11001 | Reolink Multiple IP Cameras | Reolink Multiple IP Cameras OS Command Injection Vulnerability | KEV added: 2024-12-18 | KEV due: 2025-01-08 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-0287Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'nuuo' (in 'NUUO NVRmini Devices') | CVE: CVE-2018-14933 | NUUO NVRmini Devices | NUUO NVRmini Devices OS Command Injection Vulnerability | KEV added: 2024-12-18 | KEV due: 2025-01-08 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-0293Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-009 — Valid Accounts (Credential Reuse)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'projectsend' (in 'ProjectSend ProjectSend') | CVE: CVE-2024-11680 | ProjectSend ProjectSend | ProjectSend Improper Authentication Vulnerability | KEV added: 2024-12-03 | KEV due: 2024-12-24 | Mapping: CWE mapping: CWE-287 → THR-009

EXP-KEV-0295Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-009 — Valid Accounts (Credential Reuse)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'oracle' (in 'Oracle Agile Product Lifecycle Management (PLM)') | CVE: CVE-2024-21287 | Oracle Agile Product Lifecycle Management (PLM) | Oracle Agile Product Lifecycle Management (PLM) Incorrect Authorization Vulnerability | KEV added: 2024-11-21 | KEV due: 2024-12-12 | Mapping: CWE mapping: CWE-863 → THR-009

EXP-KEV-0300Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'progress' (in 'Progress Kemp LoadMaster') | CVE: CVE-2024-1212 | Progress Kemp LoadMaster | Progress Kemp LoadMaster OS Command Injection Vulnerability | KEV added: 2024-11-18 | KEV due: 2024-12-09 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-0304Cross-Site Scripting (XSS) (T1190 (Web))HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-060 — Cross-Site Scripting (XSS)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco Adaptive Security Appliance (ASA)') | CVE: CVE-2014-2120 | Cisco Adaptive Security Appliance (ASA) | Cisco Adaptive Security Appliance (ASA) Cross-Site Scripting (XSS) Vulnerability | KEV added: 2024-11-12 | KEV due: 2024-12-03 | Mapping: CWE mapping: CWE-79 → THR-060

EXP-KEV-0307Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'nostromo' (in 'Nostromo nhttpd') | CVE: CVE-2019-16278 | Nostromo nhttpd | Nostromo nhttpd Directory Traversal Vulnerability | KEV added: 2024-11-07 | KEV due: 2024-11-28 | Mapping: CWE mapping: CWE-22 → THR-006

EXP-KEV-0310Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-009 — Valid Accounts (Credential Reuse)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'ptzoptics' (in 'PTZOptics PT30X-SDI/NDI Cameras') | CVE: CVE-2024-8956 | PTZOptics PT30X-SDI/NDI Cameras | PTZOptics PT30X-SDI/NDI Cameras Authentication Bypass Vulnerability | KEV added: 2024-11-04 | KEV due: 2024-11-25 | Mapping: CWE mapping: CWE-287 → THR-009

EXP-KEV-0311Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'ptzoptics' (in 'PTZOptics PT30X-SDI/NDI Cameras') | CVE: CVE-2024-8957 | PTZOptics PT30X-SDI/NDI Cameras | PTZOptics PT30X-SDI/NDI Cameras OS Command Injection Vulnerability | KEV added: 2024-11-04 | KEV due: 2024-11-25 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-0312Cross-Site Scripting (XSS) (T1190 (Web))HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-060 — Cross-Site Scripting (XSS)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'roundcube' (in 'Roundcube Webmail') | CVE: CVE-2024-37383 | Roundcube Webmail | RoundCube Webmail Cross-Site Scripting (XSS) Vulnerability | KEV added: 2024-10-24 | KEV due: 2024-11-14 | Mapping: CWE mapping: CWE-79 → THR-060

EXP-KEV-0313External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-005 — External Remote Services
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)') | CVE: CVE-2024-20481 | Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) | Cisco ASA and FTD Denial-of-Service Vulnerability | KEV added: 2024-10-24 | KEV due: 2024-11-14 | Mapping: Product match: 'vpn' → THR-005

EXP-KEV-0314External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-005 — External Remote Services
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'fortimanager' (in 'Fortinet FortiManager') | CVE: CVE-2024-47575 | Fortinet FortiManager | Fortinet FortiManager Missing Authentication Vulnerability | KEV added: 2024-10-23 | KEV due: 2024-11-13 | Mapping: Product match: 'fortinet' → THR-005

EXP-KEV-0319Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'ivanti' (in 'Ivanti Cloud Services Appliance (CSA)') | CVE: CVE-2024-9380 | Ivanti Cloud Services Appliance (CSA) | Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability | KEV added: 2024-10-09 | KEV due: 2024-10-30 | Mapping: CWE mapping: CWE-77 → THR-010

EXP-KEV-0320SQL Injection (T1190 (Web))HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-059 — SQL Injection
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'ivanti' (in 'Ivanti Cloud Services Appliance (CSA)') | CVE: CVE-2024-9379 | Ivanti Cloud Services Appliance (CSA) | Ivanti Cloud Services Appliance (CSA) SQL Injection Vulnerability | KEV added: 2024-10-09 | KEV due: 2024-10-30 | Mapping: CWE mapping: CWE-89 → THR-059

EXP-KEV-0324Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'qualcomm' (in 'Qualcomm Multiple Chipsets') | CVE: CVE-2024-43047 | Qualcomm Multiple Chipsets | Qualcomm Multiple Chipsets Use-After-Free Vulnerability | KEV added: 2024-10-08 | KEV due: 2024-10-29 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-0325SQL Injection (T1190 (Web))HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-059 — SQL Injection
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'ivanti' (in 'Ivanti Endpoint Manager (EPM)') | CVE: CVE-2024-29824 | Ivanti Endpoint Manager (EPM) | Ivanti Endpoint Manager (EPM) SQL Injection Vulnerability | KEV added: 2024-10-02 | KEV due: 2024-10-23 | Mapping: CWE mapping: CWE-89 → THR-059

EXP-KEV-0326Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'sap' (in 'SAP Commerce Cloud') | CVE: CVE-2019-0344 | SAP Commerce Cloud | SAP Commerce Cloud Deserialization of Untrusted Data Vulnerability | KEV added: 2024-09-30 | KEV due: 2024-10-21 | Mapping: CWE mapping: CWE-502 → THR-006

EXP-KEV-0327Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'draytek' (in 'DrayTek Multiple Vigor Routers') | CVE: CVE-2020-15415 | DrayTek Multiple Vigor Routers | DrayTek Multiple Vigor Routers OS Command Injection Vulnerability | KEV added: 2024-09-30 | KEV due: 2024-10-21 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-0329Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-009 — Valid Accounts (Credential Reuse)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'ivanti' (in 'Ivanti Virtual Traffic Manager') | CVE: CVE-2024-7593 | Ivanti Virtual Traffic Manager | Ivanti Virtual Traffic Manager Authentication Bypass Vulnerability | KEV added: 2024-09-24 | KEV due: 2024-10-15 | Mapping: CWE mapping: CWE-287 → THR-009

EXP-KEV-0330Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'ivanti' (in 'Ivanti Cloud Services Appliance (CSA)') | CVE: CVE-2024-8963 | Ivanti Cloud Services Appliance (CSA) | Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability | KEV added: 2024-09-19 | KEV due: 2024-10-10 | Mapping: CWE mapping: CWE-22 → THR-006

EXP-KEV-0331Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'oracle' (in 'Oracle ADF Faces') | CVE: CVE-2022-21445 | Oracle ADF Faces | Oracle ADF Faces Deserialization of Untrusted Data Vulnerability | KEV added: 2024-09-18 | KEV due: 2024-10-09 | Mapping: CWE mapping: CWE-502 → THR-006

EXP-KEV-0333Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'apache hugegraph' (in 'Apache HugeGraph-Server') | CVE: CVE-2024-27348 | Apache HugeGraph-Server | Apache HugeGraph-Server Improper Access Control Vulnerability | KEV added: 2024-09-18 | KEV due: 2024-10-09 | Mapping: Product match: 'apache' → THR-006

EXP-KEV-0334Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-004 — Drive-By Compromise
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'adobe flash' (in 'Adobe Flash Player') | CVE: CVE-2014-0502 | Adobe Flash Player | Adobe Flash Player Double Free Vulnerablity | KEV added: 2024-09-17 | KEV due: 2024-10-08 | Mapping: Product match: 'flash' → THR-004

EXP-KEV-0335Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-004 — Drive-By Compromise
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'adobe flash' (in 'Adobe Flash Player') | CVE: CVE-2013-0648 | Adobe Flash Player | Adobe Flash Player Code Execution Vulnerability | KEV added: 2024-09-17 | KEV due: 2024-10-08 | Mapping: Product match: 'flash' → THR-004

EXP-KEV-0336Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-004 — Drive-By Compromise
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'adobe flash' (in 'Adobe Flash Player') | CVE: CVE-2013-0643 | Adobe Flash Player | Adobe Flash Player Incorrect Default Permissions Vulnerability | KEV added: 2024-09-17 | KEV due: 2024-10-08 | Mapping: Product match: 'firefox' → THR-004

EXP-KEV-0337Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-004 — Drive-By Compromise
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'adobe flash' (in 'Adobe Flash Player') | CVE: CVE-2014-0497 | Adobe Flash Player | Adobe Flash Player Integer Underflow Vulnerablity | KEV added: 2024-09-17 | KEV due: 2024-10-08 | Mapping: Product match: 'flash' → THR-004

EXP-KEV-0340Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'ivanti' (in 'Ivanti Cloud Services Appliance') | CVE: CVE-2024-8190 | Ivanti Cloud Services Appliance | Ivanti Cloud Services Appliance OS Command Injection Vulnerability | KEV added: 2024-09-13 | KEV due: 2024-10-04 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-0345Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'imagemagick' (in 'ImageMagick ImageMagick') | CVE: CVE-2016-3714 | ImageMagick ImageMagick | ImageMagick Improper Input Validation Vulnerability | KEV added: 2024-09-09 | KEV due: 2024-09-30 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-0346Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'kingsoft' (in 'Kingsoft WPS Office') | CVE: CVE-2024-7262 | Kingsoft WPS Office | Kingsoft WPS Office Path Traversal Vulnerability | KEV added: 2024-09-03 | KEV due: 2024-09-24 | Mapping: CWE mapping: CWE-22 → THR-006

EXP-KEV-0347Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'draytek' (in 'DrayTek VigorConnect') | CVE: CVE-2021-20124 | DrayTek VigorConnect | Draytek VigorConnect Path Traversal Vulnerability | KEV added: 2024-09-03 | KEV due: 2024-09-24 | Mapping: CWE mapping: CWE-22 → THR-006

EXP-KEV-0348Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'draytek' (in 'DrayTek VigorConnect') | CVE: CVE-2021-20123 | DrayTek VigorConnect | Draytek VigorConnect Path Traversal Vulnerability | KEV added: 2024-09-03 | KEV due: 2024-09-24 | Mapping: CWE mapping: CWE-22 → THR-006

EXP-KEV-0350Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-009 — Valid Accounts (Credential Reuse)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'apache ofbiz' (in 'Apache OFBiz') | CVE: CVE-2024-38856 | Apache OFBiz | Apache OFBiz Incorrect Authorization Vulnerability | KEV added: 2024-08-27 | KEV due: 2024-09-17 | Mapping: CWE mapping: CWE-863 → THR-009

EXP-KEV-0352Web Shell (T1505.003)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-017 — Web Shell
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'versa' (in 'Versa Director') | CVE: CVE-2024-39717 | Versa Director | Versa Director Dangerous File Type Upload Vulnerability | KEV added: 2024-08-23 | KEV due: 2024-09-13 | Mapping: CWE mapping: CWE-434 → THR-017

EXP-KEV-0353Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'microsoft exchange' (in 'Microsoft Exchange Server') | CVE: CVE-2021-31196 | Microsoft Exchange Server | Microsoft Exchange Server Information Disclosure Vulnerability | KEV added: 2024-08-21 | KEV due: 2024-09-11 | Mapping: Product match: 'exchange' → THR-006

EXP-KEV-0355Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-009 — Valid Accounts (Credential Reuse)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'dahua' (in 'Dahua IP Camera Firmware') | CVE: CVE-2021-33045 | Dahua IP Camera Firmware | Dahua IP Camera Authentication Bypass Vulnerability | KEV added: 2024-08-21 | KEV due: 2024-09-11 | Mapping: CWE mapping: CWE-287 → THR-009

EXP-KEV-0356Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-009 — Valid Accounts (Credential Reuse)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'dahua' (in 'Dahua IP Camera Firmware') | CVE: CVE-2021-33044 | Dahua IP Camera Firmware | Dahua IP Camera Authentication Bypass Vulnerability | KEV added: 2024-08-21 | KEV due: 2024-09-11 | Mapping: CWE mapping: CWE-287 → THR-009

EXP-KEV-0358Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'solarwinds' (in 'SolarWinds Web Help Desk') | CVE: CVE-2024-28986 | SolarWinds Web Help Desk | SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability | KEV added: 2024-08-15 | KEV due: 2024-09-05 | Mapping: CWE mapping: CWE-502 → THR-006

EXP-KEV-0365Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'apache ofbiz' (in 'Apache OFBiz') | CVE: CVE-2024-32113 | Apache OFBiz | Apache OFBiz Path Traversal Vulnerability | KEV added: 2024-08-07 | KEV due: 2024-08-28 | Mapping: CWE mapping: CWE-22 → THR-006

EXP-KEV-0369Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'microsoft internet explorer' (in 'Microsoft Internet Explorer') | CVE: CVE-2012-4792 | Microsoft Internet Explorer | Microsoft Internet Explorer Use-After-Free Vulnerability | KEV added: 2024-07-23 | KEV due: 2024-08-13 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-0370Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'solarwinds' (in 'SolarWinds Serv-U') | CVE: CVE-2024-28995 | SolarWinds Serv-U | SolarWinds Serv-U Path Traversal Vulnerability | KEV added: 2024-07-17 | KEV due: 2024-08-07 | Mapping: CWE mapping: CWE-22 → THR-006

EXP-KEV-0371Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'adobe commerce' (in 'Adobe Commerce and Magento Open Source') | CVE: CVE-2024-34102 | Adobe Commerce and Magento Open Source | Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability | KEV added: 2024-07-17 | KEV due: 2024-08-07 | Mapping: Product match: 'magento' → THR-006

EXP-KEV-0374Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco NX-OS') | CVE: CVE-2024-20399 | Cisco NX-OS | Cisco NX-OS Command Injection Vulnerability | KEV added: 2024-07-02 | KEV due: 2024-07-23 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-0376Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'osgeo' (in 'OSGeo JAI-EXT') | CVE: CVE-2022-24816 | OSGeo JAI-EXT | OSGeo GeoServer JAI-EXT Code Injection Vulnerability | KEV added: 2024-06-26 | KEV due: 2024-07-17 | Mapping: CWE mapping: CWE-94 → THR-010

EXP-KEV-0378Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'android pixel' (in 'Android Pixel') | CVE: CVE-2024-32896 | Android Pixel | Android Pixel Privilege Escalation Vulnerability | KEV added: 2024-06-13 | KEV due: 2024-07-04 | Mapping: Product match: 'android' → THR-018

EXP-KEV-0380Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'arm mali' (in 'Arm Mali GPU Kernel Driver') | CVE: CVE-2024-4610 | Arm Mali GPU Kernel Driver | Arm Mali GPU Kernel Driver Use-After-Free Vulnerability | KEV added: 2024-06-12 | KEV due: 2024-07-03 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-0381Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'oracle' (in 'Oracle WebLogic Server') | CVE: CVE-2017-3506 | Oracle WebLogic Server | Oracle WebLogic Server OS Command Injection Vulnerability | KEV added: 2024-06-03 | KEV due: 2024-06-24 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-0385Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'apache flink' (in 'Apache Flink') | CVE: CVE-2020-17519 | Apache Flink | Apache Flink Improper Access Control Vulnerability | KEV added: 2024-05-23 | KEV due: 2024-06-13 | Mapping: Product match: 'apache' → THR-006

EXP-KEV-0392Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'gitlab' (in 'GitLab GitLab CE/EE') | CVE: CVE-2023-7028 | GitLab GitLab CE/EE | GitLab Community and Enterprise Editions Improper Access Control Vulnerability | KEV added: 2024-05-01 | KEV due: 2024-05-22 | Mapping: Product match: 'gitlab' → THR-006

EXP-KEV-0393Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)') | CVE: CVE-2024-20359 | Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) | Cisco ASA and FTD Privilege Escalation Vulnerability | KEV added: 2024-04-24 | KEV due: 2024-05-01 | Mapping: CWE mapping: CWE-94 → THR-010

EXP-KEV-0394External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-005 — External Remote Services
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)') | CVE: CVE-2024-20353 | Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) | Cisco ASA and FTD Denial of Service Vulnerability | KEV added: 2024-04-24 | KEV due: 2024-05-01 | Mapping: Product match: 'cisco asa' → THR-005

EXP-KEV-0398Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'android pixel' (in 'Android Pixel') | CVE: CVE-2024-29748 | Android Pixel | Android Pixel Privilege Escalation Vulnerability | KEV added: 2024-04-04 | KEV due: 2024-04-25 | Mapping: Product match: 'android' → THR-018

EXP-KEV-0399Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-004 — Drive-By Compromise
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'android pixel' (in 'Android Pixel') | CVE: CVE-2024-29745 | Android Pixel | Android Pixel Information Disclosure Vulnerability | KEV added: 2024-04-04 | KEV due: 2024-04-25 | Mapping: Product match: 'flash' → THR-004

EXP-KEV-0401Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'nice linear' (in 'Nice Linear eMerge E3-Series') | CVE: CVE-2019-7256 | Nice Linear eMerge E3-Series | Nice Linear eMerge E3-Series OS Command Injection Vulnerability | KEV added: 2024-03-25 | KEV due: 2024-04-15 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-0406Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'android pixel' (in 'Android Pixel') | CVE: CVE-2023-21237 | Android Pixel | Android Pixel Information Disclosure Vulnerability | KEV added: 2024-03-05 | KEV due: 2024-03-26 | Mapping: Product match: 'android' → THR-018

EXP-KEV-0407Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'sunhillo' (in 'Sunhillo SureLine') | CVE: CVE-2021-36380 | Sunhillo SureLine | Sunhillo SureLine OS Command Injection Vulnerablity | KEV added: 2024-03-05 | KEV due: 2024-03-26 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-0410Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-009 — Valid Accounts (Credential Reuse)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'microsoft exchange' (in 'Microsoft Exchange Server') | CVE: CVE-2024-21410 | Microsoft Exchange Server | Microsoft Exchange Server Privilege Escalation Vulnerability | KEV added: 2024-02-15 | KEV due: 2024-03-07 | Mapping: CWE mapping: CWE-287 → THR-009

EXP-KEV-0413Cross-Site Scripting (XSS) (T1190 (Web))HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-060 — Cross-Site Scripting (XSS)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'roundcube' (in 'Roundcube Webmail') | CVE: CVE-2023-43770 | Roundcube Webmail | Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vulnerability | KEV added: 2024-02-12 | KEV due: 2024-03-04 | Mapping: CWE mapping: CWE-79 → THR-060

EXP-KEV-0420Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'vmware' (in 'VMware vCenter Server') | CVE: CVE-2023-34048 | VMware vCenter Server | VMware vCenter Server Out-of-Bounds Write Vulnerability | KEV added: 2024-01-22 | KEV due: 2024-02-12 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-0423Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'citrix' (in 'Citrix NetScaler ADC and NetScaler Gateway') | CVE: CVE-2023-6549 | Citrix NetScaler ADC and NetScaler Gateway | Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability | KEV added: 2024-01-17 | KEV due: 2024-02-07 | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-0424Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'citrix' (in 'Citrix NetScaler ADC and NetScaler Gateway') | CVE: CVE-2023-6548 | Citrix NetScaler ADC and NetScaler Gateway | Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability | KEV added: 2024-01-17 | KEV due: 2024-01-24 | Mapping: CWE mapping: CWE-94 → THR-010

EXP-KEV-0425Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'laravel' (in 'Laravel Laravel Framework') | CVE: CVE-2018-15133 | Laravel Laravel Framework | Laravel Deserialization of Untrusted Data Vulnerability | KEV added: 2024-01-16 | KEV due: 2024-02-06 | Mapping: CWE mapping: CWE-502 → THR-006

EXP-KEV-0429Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'joomla' (in 'Joomla! Joomla!') | CVE: CVE-2023-23752 | Joomla! Joomla! | Joomla! Improper Access Control Vulnerability | KEV added: 2024-01-08 | KEV due: 2024-01-29 | Mapping: Product match: 'joomla' → THR-006

EXP-KEV-0432Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'apache superset' (in 'Apache Superset') | CVE: CVE-2023-27524 | Apache Superset | Apache Superset Insecure Default Initialization of Resource Vulnerability | KEV added: 2024-01-08 | KEV due: 2024-01-29 | Mapping: Product match: 'apache' → THR-006

EXP-KEV-0435Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'webrtc' (in 'Google Chromium WebRTC') | CVE: CVE-2023-7024 | Google Chromium WebRTC | Google Chromium WebRTC Heap Buffer Overflow Vulnerability | KEV added: 2024-01-02 | KEV due: 2024-01-23 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-0436Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'fxc' (in 'FXC AE1021, AE1021PE') | CVE: CVE-2023-49897 | FXC AE1021, AE1021PE | FXC AE1021, AE1021PE OS Command Injection Vulnerability | KEV added: 2023-12-21 | KEV due: 2024-01-11 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-0437Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'qnap' (in 'QNAP VioStor NVR') | CVE: CVE-2023-47565 | QNAP VioStor NVR | QNAP VioStor NVR OS Command Injection Vulnerability | KEV added: 2023-12-21 | KEV due: 2024-01-11 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-0439Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'qualcomm' (in 'Qualcomm Multiple Chipsets') | CVE: CVE-2023-33107 | Qualcomm Multiple Chipsets | Qualcomm Multiple Chipsets Integer Overflow Vulnerability | KEV added: 2023-12-05 | KEV due: 2023-12-26 | Mapping: Product match: 'linux' → THR-018

EXP-KEV-0440Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'qualcomm' (in 'Qualcomm Multiple Chipsets') | CVE: CVE-2023-33063 | Qualcomm Multiple Chipsets | Qualcomm Multiple Chipsets Use-After-Free Vulnerability | KEV added: 2023-12-05 | KEV due: 2023-12-26 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-0441Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'qualcomm' (in 'Qualcomm Multiple Chipsets') | CVE: CVE-2022-22071 | Qualcomm Multiple Chipsets | Qualcomm Multiple Chipsets Use-After-Free Vulnerability | KEV added: 2023-12-05 | KEV due: 2023-12-26 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-0445Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'owncloud' (in 'ownCloud ownCloud graphapi') | CVE: CVE-2023-49103 | ownCloud ownCloud graphapi | ownCloud graphapi Information Disclosure Vulnerability | KEV added: 2023-11-30 | KEV due: 2023-12-21 | Mapping: Product match: 'php' → THR-006

EXP-KEV-0447Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'sophos' (in 'Sophos Web Appliance') | CVE: CVE-2023-1671 | Sophos Web Appliance | Sophos Web Appliance Command Injection Vulnerability | KEV added: 2023-11-16 | KEV due: 2023-12-07 | Mapping: CWE mapping: CWE-77 → THR-010

EXP-KEV-0452Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'juniper' (in 'Juniper Junos OS') | CVE: CVE-2023-36844 | Juniper Junos OS | Juniper Junos OS EX Series PHP External Variable Modification Vulnerability | KEV added: 2023-11-13 | KEV due: 2023-11-17 | Mapping: Product match: 'php' → THR-006

EXP-KEV-0453Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'juniper' (in 'Juniper Junos OS') | CVE: CVE-2023-36845 | Juniper Junos OS | Juniper Junos OS EX Series and SRX Series PHP External Variable Modification Vulnerability | KEV added: 2023-11-13 | KEV due: 2023-11-17 | Mapping: Product match: 'php' → THR-006

EXP-KEV-0454Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'juniper' (in 'Juniper Junos OS') | CVE: CVE-2023-36846 | Juniper Junos OS | Juniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability | KEV added: 2023-11-13 | KEV due: 2023-11-17 | Mapping: Product match: 'php' → THR-006

EXP-KEV-0455Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'juniper' (in 'Juniper Junos OS') | CVE: CVE-2023-36847 | Juniper Junos OS | Juniper Junos OS EX Series Missing Authentication for Critical Function Vulnerability | KEV added: 2023-11-13 | KEV due: 2023-11-17 | Mapping: Product match: 'php' → THR-006

EXP-KEV-0456Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'juniper' (in 'Juniper Junos OS') | CVE: CVE-2023-36851 | Juniper Junos OS | Juniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability | KEV added: 2023-11-13 | KEV due: 2023-11-17 | Mapping: Product match: 'php' → THR-006

EXP-KEV-0459SQL Injection (T1190 (Web))HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-059 — SQL Injection
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'f5' (in 'F5 BIG-IP Configuration Utility') | CVE: CVE-2023-46748 | F5 BIG-IP Configuration Utility | F5 BIG-IP Configuration Utility SQL Injection Vulnerability | KEV added: 2023-10-31 | KEV due: 2023-11-21 | Mapping: CWE mapping: CWE-89 → THR-059

EXP-KEV-0460Cross-Site Scripting (XSS) (T1190 (Web))HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-060 — Cross-Site Scripting (XSS)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'roundcube' (in 'Roundcube Webmail') | CVE: CVE-2023-5631 | Roundcube Webmail | Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vulnerability | KEV added: 2023-10-26 | KEV due: 2023-11-16 | Mapping: CWE mapping: CWE-79 → THR-060

EXP-KEV-0461Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco Cisco IOS XE Web UI') | CVE: CVE-2023-20273 | Cisco Cisco IOS XE Web UI | Cisco IOS XE Web UI Command Injection Vulnerability | KEV added: 2023-10-23 | KEV due: 2023-10-27 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-0463External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-005 — External Remote Services
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS XE Web UI') | CVE: CVE-2023-20198 | Cisco IOS XE Web UI | Cisco IOS XE Web UI Privilege Escalation Vulnerability | KEV added: 2023-10-16 | KEV due: 2023-10-20 | Mapping: Product match: 'cisco ios' → THR-005

EXP-KEV-0465Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS and IOS XE') | CVE: CVE-2023-20109 | Cisco IOS and IOS XE | Cisco IOS and IOS XE Group Encrypted Transport VPN Out-of-Bounds Write Vulnerability | KEV added: 2023-10-10 | KEV due: 2023-10-31 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-0472Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'arm mali' (in 'Arm Mali GPU Kernel Driver') | CVE: CVE-2023-4211 | Arm Mali GPU Kernel Driver | Arm Mali GPU Kernel Driver Use-After-Free Vulnerability | KEV added: 2023-10-03 | KEV due: 2023-10-24 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-0474Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'red hat' (in 'Red Hat JBoss RichFaces Framework') | CVE: CVE-2018-14667 | Red Hat JBoss RichFaces Framework | Red Hat JBoss RichFaces Framework Expression Language Injection Vulnerability | KEV added: 2023-09-28 | KEV due: 2023-10-19 | Mapping: CWE mapping: CWE-94 → THR-010

EXP-KEV-0478Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'minio' (in 'MinIO MinIO') | CVE: CVE-2023-28434 | MinIO MinIO | MinIO Security Feature Bypass Vulnerability | KEV added: 2023-09-19 | KEV due: 2023-10-10 | Mapping: CWE mapping: CWE-269 → THR-018

EXP-KEV-0479Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'realtek' (in 'Realtek SDK') | CVE: CVE-2014-8361 | Realtek SDK | Realtek SDK Improper Input Validation Vulnerability | KEV added: 2023-09-18 | KEV due: 2023-10-09 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-0488Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'apache rocketmq' (in 'Apache RocketMQ') | CVE: CVE-2023-33246 | Apache RocketMQ | Apache RocketMQ Command Execution Vulnerability | KEV added: 2023-09-06 | KEV due: 2023-09-27 | Mapping: CWE mapping: CWE-94 → THR-010

EXP-KEV-0489Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'ignite realtime' (in 'Ignite Realtime Openfire') | CVE: CVE-2023-32315 | Ignite Realtime Openfire | Ignite Realtime Openfire Path Traversal Vulnerability | KEV added: 2023-08-24 | KEV due: 2023-09-14 | Mapping: CWE mapping: CWE-22 → THR-006

EXP-KEV-0492Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'adobe coldfusion' (in 'Adobe ColdFusion') | CVE: CVE-2023-26359 | Adobe ColdFusion | Adobe ColdFusion Deserialization of Untrusted Data Vulnerability | KEV added: 2023-08-21 | KEV due: 2023-09-11 | Mapping: CWE mapping: CWE-502 → THR-006

EXP-KEV-0493Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'zyxel' (in 'Zyxel P660HN-T1A Routers') | CVE: CVE-2017-18368 | Zyxel P660HN-T1A Routers | Zyxel P660HN-T1A Routers Command Injection Vulnerability | KEV added: 2023-08-07 | KEV due: 2023-08-28 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-0494Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'ivanti' (in 'Ivanti Endpoint Manager Mobile (EPMM)') | CVE: CVE-2023-35081 | Ivanti Endpoint Manager Mobile (EPMM) | Ivanti Endpoint Manager Mobile (EPMM) Path Traversal Vulnerability | KEV added: 2023-07-31 | KEV due: 2023-08-21 | Mapping: CWE mapping: CWE-22 → THR-006

EXP-KEV-0495Cross-Site Scripting (XSS) (T1190 (Web))HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-060 — Cross-Site Scripting (XSS)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'synacor' (in 'Synacor Zimbra Collaboration Suite (ZCS)') | CVE: CVE-2023-37580 | Synacor Zimbra Collaboration Suite (ZCS) | Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability | KEV added: 2023-07-27 | KEV due: 2023-08-17 | Mapping: CWE mapping: CWE-79 → THR-060

EXP-KEV-0500Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'solarview' (in 'SolarView Compact') | CVE: CVE-2022-29303 | SolarView Compact | SolarView Compact Command Injection Vulnerability | KEV added: 2023-07-13 | KEV due: 2023-08-03 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-0507Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'arm mali' (in 'Arm Mali Graphics Processing Unit (GPU)') | CVE: CVE-2021-29256 | Arm Mali Graphics Processing Unit (GPU) | Arm Mali GPU Kernel Driver Use-After-Free Vulnerability | KEV added: 2023-07-07 | KEV due: 2023-07-28 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-0510Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'samsung' (in 'Samsung Mobile Devices') | CVE: CVE-2021-25487 | Samsung Mobile Devices | Samsung Mobile Devices Out-of-Bounds Read Vulnerability | KEV added: 2023-06-29 | KEV due: 2023-07-20 | Mapping: CWE mapping: CWE-125 → THR-018

EXP-KEV-0511Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'samsung' (in 'Samsung Mobile Devices') | CVE: CVE-2021-25489 | Samsung Mobile Devices | Samsung Mobile Devices Improper Input Validation Vulnerability | KEV added: 2023-06-29 | KEV due: 2023-07-20 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-0512Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'samsung' (in 'Samsung Mobile Devices') | CVE: CVE-2021-25394 | Samsung Mobile Devices | Samsung Mobile Devices Race Condition Vulnerability | KEV added: 2023-06-29 | KEV due: 2023-07-20 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-0513Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'samsung' (in 'Samsung Mobile Devices') | CVE: CVE-2021-25372 | Samsung Mobile Devices | Samsung Mobile Devices Improper Boundary Check Vulnerability | KEV added: 2023-06-29 | KEV due: 2023-07-20 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-0517Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-009 — Valid Accounts (Credential Reuse)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'vmware' (in 'VMware Tools') | CVE: CVE-2023-20867 | VMware Tools | VMware Tools Authentication Bypass Vulnerability | KEV added: 2023-06-23 | KEV due: 2023-07-14 | Mapping: CWE mapping: CWE-287 → THR-009

EXP-KEV-0518Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'zyxel' (in 'Zyxel Multiple Network-Attached Storage (NAS) Devices') | CVE: CVE-2023-27992 | Zyxel Multiple Network-Attached Storage (NAS) Devices | Zyxel Multiple NAS Devices Command Injection Vulnerability | KEV added: 2023-06-23 | KEV due: 2023-07-14 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-0519Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'vmware' (in 'VMware Aria Operations for Networks') | CVE: CVE-2023-20887 | VMware Aria Operations for Networks | Vmware Aria Operations for Networks Command Injection Vulnerability | KEV added: 2023-06-22 | KEV due: 2023-07-13 | Mapping: CWE mapping: CWE-77 → THR-010

EXP-KEV-0520Cross-Site Scripting (XSS) (T1190 (Web))HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-060 — Cross-Site Scripting (XSS)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'roundcube' (in 'Roundcube Roundcube Webmail') | CVE: CVE-2020-35730 | Roundcube Roundcube Webmail | Roundcube Webmail Cross-Site Scripting (XSS) Vulnerability | KEV added: 2023-06-22 | KEV due: 2023-07-13 | Mapping: CWE mapping: CWE-79 → THR-060

EXP-KEV-0521Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'roundcube' (in 'Roundcube Roundcube Webmail') | CVE: CVE-2020-12641 | Roundcube Roundcube Webmail | Roundcube Webmail Remote Code Execution Vulnerability | KEV added: 2023-06-22 | KEV due: 2023-07-13 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-0522SQL Injection (T1190 (Web))HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-059 — SQL Injection
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'roundcube' (in 'Roundcube Roundcube Webmail') | CVE: CVE-2021-44026 | Roundcube Roundcube Webmail | Roundcube Webmail SQL Injection Vulnerability | KEV added: 2023-06-22 | KEV due: 2023-07-13 | Mapping: CWE mapping: CWE-89 → THR-059

EXP-KEV-0523Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'mozilla' (in 'Mozilla Firefox, Firefox ESR, and Thunderbird') | CVE: CVE-2016-9079 | Mozilla Firefox, Firefox ESR, and Thunderbird | Mozilla Firefox, Firefox ESR, and Thunderbird Use-After-Free Vulnerability | KEV added: 2023-06-22 | KEV due: 2023-07-13 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-0526External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-005 — External Remote Services
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'zyxel' (in 'Zyxel Multiple Firewalls') | CVE: CVE-2023-33009 | Zyxel Multiple Firewalls | Zyxel Multiple Firewalls Buffer Overflow Vulnerability | KEV added: 2023-06-05 | KEV due: 2023-06-26 | Mapping: Product match: 'vpn' → THR-005

EXP-KEV-0527External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-005 — External Remote Services
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'zyxel' (in 'Zyxel Multiple Firewalls') | CVE: CVE-2023-33010 | Zyxel Multiple Firewalls | Zyxel Multiple Firewalls Buffer Overflow Vulnerability | KEV added: 2023-06-05 | KEV due: 2023-06-26 | Mapping: Product match: 'vpn' → THR-005

EXP-KEV-0529Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'zyxel' (in 'Zyxel Multiple Firewalls') | CVE: CVE-2023-28771 | Zyxel Multiple Firewalls | Zyxel Multiple Firewalls OS Command Injection Vulnerability | KEV added: 2023-05-31 | KEV due: 2023-06-21 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-0530Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'barracuda' (in 'Barracuda Networks Email Security Gateway (ESG) Appliance') | CVE: CVE-2023-2868 | Barracuda Networks Email Security Gateway (ESG) Appliance | Barracuda Networks ESG Appliance Improper Input Validation Vulnerability | KEV added: 2023-05-26 | KEV due: 2023-06-16 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-0534External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-005 — External Remote Services
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS') | CVE: CVE-2004-1464 | Cisco IOS | Cisco IOS Denial-of-Service Vulnerability | KEV added: 2023-05-19 | KEV due: 2023-06-09 | Mapping: Product match: 'cisco ios' → THR-005

EXP-KEV-0535Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS, IOS XR, and IOS XE') | CVE: CVE-2016-6415 | Cisco IOS, IOS XR, and IOS XE | Cisco IOS, IOS XR, and IOS XE IKEv1 Information Disclosure Vulnerability | KEV added: 2023-05-19 | KEV due: 2023-06-09 | Mapping: Product match: 'exchange' → THR-006

EXP-KEV-0536Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'samsung' (in 'Samsung Mobile Devices') | CVE: CVE-2023-21492 | Samsung Mobile Devices | Samsung Mobile Devices Insertion of Sensitive Information Into Log File Vulnerability | KEV added: 2023-05-19 | KEV due: 2023-06-09 | Mapping: Product match: 'android' → THR-018

EXP-KEV-0537Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'ruckus' (in 'Ruckus Wireless Multiple Products') | CVE: CVE-2023-25717 | Ruckus Wireless Multiple Products | Multiple Ruckus Wireless Products CSRF and RCE Vulnerability | KEV added: 2023-05-12 | KEV due: 2023-06-02 | Mapping: CWE mapping: CWE-94 → THR-010

EXP-KEV-0538Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-009 — Valid Accounts (Credential Reuse)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'red hat' (in 'Red Hat Polkit') | CVE: CVE-2021-3560 | Red Hat Polkit | Red Hat Polkit Incorrect Authorization Vulnerability | KEV added: 2023-05-12 | KEV due: 2023-06-02 | Mapping: CWE mapping: CWE-863 → THR-009

EXP-KEV-0541Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'jenkins' (in 'Jenkins Jenkins User Interface (UI)') | CVE: CVE-2015-5317 | Jenkins Jenkins User Interface (UI) | Jenkins User Interface (UI) Information Disclosure Vulnerability | KEV added: 2023-05-12 | KEV due: 2023-06-02 | Mapping: Product match: 'jenkins' → THR-006

EXP-KEV-0544Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'tp-link' (in 'TP-Link Archer AX21') | CVE: CVE-2023-1389 | TP-Link Archer AX21 | TP-Link Archer AX-21 Command Injection Vulnerability | KEV added: 2023-05-01 | KEV due: 2023-05-22 | Mapping: CWE mapping: CWE-77 → THR-010

EXP-KEV-0547Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS and IOS XE Software') | CVE: CVE-2017-6742 | Cisco IOS and IOS XE Software | Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability | KEV added: 2023-04-19 | KEV due: 2023-05-10 | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-0551Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'novi' (in 'Novi Survey Novi Survey') | CVE: CVE-2023-29492 | Novi Survey Novi Survey | Novi Survey Insecure Deserialization Vulnerability | KEV added: 2023-04-13 | KEV due: 2023-05-04 | Mapping: CWE mapping: CWE-94 → THR-010

EXP-KEV-0559Cross-Site Scripting (XSS) (T1190 (Web))HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-060 — Cross-Site Scripting (XSS)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'synacor' (in 'Synacor Zimbra Collaboration Suite (ZCS)') | CVE: CVE-2022-27926 | Synacor Zimbra Collaboration Suite (ZCS) | Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability | KEV added: 2023-04-03 | KEV due: 2023-04-24 | Mapping: CWE mapping: CWE-79 → THR-060

EXP-KEV-0560Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'microsoft internet explorer' (in 'Microsoft Internet Explorer') | CVE: CVE-2013-3163 | Microsoft Internet Explorer | Microsoft Internet Explorer Memory Corruption Vulnerability | KEV added: 2023-03-30 | KEV due: 2023-04-20 | Mapping: CWE mapping: CWE-94 → THR-010

EXP-KEV-0562Cross-Site Scripting (XSS) (T1190 (Web))HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-060 — Cross-Site Scripting (XSS)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'fortra' (in 'Fortra Cobalt Strike') | CVE: CVE-2022-42948 | Fortra Cobalt Strike | Fortra Cobalt Strike User Interface Remote Code Execution Vulnerability | KEV added: 2023-03-30 | KEV due: 2023-04-20 | Mapping: CWE mapping: CWE-79 → THR-060

EXP-KEV-0563Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'fortra' (in 'Fortra Cobalt Strike') | CVE: CVE-2022-39197 | Fortra Cobalt Strike | Fortra Cobalt Strike Teamserver Cross-Site Scripting (XSS) Vulnerability | KEV added: 2023-03-30 | KEV due: 2023-04-20 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-0565Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'arm mali' (in 'Arm Mali Graphics Processing Unit (GPU)') | CVE: CVE-2022-38181 | Arm Mali Graphics Processing Unit (GPU) | Arm Mali GPU Kernel Driver Use-After-Free Vulnerability | KEV added: 2023-03-30 | KEV due: 2023-04-20 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-0568Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'arm mali' (in 'Arm Mali Graphics Processing Unit (GPU)') | CVE: CVE-2022-22706 | Arm Mali Graphics Processing Unit (GPU) | Arm Mali GPU Kernel Driver Unspecified Vulnerability | KEV added: 2023-03-30 | KEV due: 2023-04-20 | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-0572Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'xstream' (in 'XStream XStream') | CVE: CVE-2021-39144 | XStream XStream | XStream Remote Code Execution Vulnerability | KEV added: 2023-03-10 | KEV due: 2023-03-31 | Mapping: CWE mapping: CWE-94 → THR-010

EXP-KEV-0573Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'plex' (in 'Plex Media Server') | CVE: CVE-2020-5741 | Plex Media Server | Plex Media Server Remote Code Execution Vulnerability | KEV added: 2023-03-10 | KEV due: 2023-03-31 | Mapping: CWE mapping: CWE-502 → THR-006

EXP-KEV-0574Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'zoho' (in 'Zoho ManageEngine') | CVE: CVE-2022-28810 | Zoho ManageEngine | Zoho ManageEngine ADSelfService Plus Remote Code Execution Vulnerability | KEV added: 2023-03-07 | KEV due: 2023-03-28 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-0575Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'apache spark' (in 'Apache Spark') | CVE: CVE-2022-33891 | Apache Spark | Apache Spark Command Injection Vulnerability | KEV added: 2023-03-07 | KEV due: 2023-03-28 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-0585Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'sugarcrm' (in 'SugarCRM Multiple Products') | CVE: CVE-2023-22952 | SugarCRM Multiple Products | Multiple SugarCRM Products Remote Code Execution Vulnerability | KEV added: 2023-02-02 | KEV due: 2023-02-23 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-0588Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cwp' (in 'CWP Control Web Panel') | CVE: CVE-2022-44877 | CWP Control Web Panel | CWP Control Web Panel OS Command Injection Vulnerability | KEV added: 2023-01-17 | KEV due: 2023-02-07 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-0591Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'tibco' (in 'TIBCO JasperReports') | CVE: CVE-2018-5430 | TIBCO JasperReports | TIBCO JasperReports Server Information Disclosure Vulnerability | KEV added: 2022-12-29 | KEV due: 2023-01-19 | Mapping: CWE mapping: CWE-22 → THR-006

EXP-KEV-0592Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'tibco' (in 'TIBCO JasperReports') | CVE: CVE-2018-18809 | TIBCO JasperReports | TIBCO JasperReports Library Directory Traversal Vulnerability | KEV added: 2022-12-29 | KEV due: 2023-01-19 | Mapping: CWE mapping: CWE-22 → THR-006

EXP-KEV-0595Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-009 — Valid Accounts (Credential Reuse)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'citrix' (in 'Citrix Application Delivery Controller (ADC) and Gateway') | CVE: CVE-2022-27518 | Citrix Application Delivery Controller (ADC) and Gateway | Citrix Application Delivery Controller (ADC) and Gateway Authentication Bypass Vulnerability | KEV added: 2022-12-13 | KEV due: 2023-01-03 | Mapping: Product match: 'saml' → THR-009

EXP-KEV-0599Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'oracle' (in 'Oracle Fusion Middleware') | CVE: CVE-2021-35587 | Oracle Fusion Middleware | Oracle Fusion Middleware Unspecified Vulnerability | KEV added: 2022-11-28 | KEV due: 2022-12-19 | Mapping: CWE mapping: CWE-502 → THR-006

EXP-KEV-0606Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'samsung' (in 'Samsung Mobile Devices') | CVE: CVE-2021-25337 | Samsung Mobile Devices | Samsung Mobile Devices Improper Access Control Vulnerability | KEV added: 2022-11-08 | KEV due: 2022-11-29 | Mapping: CWE mapping: CWE-269 → THR-018

EXP-KEV-0607Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'samsung' (in 'Samsung Mobile Devices') | CVE: CVE-2021-25370 | Samsung Mobile Devices | Samsung Mobile Devices Memory Corruption Vulnerability | KEV added: 2022-11-08 | KEV due: 2022-11-29 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-0612Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'synacor' (in 'Synacor Zimbra Collaboration Suite (ZCS)') | CVE: CVE-2022-41352 | Synacor Zimbra Collaboration Suite (ZCS) | Synacor Zimbra Collaboration Suite (ZCS) Arbitrary File Upload Vulnerability | KEV added: 2022-10-20 | KEV due: 2022-11-10 | Mapping: CWE mapping: CWE-22 → THR-006

EXP-KEV-0619Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'sophos' (in 'Sophos Firewall') | CVE: CVE-2022-3236 | Sophos Firewall | Sophos Firewall Code Injection Vulnerability | KEV added: 2022-09-23 | KEV due: 2022-10-14 | Mapping: CWE mapping: CWE-94 → THR-010

EXP-KEV-0620Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'zoho' (in 'Zoho ManageEngine') | CVE: CVE-2022-35405 | Zoho ManageEngine | Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability | KEV added: 2022-09-22 | KEV due: 2022-10-13 | Mapping: CWE mapping: CWE-502 → THR-006

EXP-KEV-0622Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'code aurora' (in 'Code Aurora ACDB Audio Driver') | CVE: CVE-2013-2597 | Code Aurora ACDB Audio Driver | Code Aurora ACDB Audio Driver Stack-based Buffer Overflow Vulnerability | KEV added: 2022-09-15 | KEV due: 2022-10-06 | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-0631Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'mikrotik' (in 'MikroTik RouterOS') | CVE: CVE-2018-7445 | MikroTik RouterOS | MikroTik RouterOS Stack-Based Buffer Overflow Vulnerability | KEV added: 2022-09-08 | KEV due: 2022-09-29 | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-0633Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'oracle' (in 'Oracle WebLogic Server') | CVE: CVE-2018-2628 | Oracle WebLogic Server | Oracle WebLogic Server Unspecified Vulnerability | KEV added: 2022-09-08 | KEV due: 2022-09-29 | Mapping: CWE mapping: CWE-502 → THR-006

EXP-KEV-0637Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'apache couchdb' (in 'Apache CouchDB') | CVE: CVE-2022-24706 | Apache CouchDB | Apache CouchDB Insecure Default Initialization of Resource Vulnerability | KEV added: 2022-08-25 | KEV due: 2022-09-15 | Mapping: Product match: 'apache' → THR-006

EXP-KEV-0638Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'apache apisix' (in 'Apache APISIX') | CVE: CVE-2022-24112 | Apache APISIX | Apache APISIX Authentication Bypass Vulnerability | KEV added: 2022-08-25 | KEV due: 2022-09-15 | Mapping: Product match: 'apache' → THR-006

EXP-KEV-0639Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'vmware' (in 'VMware Tanzu Spring Cloud') | CVE: CVE-2022-22963 | VMware Tanzu Spring Cloud | VMware Tanzu Spring Cloud Function Remote Code Execution Vulnerability | KEV added: 2022-08-25 | KEV due: 2022-09-15 | Mapping: CWE mapping: CWE-94 → THR-010

EXP-KEV-0641Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-009 — Valid Accounts (Credential Reuse)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'grafana' (in 'Grafana Labs Grafana') | CVE: CVE-2021-39226 | Grafana Labs Grafana | Grafana Authentication Bypass Vulnerability | KEV added: 2022-08-25 | KEV due: 2022-09-15 | Mapping: CWE mapping: CWE-287 → THR-009

EXP-KEV-0642Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'delta electronics' (in 'Delta Electronics DOPSoft 2') | CVE: CVE-2021-38406 | Delta Electronics DOPSoft 2 | Delta Electronics DOPSoft 2 Improper Input Validation Vulnerability | KEV added: 2022-08-25 | KEV due: 2022-09-15 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-0644Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'pear' (in 'PEAR Archive_Tar') | CVE: CVE-2020-36193 | PEAR Archive_Tar | PEAR Archive_Tar Improper Link Resolution Vulnerability | KEV added: 2022-08-25 | KEV due: 2022-09-15 | Mapping: CWE mapping: CWE-22 → THR-006

EXP-KEV-0645Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'pear' (in 'PEAR Archive_Tar') | CVE: CVE-2020-28949 | PEAR Archive_Tar | PEAR Archive_Tar Deserialization of Untrusted Data Vulnerability | KEV added: 2022-08-25 | KEV due: 2022-09-15 | Mapping: Product match: 'drupal' → THR-006

EXP-KEV-0661Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'red hat' (in 'Red Hat Polkit') | CVE: CVE-2021-4034 | Red Hat Polkit | Red Hat Polkit Out-of-Bounds Read and Write Vulnerability | KEV added: 2022-06-27 | KEV due: 2022-07-18 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-0668SQL Injection (T1190 (Web))HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-059 — SQL Injection
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'sap' (in 'SAP NetWeaver') | CVE: CVE-2016-2386 | SAP NetWeaver | SAP NetWeaver SQL Injection Vulnerability | KEV added: 2022-06-09 | KEV due: 2022-06-30 | Mapping: CWE mapping: CWE-89 → THR-059

EXP-KEV-0674Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco RV Series Routers') | CVE: CVE-2019-15271 | Cisco RV Series Routers | Cisco RV Series Routers Deserialization of Untrusted Data Vulnerability | KEV added: 2022-06-08 | KEV due: 2022-06-22 | Mapping: CWE mapping: CWE-502 → THR-006

EXP-KEV-0678Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'netgear' (in 'NETGEAR Multiple Devices') | CVE: CVE-2017-6862 | NETGEAR Multiple Devices | NETGEAR Multiple Devices Buffer Overflow Vulnerability | KEV added: 2022-06-08 | KEV due: 2022-06-22 | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-0684Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-004 — Drive-By Compromise
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'adobe flash' (in 'Adobe Flash Player') | CVE: CVE-2012-5054 | Adobe Flash Player | Adobe Flash Player Integer Overflow Vulnerability | KEV added: 2022-06-08 | KEV due: 2022-06-22 | Mapping: Product match: 'flash' → THR-004

EXP-KEV-0686Cross-Site Scripting (XSS) (T1190 (Web))HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-060 — Cross-Site Scripting (XSS)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'adobe flash' (in 'Adobe Flash Player') | CVE: CVE-2012-0767 | Adobe Flash Player | Adobe Flash Player Cross-Site Scripting (XSS) Vulnerability | KEV added: 2022-06-08 | KEV due: 2022-06-22 | Mapping: CWE mapping: CWE-79 → THR-060

EXP-KEV-0687Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'adobe flash' (in 'Adobe Flash Player') | CVE: CVE-2012-0754 | Adobe Flash Player | Adobe Flash Player Memory Corruption Vulnerability | KEV added: 2022-06-08 | KEV due: 2022-06-22 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-0690Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-004 — Drive-By Compromise
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'adobe flash' (in 'Adobe Flash Player') | CVE: CVE-2011-0609 | Adobe Flash Player | Adobe Flash Player Unspecified Vulnerability | KEV added: 2022-06-08 | KEV due: 2022-06-22 | Mapping: Product match: 'flash' → THR-004

EXP-KEV-0693Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'adobe flash' (in 'Adobe Flash Player') | CVE: CVE-2010-1297 | Adobe Flash Player | Adobe Flash Player Memory Corruption Vulnerability | KEV added: 2022-06-08 | KEV due: 2022-06-22 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-0702Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-004 — Drive-By Compromise
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'adobe flash' (in 'Adobe Flash Player and AIR') | CVE: CVE-2016-1010 | Adobe Flash Player and AIR | Adobe Flash Player and AIR Integer Overflow Vulnerability | KEV added: 2022-05-25 | KEV due: 2022-06-15 | Mapping: Product match: 'flash' → THR-004

EXP-KEV-0703Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'adobe flash' (in 'Adobe Flash Player and AIR') | CVE: CVE-2016-0984 | Adobe Flash Player and AIR | Adobe Flash Player and AIR Use-After-Free Vulnerability | KEV added: 2022-05-25 | KEV due: 2022-06-15 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-0705Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-004 — Drive-By Compromise
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'adobe flash' (in 'Adobe Flash Player') | CVE: CVE-2015-0310 | Adobe Flash Player | Adobe Flash Player ASLR Bypass Vulnerability | KEV added: 2022-05-25 | KEV due: 2022-06-15 | Mapping: Product match: 'flash' → THR-004

EXP-KEV-0708Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'microsoft internet explorer' (in 'Microsoft Internet Explorer') | CVE: CVE-2015-2425 | Microsoft Internet Explorer | Microsoft Internet Explorer Memory Corruption Vulnerability | KEV added: 2022-05-25 | KEV due: 2022-06-15 | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-0710Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-004 — Drive-By Compromise
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'mozilla' (in 'Mozilla Firefox') | CVE: CVE-2015-4495 | Mozilla Firefox | Mozilla Firefox Security Feature Bypass Vulnerability | KEV added: 2022-05-25 | KEV due: 2022-06-15 | Mapping: Product match: 'firefox' → THR-004

EXP-KEV-0711Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-004 — Drive-By Compromise
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'adobe flash' (in 'Adobe Flash Player') | CVE: CVE-2015-8651 | Adobe Flash Player | Adobe Flash Player Integer Overflow Vulnerability | KEV added: 2022-05-25 | KEV due: 2022-06-15 | Mapping: Product match: 'flash' → THR-004

EXP-KEV-0715Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'adobe flash' (in 'Adobe Flash Player') | CVE: CVE-2014-8439 | Adobe Flash Player | Adobe Flash Player Dereferenced Pointer Vulnerability | KEV added: 2022-05-25 | KEV due: 2022-06-15 | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-0717Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'microsoft input method editor' (in 'Microsoft Input Method Editor (IME) Japanese') | CVE: CVE-2014-4077 | Microsoft Input Method Editor (IME) Japanese | Microsoft IME Japanese Privilege Escalation Vulnerability | KEV added: 2022-05-25 | KEV due: 2022-06-15 | Mapping: Product match: 'windows' → THR-018

EXP-KEV-0719Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'microsoft silverlight' (in 'Microsoft Silverlight') | CVE: CVE-2013-3896 | Microsoft Silverlight | Microsoft Silverlight Information Disclosure Vulnerability | KEV added: 2022-05-25 | KEV due: 2022-06-15 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-0728Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'microsoft internet explorer' (in 'Microsoft Internet Explorer') | CVE: CVE-2017-0149 | Microsoft Internet Explorer | Microsoft Internet Explorer Memory Corruption Vulnerability | KEV added: 2022-05-24 | KEV due: 2022-06-14 | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-0735Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco Adaptive Security Appliance (ASA)') | CVE: CVE-2016-6366 | Cisco Adaptive Security Appliance (ASA) | Cisco Adaptive Security Appliance (ASA) SNMP Buffer Overflow Vulnerability | KEV added: 2022-05-24 | KEV due: 2022-06-14 | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-0736Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco Adaptive Security Appliance (ASA)') | CVE: CVE-2016-6367 | Cisco Adaptive Security Appliance (ASA) | Cisco Adaptive Security Appliance (ASA) CLI Remote Code Execution Vulnerability | KEV added: 2022-05-24 | KEV due: 2022-06-14 | Mapping: CWE mapping: CWE-77 → THR-010

EXP-KEV-0737External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-005 — External Remote Services
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS XR') | CVE: CVE-2022-20821 | Cisco IOS XR | Cisco IOS XR Open Port Vulnerability | KEV added: 2022-05-23 | KEV due: 2022-06-13 | Mapping: Product match: 'cisco ios' → THR-005

EXP-KEV-0748Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-004 — Drive-By Compromise
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'mozilla' (in 'Mozilla Firefox and Thunderbird') | CVE: CVE-2019-11707 | Mozilla Firefox and Thunderbird | Mozilla Firefox and Thunderbird Type Confusion Vulnerability | KEV added: 2022-05-23 | KEV due: 2022-06-13 | Mapping: Product match: 'firefox' → THR-004

EXP-KEV-0749Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'mozilla' (in 'Mozilla Firefox and Thunderbird') | CVE: CVE-2019-11708 | Mozilla Firefox and Thunderbird | Mozilla Firefox and Thunderbird Sandbox Escape Vulnerability | KEV added: 2022-05-23 | KEV due: 2022-06-13 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-0750Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'webkitgtk' (in 'WebKitGTK WebKitGTK') | CVE: CVE-2019-8720 | WebKitGTK WebKitGTK | WebKitGTK Memory Corruption Vulnerability | KEV added: 2022-05-23 | KEV due: 2022-06-13 | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-0751Cross-Site Scripting (XSS) (T1190 (Web))HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-060 — Cross-Site Scripting (XSS)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'meta' (in 'Meta Platforms WhatsApp') | CVE: CVE-2019-18426 | Meta Platforms WhatsApp | WhatsApp Cross-Site Scripting Vulnerability | KEV added: 2022-05-23 | KEV due: 2022-06-13 | Mapping: CWE mapping: CWE-79 → THR-060

EXP-KEV-0754Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'adobe flash' (in 'Adobe Flash Player') | CVE: CVE-2018-5002 | Adobe Flash Player | Adobe Flash Player Stack-based Buffer Overflow Vulnerability | KEV added: 2022-05-23 | KEV due: 2022-06-13 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-0756Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'zyxel' (in 'Zyxel Multiple Firewalls') | CVE: CVE-2022-30525 | Zyxel Multiple Firewalls | Zyxel Multiple Firewalls OS Command Injection Vulnerability | KEV added: 2022-05-16 | KEV due: 2022-06-06 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-0757Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'vmware' (in 'VMware Spring Cloud Gateway') | CVE: CVE-2022-22947 | VMware Spring Cloud Gateway | VMware Spring Cloud Gateway Code Injection Vulnerability | KEV added: 2022-05-16 | KEV due: 2022-06-06 | Mapping: CWE mapping: CWE-94 → THR-010

EXP-KEV-0758Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'microsoft internet explorer' (in 'Microsoft Internet Explorer') | CVE: CVE-2014-0322 | Microsoft Internet Explorer | Microsoft Internet Explorer Use-After-Free Vulnerability | KEV added: 2022-05-04 | KEV due: 2022-05-25 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-0759Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'openssl' (in 'OpenSSL OpenSSL') | CVE: CVE-2014-0160 | OpenSSL OpenSSL | OpenSSL Information Disclosure Vulnerability | KEV added: 2022-05-04 | KEV due: 2022-05-25 | Mapping: CWE mapping: CWE-125 → THR-018

EXP-KEV-0764Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'jenkins' (in 'Jenkins Script Security Plugin') | CVE: CVE-2019-1003029 | Jenkins Script Security Plugin | Jenkins Script Security Plugin Sandbox Bypass Vulnerability | KEV added: 2022-04-25 | KEV due: 2022-05-16 | Mapping: Product match: 'jenkins' → THR-006

EXP-KEV-0768Cross-Site Scripting (XSS) (T1190 (Web))HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-060 — Cross-Site Scripting (XSS)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'crestron' (in 'Crestron Multiple Products') | CVE: CVE-2019-3929 | Crestron Multiple Products | Crestron Multiple Products Command Injection Vulnerability | KEV added: 2022-04-15 | KEV due: 2022-05-06 | Mapping: CWE mapping: CWE-79 → THR-060

EXP-KEV-0770SQL Injection (T1190 (Web))HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-059 — SQL Injection
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'schneider' (in 'Schneider Electric U.motion Builder') | CVE: CVE-2018-7841 | Schneider Electric U.motion Builder | Schneider Electric U.motion Builder SQL Injection Vulnerability | KEV added: 2022-04-15 | KEV due: 2022-05-06 | Mapping: CWE mapping: CWE-89 → THR-059

EXP-KEV-0771Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'trihedral' (in 'Trihedral VTScada (formerly VTS)') | CVE: CVE-2016-4523 | Trihedral VTScada (formerly VTS) | Trihedral VTScada (formerly VTS) Denial-of-Service Vulnerability | KEV added: 2022-04-15 | KEV due: 2022-05-06 | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-0772Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'indusoft' (in 'InduSoft Web Studio') | CVE: CVE-2014-0780 | InduSoft Web Studio | InduSoft Web Studio NTWebServer Directory Traversal Vulnerability | KEV added: 2022-04-15 | KEV due: 2022-05-06 | Mapping: CWE mapping: CWE-22 → THR-006

EXP-KEV-0773Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'ubiquiti' (in 'Ubiquiti AirOS') | CVE: CVE-2010-5330 | Ubiquiti AirOS | Ubiquiti AirOS Command Injection Vulnerability | KEV added: 2022-04-15 | KEV due: 2022-05-06 | Mapping: CWE mapping: CWE-77 → THR-010

EXP-KEV-0774Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'alcatel' (in 'Alcatel OmniPCX Enterprise') | CVE: CVE-2007-3010 | Alcatel OmniPCX Enterprise | Alcatel OmniPCX Enterprise Remote Code Execution Vulnerability | KEV added: 2022-04-15 | KEV due: 2022-05-06 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-0779Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'adobe flash' (in 'Adobe Flash Player') | CVE: CVE-2015-5123 | Adobe Flash Player | Adobe Flash Player Use-After-Free Vulnerability | KEV added: 2022-04-13 | KEV due: 2022-05-04 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-0780Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'adobe flash' (in 'Adobe Flash Player') | CVE: CVE-2015-5122 | Adobe Flash Player | Adobe Flash Player Use-After-Free Vulnerability | KEV added: 2022-04-13 | KEV due: 2022-05-04 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-0781Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'adobe flash' (in 'Adobe Flash Player') | CVE: CVE-2015-3113 | Adobe Flash Player | Adobe Flash Player Heap-Based Buffer Overflow Vulnerability | KEV added: 2022-04-13 | KEV due: 2022-05-04 | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-0782Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'microsoft internet explorer' (in 'Microsoft Internet Explorer') | CVE: CVE-2015-2502 | Microsoft Internet Explorer | Microsoft Internet Explorer Memory Corruption Vulnerability | KEV added: 2022-04-13 | KEV due: 2022-05-04 | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-0783Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'adobe flash' (in 'Adobe Flash Player') | CVE: CVE-2015-0313 | Adobe Flash Player | Adobe Flash Player Use-After-Free Vulnerability | KEV added: 2022-04-13 | KEV due: 2022-05-04 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-0784Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-004 — Drive-By Compromise
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'adobe flash' (in 'Adobe Flash Player') | CVE: CVE-2015-0311 | Adobe Flash Player | Adobe Flash Player Remote Code Execution Vulnerability | KEV added: 2022-04-13 | KEV due: 2022-05-04 | Mapping: Product match: 'flash' → THR-004

EXP-KEV-0785Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-004 — Drive-By Compromise
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'adobe flash' (in 'Adobe Flash Player') | CVE: CVE-2014-9163 | Adobe Flash Player | Adobe Flash Player Stack-Based Buffer Overflow Vulnerability | KEV added: 2022-04-13 | KEV due: 2022-05-04 | Mapping: Product match: 'flash' → THR-004

EXP-KEV-0788Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'google pixel' (in 'Google Pixel') | CVE: CVE-2021-39793 | Google Pixel | Google Pixel Out-of-Bounds Write Vulnerability | KEV added: 2022-04-11 | KEV due: 2022-05-02 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-0789Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'checkbox' (in 'Checkbox Checkbox Survey') | CVE: CVE-2021-27852 | Checkbox Checkbox Survey | Checkbox Survey Deserialization of Untrusted Data Vulnerability | KEV added: 2022-04-11 | KEV due: 2022-05-02 | Mapping: CWE mapping: CWE-502 → THR-006

EXP-KEV-0791Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'qnap' (in 'QNAP QNAP Network-Attached Storage (NAS)') | CVE: CVE-2020-2509 | QNAP QNAP Network-Attached Storage (NAS) | QNAP Network-Attached Storage (NAS) Command Injection Vulnerability | KEV added: 2022-04-11 | KEV due: 2022-05-02 | Mapping: CWE mapping: CWE-77 → THR-010

EXP-KEV-0794Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'vmware' (in 'VMware Spring Framework') | CVE: CVE-2022-22965 | VMware Spring Framework | Spring Framework JDK 9+ Remote Code Execution Vulnerability | KEV added: 2022-04-04 | KEV due: 2022-04-25 | Mapping: CWE mapping: CWE-94 → THR-010

EXP-KEV-0800Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-009 — Valid Accounts (Credential Reuse)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'dasan' (in 'Dasan Gigabit Passive Optical Network (GPON) Routers') | CVE: CVE-2018-10561 | Dasan Gigabit Passive Optical Network (GPON) Routers | Dasan GPON Routers Authentication Bypass Vulnerability | KEV added: 2022-03-31 | KEV due: 2022-04-21 | Mapping: CWE mapping: CWE-287 → THR-009

EXP-KEV-0802Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-009 — Valid Accounts (Credential Reuse)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'redis' (in 'Redis Debian-specific Redis Servers') | CVE: CVE-2022-0543 | Redis Debian-specific Redis Servers | Debian-specific Redis Server Lua Sandbox Escape Vulnerability | KEV added: 2022-03-28 | KEV due: 2022-04-18 | Mapping: CWE mapping: CWE-862 → THR-009

EXP-KEV-0807Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'sonicwall' (in 'SonicWall SMA100') | CVE: CVE-2019-7483 | SonicWall SMA100 | SonicWall SMA100 Directory Traversal Vulnerability | KEV added: 2022-03-28 | KEV due: 2022-04-18 | Mapping: CWE mapping: CWE-22 → THR-006

EXP-KEV-0813Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'microsoft internet explorer' (in 'Microsoft Internet Explorer') | CVE: CVE-2016-0189 | Microsoft Internet Explorer | Microsoft Internet Explorer Memory Corruption Vulnerability | KEV added: 2022-03-28 | KEV due: 2022-04-18 | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-0817Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'microsoft internet explorer' (in 'Microsoft Internet Explorer') | CVE: CVE-2015-2419 | Microsoft Internet Explorer | Microsoft Internet Explorer Memory Corruption Vulnerability | KEV added: 2022-03-28 | KEV due: 2022-04-18 | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-0821Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'mozilla' (in 'Mozilla Firefox and Thunderbird') | CVE: CVE-2013-1690 | Mozilla Firefox and Thunderbird | Mozilla Firefox and Thunderbird Denial-of-Service Vulnerability | KEV added: 2022-03-28 | KEV due: 2022-04-18 | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-0822Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'adobe flash' (in 'Adobe Flash Player') | CVE: CVE-2012-2034 | Adobe Flash Player | Adobe Flash Player Memory Corruption Vulnerability | KEV added: 2022-03-28 | KEV due: 2022-04-18 | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-0828Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'zyxel' (in 'Zyxel Multiple Network-Attached Storage (NAS) Devices') | CVE: CVE-2020-9054 | Zyxel Multiple Network-Attached Storage (NAS) Devices | Zyxel Multiple NAS Devices OS Command Injection Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-0829Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'openbsd' (in 'OpenBSD OpenSMTPD') | CVE: CVE-2020-7247 | OpenBSD OpenSMTPD | OpenSMTPD Remote Code Execution Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-0830Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'vmware' (in 'VMware Tanzu Spring Cloud Configuration (Config) Server') | CVE: CVE-2020-5410 | VMware Tanzu Spring Cloud Configuration (Config) Server | VMware Tanzu Spring Cloud Config Directory Traversal Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Mapping: Product match: 'spring' → THR-006

EXP-KEV-0831Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'sophos' (in 'Sophos SG UTM') | CVE: CVE-2020-25223 | Sophos SG UTM | Sophos SG UTM Remote Code Execution Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-0833Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'apache kylin' (in 'Apache Kylin') | CVE: CVE-2020-1956 | Apache Kylin | Apache Kylin OS Command Injection Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-0834Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'juniper' (in 'Juniper Junos OS') | CVE: CVE-2020-1631 | Juniper Junos OS | Juniper Junos OS Path Traversal Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Mapping: CWE mapping: CWE-22 → THR-006

EXP-KEV-0835Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'drupal' (in 'Drupal Core') | CVE: CVE-2019-6340 | Drupal Core | Drupal Core Remote Code Execution Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Mapping: CWE mapping: CWE-502 → THR-006

EXP-KEV-0838Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'citrix' (in 'Citrix SD-WAN and NetScaler') | CVE: CVE-2019-12991 | Citrix SD-WAN and NetScaler | Citrix SD-WAN and NetScaler Command Injection Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-0839SQL Injection (T1190 (Web))HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-059 — SQL Injection
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'citrix' (in 'Citrix SD-WAN and NetScaler') | CVE: CVE-2019-12989 | Citrix SD-WAN and NetScaler | Citrix SD-WAN and NetScaler SQL Injection Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Mapping: CWE mapping: CWE-89 → THR-059

EXP-KEV-0841Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'kentico' (in 'Kentico Xperience') | CVE: CVE-2019-10068 | Kentico Xperience | Kentico Xperience Deserialization of Untrusted Data Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Mapping: CWE mapping: CWE-502 → THR-006

EXP-KEV-0842Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'jenkins' (in 'Jenkins Matrix Project Plugin') | CVE: CVE-2019-1003030 | Jenkins Matrix Project Plugin | Jenkins Matrix Project Plugin Remote Code Execution Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Mapping: Product match: 'jenkins' → THR-006

EXP-KEV-0845Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'microsoft internet explorer' (in 'Microsoft Internet Explorer Scripting Engine') | CVE: CVE-2018-8373 | Microsoft Internet Explorer Scripting Engine | Microsoft Scripting Engine Memory Corruption Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-0846Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'vmware' (in 'VMware SD-WAN Edge') | CVE: CVE-2018-6961 | VMware SD-WAN Edge | VMware SD-WAN Edge by VeloCloud Command Injection Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-0847Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'lg n1a1' (in 'LG N1A1 NAS') | CVE: CVE-2018-14839 | LG N1A1 NAS | LG N1A1 NAS Remote Command Execution Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-0850Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco Secure Access Control System (ACS)') | CVE: CVE-2018-0147 | Cisco Secure Access Control System (ACS) | Cisco Secure Access Control System Java Deserialization Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-0851Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco VPN Routers') | CVE: CVE-2018-0125 | Cisco VPN Routers | Cisco VPN Routers Remote Code Execution Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-0852Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'netgear' (in 'NETGEAR DGN2200 Devices') | CVE: CVE-2017-6334 | NETGEAR DGN2200 Devices | NETGEAR DGN2200 Devices OS Command Injection Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-0853Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'citrix' (in 'Citrix NetScaler SD-WAN Enterprise, CloudBridge Virtual WAN, and XenMobile Server') | CVE: CVE-2017-6316 | Citrix NetScaler SD-WAN Enterprise, CloudBridge Virtual WAN, and XenMobile Server | Citrix Multiple Products Remote Code Execution Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-0854Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS and IOS XE') | CVE: CVE-2017-3881 | Cisco IOS and IOS XE | Cisco IOS and IOS XE Remote Code Execution Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-0858Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'adobe flash' (in 'Adobe Flash Player') | CVE: CVE-2016-7892 | Adobe Flash Player | Adobe Flash Player Use-After-Free Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-0859Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-004 — Drive-By Compromise
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'adobe flash' (in 'Adobe Flash Player') | CVE: CVE-2016-4171 | Adobe Flash Player | Adobe Flash Player Remote Code Execution Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Mapping: Product match: 'flash' → THR-004

EXP-KEV-0860Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'netgear' (in 'NETGEAR Wireless Access Point (WAP) Devices') | CVE: CVE-2016-1555 | NETGEAR Wireless Access Point (WAP) Devices | NETGEAR Multiple WAP Devices Command Injection Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Mapping: CWE mapping: CWE-77 → THR-010

EXP-KEV-0862Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'netgear' (in 'NETGEAR WNR2000v5 Router') | CVE: CVE-2016-10174 | NETGEAR WNR2000v5 Router | NETGEAR WNR2000v5 Router Buffer Overflow Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-0863Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'rails' (in 'Rails Ruby on Rails') | CVE: CVE-2016-0752 | Rails Ruby on Rails | Ruby on Rails Directory Traversal Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Mapping: CWE mapping: CWE-22 → THR-006

EXP-KEV-0864Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'arcserve' (in 'Arcserve Unified Data Protection (UDP)') | CVE: CVE-2015-4068 | Arcserve Unified Data Protection (UDP) | Arcserve Unified Data Protection (UDP) Directory Traversal Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Mapping: CWE mapping: CWE-22 → THR-006

EXP-KEV-0865Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'tp-link' (in 'TP-Link Multiple Archer Devices') | CVE: CVE-2015-3035 | TP-Link Multiple Archer Devices | TP-Link Multiple Archer Devices Directory Traversal Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Mapping: CWE mapping: CWE-22 → THR-006

EXP-KEV-0867Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco Prime Data Center Network Manager (DCNM)') | CVE: CVE-2015-0666 | Cisco Prime Data Center Network Manager (DCNM) | Cisco Prime Data Center Network Manager (DCNM) Directory Traversal Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Mapping: CWE mapping: CWE-22 → THR-006

EXP-KEV-0870Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'rejetto' (in 'Rejetto HTTP File Server (HFS)') | CVE: CVE-2014-6287 | Rejetto HTTP File Server (HFS) | Rejetto HTTP File Server (HFS) Remote Code Execution Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Mapping: CWE mapping: CWE-94 → THR-010

EXP-KEV-0871Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'rails' (in 'Rails Ruby on Rails') | CVE: CVE-2014-0130 | Rails Ruby on Rails | Ruby on Rails Directory Traversal Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Mapping: CWE mapping: CWE-22 → THR-006

EXP-KEV-0873Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'hewlett' (in 'Hewlett Packard (HP) ProCurve Manager (PCM), PCM+, Identity Driven Manager (IDM), and Application Lifecycle Management') | CVE: CVE-2013-4810 | Hewlett Packard (HP) ProCurve Manager (PCM), PCM+, Identity Driven Manager (IDM), and Application Lifecycle Management | HP Multiple Products Remote Code Execution Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Mapping: CWE mapping: CWE-94 → THR-010

EXP-KEV-0874Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'apache struts' (in 'Apache Struts') | CVE: CVE-2013-2251 | Apache Struts | Apache Struts Improper Input Validation Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-0875Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'php' (in 'PHP PHP') | CVE: CVE-2012-1823 | PHP PHP | PHP-CGI Query String Parameter Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-0876Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'exim' (in 'Exim Exim') | CVE: CVE-2010-4344 | Exim Exim | Exim Heap-Based Buffer Overflow Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-0877Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS XR') | CVE: CVE-2010-3035 | Cisco IOS XR | Cisco IOS XR Border Gateway Protocol (BGP) Denial-of-Service Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-0879Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS XR') | CVE: CVE-2009-2055 | Cisco IOS XR | Cisco IOS XR Border Gateway Protocol (BGP) Denial-of-Service Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-0880Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'php' (in 'phpMyAdmin phpMyAdmin') | CVE: CVE-2009-1151 | phpMyAdmin phpMyAdmin | phpMyAdmin Remote Code Execution Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Mapping: CWE mapping: CWE-94 → THR-010

EXP-KEV-0895Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'mozilla' (in 'Mozilla Firefox') | CVE: CVE-2022-26486 | Mozilla Firefox | Mozilla Firefox Use-After-Free Vulnerability | KEV added: 2022-03-07 | KEV due: 2022-03-21 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-0896Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'mozilla' (in 'Mozilla Firefox') | CVE: CVE-2022-26485 | Mozilla Firefox | Mozilla Firefox Use-After-Free Vulnerability | KEV added: 2022-03-07 | KEV due: 2022-03-21 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-0897Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'vmware' (in 'VMware vCenter Server and Cloud Foundation') | CVE: CVE-2021-21973 | VMware vCenter Server and Cloud Foundation | VMware vCenter Server and Cloud Foundation Server Side Request Forgery (SSRF) Vulnerability | KEV added: 2022-03-07 | KEV due: 2022-03-21 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-0898Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'pulse secure' (in 'Pulse Secure Pulse Connect Secure') | CVE: CVE-2020-8218 | Pulse Secure Pulse Connect Secure | Pulse Connect Secure Code Injection Vulnerability | KEV added: 2022-03-07 | KEV due: 2022-09-07 | Mapping: CWE mapping: CWE-94 → THR-010

EXP-KEV-0900Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'netgear' (in 'NETGEAR Wireless Router DGN2200') | CVE: CVE-2017-6077 | NETGEAR Wireless Router DGN2200 | NETGEAR DGN2200 Remote Code Execution Vulnerability | KEV added: 2022-03-07 | KEV due: 2022-09-07 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-0901Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'netgear' (in 'NETGEAR Multiple Routers') | CVE: CVE-2016-6277 | NETGEAR Multiple Routers | NETGEAR Multiple Routers Remote Code Execution Vulnerability | KEV added: 2022-03-07 | KEV due: 2022-09-07 | Mapping: CWE mapping: CWE-352 → THR-006

EXP-KEV-0904Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'treck' (in 'Treck TCP/IP stack IPv6') | CVE: CVE-2020-11899 | Treck TCP/IP stack IPv6 | Treck TCP/IP stack Out-of-Bounds Read Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-17 | Mapping: CWE mapping: CWE-125 → THR-018

EXP-KEV-0905Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'exim' (in 'Exim Exim Internet Mailer') | CVE: CVE-2019-16928 | Exim Exim Internet Mailer | Exim Out-of-bounds Write Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-17 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-0906Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers') | CVE: CVE-2019-1652 | Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers | Cisco Small Business Routers Improper Input Validation Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-17 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-0908External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-005 — External Remote Services
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS Software') | CVE: CVE-2018-0180 | Cisco IOS Software | Cisco IOS Software Denial-of-Service Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-17 | Mapping: Product match: 'cisco ios' → THR-005

EXP-KEV-0909External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-005 — External Remote Services
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS Software') | CVE: CVE-2018-0179 | Cisco IOS Software | Cisco IOS Software Denial-of-Service Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-17 | Mapping: Product match: 'cisco ios' → THR-005

EXP-KEV-0910Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS, XR, and XE Software') | CVE: CVE-2018-0175 | Cisco IOS, XR, and XE Software | Cisco IOS, XR, and XE Software Buffer Overflow Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-17 | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-0911Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS XE Software') | CVE: CVE-2018-0174 | Cisco IOS XE Software | Cisco IOS Software and Cisco IOS XE Software Improper Input Validation Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-17 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-0912Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS and IOS XE Software') | CVE: CVE-2018-0173 | Cisco IOS and IOS XE Software | Cisco IOS and IOS XE Software Improper Input Validation Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-17 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-0913Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS and IOS XE Software') | CVE: CVE-2018-0172 | Cisco IOS and IOS XE Software | Cisco IOS and IOS XE Software Improper Input Validation Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-17 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-0914Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS, XR, and XE Software') | CVE: CVE-2018-0167 | Cisco IOS, XR, and XE Software | Cisco IOS, XR, and XE Software Buffer Overflow Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-17 | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-0915External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-005 — External Remote Services
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS Software') | CVE: CVE-2018-0161 | Cisco IOS Software | Cisco IOS Software Resource Management Errors Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-17 | Mapping: Product match: 'cisco ios' → THR-005

EXP-KEV-0916Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS Software and Cisco IOS XE Software') | CVE: CVE-2018-0159 | Cisco IOS Software and Cisco IOS XE Software | Cisco IOS and XE Software Internet Key Exchange Version 1 Denial-of-Service Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-17 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-0917Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS Software and Cisco IOS XE Software') | CVE: CVE-2018-0158 | Cisco IOS Software and Cisco IOS XE Software | Cisco IOS and XE Software Internet Key Exchange Memory Leak Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-17 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-0918External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-005 — External Remote Services
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS Software and Cisco IOS XE Software') | CVE: CVE-2018-0156 | Cisco IOS Software and Cisco IOS XE Software | Cisco IOS Software and Cisco IOS XE Software Smart Install Denial-of-Service Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-17 | Mapping: Product match: 'cisco ios' → THR-005

EXP-KEV-0919Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches') | CVE: CVE-2018-0155 | Cisco Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches | Cisco Catalyst Bidirectional Forwarding Detection Denial-of-Service Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-17 | Mapping: Product match: 'ios' → THR-018

EXP-KEV-0920External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-005 — External Remote Services
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS Software') | CVE: CVE-2018-0154 | Cisco IOS Software | Cisco IOS Software Integrated Services Module for VPN Denial-of-Service Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-17 | Mapping: Product match: 'vpn' → THR-005

EXP-KEV-0921Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS and IOS XE Software') | CVE: CVE-2018-0151 | Cisco IOS and IOS XE Software | Cisco IOS Software and Cisco IOS XE Software Quality of Service Remote Code Execution Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-17 | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-0923Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS software') | CVE: CVE-2017-6744 | Cisco IOS software | Cisco IOS Software SNMP Remote Code Execution Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-0924Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS and IOS XE Software') | CVE: CVE-2017-6743 | Cisco IOS and IOS XE Software | Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-0925Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS and IOS XE Software') | CVE: CVE-2017-6740 | Cisco IOS and IOS XE Software | Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-0926Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS and IOS XE Software') | CVE: CVE-2017-6739 | Cisco IOS and IOS XE Software | Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-0927Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS and IOS XE Software') | CVE: CVE-2017-6738 | Cisco IOS and IOS XE Software | Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-0928Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS and IOS XE Software') | CVE: CVE-2017-6737 | Cisco IOS and IOS XE Software | Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-0929Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS and IOS XE Software') | CVE: CVE-2017-6736 | Cisco IOS and IOS XE Software | Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-0930External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-005 — External Remote Services
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS and IOS XE Software') | CVE: CVE-2017-6663 | Cisco IOS and IOS XE Software | Cisco IOS Software and Cisco IOS XE Software Denial-of-Service Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Mapping: Product match: 'cisco ios' → THR-005

EXP-KEV-0931External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-005 — External Remote Services
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS and IOS XE Software') | CVE: CVE-2017-6627 | Cisco IOS and IOS XE Software | Cisco IOS Software and Cisco IOS XE Software UDP Packet Processing Denial-of-Service Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Mapping: Product match: 'cisco ios' → THR-005

EXP-KEV-0932Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS XE Software') | CVE: CVE-2017-12319 | Cisco IOS XE Software | Cisco IOS XE Software Ethernet Virtual Private Network Border Gateway Protocol Denial-of-Service Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-0933Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS and IOS XE Software') | CVE: CVE-2017-12240 | Cisco IOS and IOS XE Software | Cisco IOS and IOS XE Software DHCP Remote Code Execution Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-0934External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-005 — External Remote Services
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco Catalyst 6800 Series Switches') | CVE: CVE-2017-12238 | Cisco Catalyst 6800 Series Switches | Cisco Catalyst 6800 Series Switches VPLS Denial-of-Service Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Mapping: Product match: 'cisco ios' → THR-005

EXP-KEV-0935Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS and IOS XE Software') | CVE: CVE-2017-12237 | Cisco IOS and IOS XE Software | Cisco IOS and IOS XE Software Internet Key Exchange Denial-of-Service Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Mapping: Product match: 'exchange' → THR-006

EXP-KEV-0936Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS software') | CVE: CVE-2017-12235 | Cisco IOS software | Cisco IOS Software for Cisco Industrial Ethernet Switches PROFINET Denial-of-Service Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-0937Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS software') | CVE: CVE-2017-12234 | Cisco IOS software | Cisco IOS Software Common Industrial Protocol Request Denial-of-Service Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-0938Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS software') | CVE: CVE-2017-12233 | Cisco IOS software | Cisco IOS Software Common Industrial Protocol Request Denial-of-Service Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-0939External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-005 — External Remote Services
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS software') | CVE: CVE-2017-12232 | Cisco IOS software | Cisco IOS Software for Cisco Integrated Services Routers Denial-of-Service Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Mapping: Product match: 'cisco ios' → THR-005

EXP-KEV-0940External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-005 — External Remote Services
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS software') | CVE: CVE-2017-12231 | Cisco IOS software | Cisco IOS Software Network Address Translation Denial-of-Service Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Mapping: Product match: 'cisco ios' → THR-005

EXP-KEV-0942Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-004 — Drive-By Compromise
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'adobe flash' (in 'Adobe Flash Player') | CVE: CVE-2017-11292 | Adobe Flash Player | Adobe Flash Player Type Confusion Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Mapping: Product match: 'flash' → THR-004

EXP-KEV-0945Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'siemens' (in 'Siemens SIMATIC CP') | CVE: CVE-2016-8562 | Siemens SIMATIC CP | Siemens SIMATIC CP 1543-1 Improper Privilege Management Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-0946Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'adobe flash' (in 'Adobe Flash Player') | CVE: CVE-2016-7855 | Adobe Flash Player | Adobe Flash Player Use-After-Free Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-0950Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-004 — Drive-By Compromise
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'adobe flash' (in 'Adobe Flash Player') | CVE: CVE-2016-4117 | Adobe Flash Player | Adobe Flash Player Arbitrary Code Execution Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Mapping: Product match: 'flash' → THR-004

EXP-KEV-0954Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'adobe flash' (in 'Adobe Flash Player') | CVE: CVE-2015-5119 | Adobe Flash Player | Adobe Flash Player Use-After-Free Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-0955Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'adobe flash' (in 'Adobe Flash Player') | CVE: CVE-2015-3043 | Adobe Flash Player | Adobe Flash Player Memory Corruption Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-0964Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'mozilla' (in 'Mozilla Firefox') | CVE: CVE-2013-1675 | Mozilla Firefox | Mozilla Firefox Information Disclosure Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-0965Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'microsoft internet explorer' (in 'Microsoft Internet Explorer') | CVE: CVE-2013-1347 | Microsoft Internet Explorer | Microsoft Internet Explorer Remote Code Execution Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Mapping: CWE mapping: CWE-94 → THR-010

EXP-KEV-0968Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-004 — Drive-By Compromise
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'adobe flash' (in 'Adobe Flash Player') | CVE: CVE-2012-1535 | Adobe Flash Player | Adobe Flash Player Arbitrary Code Execution Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Mapping: Product match: 'flash' → THR-004

EXP-KEV-0969Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'microsoft forefront' (in 'Microsoft Forefront Threat Management Gateway (TMG)') | CVE: CVE-2011-1889 | Microsoft Forefront Threat Management Gateway (TMG) | Microsoft Forefront TMG Remote Code Execution Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-0970Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-004 — Drive-By Compromise
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'adobe flash' (in 'Adobe Flash Player') | CVE: CVE-2011-0611 | Adobe Flash Player | Adobe Flash Player Remote Code Execution Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Mapping: Product match: 'flash' → THR-004

EXP-KEV-0981Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'microsoft internet explorer' (in 'Microsoft Internet Explorer') | CVE: CVE-2017-0222 | Microsoft Internet Explorer | Microsoft Internet Explorer Remote Code Execution Vulnerability | KEV added: 2022-02-25 | KEV due: 2022-08-25 | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-0983Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-009 — Valid Accounts (Credential Reuse)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'zabbix' (in 'Zabbix Frontend') | CVE: CVE-2022-23131 | Zabbix Frontend | Zabbix Frontend Authentication Bypass Vulnerability | KEV added: 2022-02-22 | KEV due: 2022-03-08 | Mapping: Product match: 'saml' → THR-009

EXP-KEV-0984Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'adobe commerce' (in 'Adobe Commerce and Magento Open Source') | CVE: CVE-2022-24086 | Adobe Commerce and Magento Open Source | Adobe Commerce and Magento Open Source Improper Input Validation Vulnerability | KEV added: 2022-02-15 | KEV due: 2022-03-01 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-0988Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'php' (in 'PHPUnit PHPUnit') | CVE: CVE-2017-9841 | PHPUnit PHPUnit | PHPUnit Command Injection Vulnerability | KEV added: 2022-02-15 | KEV due: 2022-08-15 | Mapping: CWE mapping: CWE-94 → THR-010

EXP-KEV-0994Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'jenkins' (in 'Jenkins Jenkins Stapler Web Framework') | CVE: CVE-2018-1000861 | Jenkins Jenkins Stapler Web Framework | Jenkins Stapler Web Framework Deserialization of Untrusted Data Vulnerability | KEV added: 2022-02-10 | KEV due: 2022-08-10 | Mapping: CWE mapping: CWE-502 → THR-006

EXP-KEV-0995Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'apache struts' (in 'Apache Struts 1') | CVE: CVE-2017-9791 | Apache Struts 1 | Apache Struts 1 Improper Input Validation Vulnerability | KEV added: 2022-02-10 | KEV due: 2022-08-10 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-1001Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'apache activemq' (in 'Apache ActiveMQ') | CVE: CVE-2016-3088 | Apache ActiveMQ | Apache ActiveMQ Improper Input Validation Vulnerability | KEV added: 2022-02-10 | KEV due: 2022-08-10 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-1007SQL Injection (T1190 (Web))HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-059 — SQL Injection
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'grandstream' (in 'Grandstream UCM6200') | CVE: CVE-2020-5722 | Grandstream UCM6200 | Grandstream Networks UCM6200 Series SQL Injection Vulnerability | KEV added: 2022-01-28 | KEV due: 2022-07-28 | Mapping: CWE mapping: CWE-89 → THR-059

EXP-KEV-1009Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'microsoft internet explorer' (in 'Microsoft Internet Explorer') | CVE: CVE-2014-1776 | Microsoft Internet Explorer | Microsoft Internet Explorer Memory Corruption Vulnerability | KEV added: 2022-01-28 | KEV due: 2022-07-28 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-1010Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'gnu' (in 'GNU Bourne-Again Shell (Bash)') | CVE: CVE-2014-6271 | GNU Bourne-Again Shell (Bash) | GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability | KEV added: 2022-01-28 | KEV due: 2022-07-28 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-1011Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'gnu' (in 'GNU Bourne-Again Shell (Bash)') | CVE: CVE-2014-7169 | GNU Bourne-Again Shell (Bash) | GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability | KEV added: 2022-01-28 | KEV due: 2022-07-28 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-1012Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'apache struts' (in 'Apache Struts 1') | CVE: CVE-2006-1547 | Apache Struts 1 | Apache Struts 1 ActionForm Denial-of-Service Vulnerability | KEV added: 2022-01-21 | KEV due: 2022-07-21 | Mapping: Product match: 'apache' → THR-006

EXP-KEV-1013Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'apache struts' (in 'Apache Struts 2') | CVE: CVE-2012-0391 | Apache Struts 2 | Apache Struts 2 Improper Input Validation Vulnerability | KEV added: 2022-01-21 | KEV due: 2022-07-21 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-1015Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'solarwinds' (in 'SolarWinds Serv-U') | CVE: CVE-2021-35247 | SolarWinds Serv-U | SolarWinds Serv-U Improper Input Validation Vulnerability | KEV added: 2022-01-21 | KEV due: 2022-02-04 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-1016Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-009 — Valid Accounts (Credential Reuse)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'october cms' (in 'October CMS October CMS') | CVE: CVE-2021-32648 | October CMS October CMS | October CMS Improper Authentication | KEV added: 2022-01-18 | KEV due: 2022-02-01 | Mapping: CWE mapping: CWE-287 → THR-009

EXP-KEV-1017Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'nagios' (in 'Nagios Nagios XI') | CVE: CVE-2021-25296 | Nagios Nagios XI | Nagios XI OS Command Injection | KEV added: 2022-01-18 | KEV due: 2022-02-01 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-1018Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'nagios' (in 'Nagios Nagios XI') | CVE: CVE-2021-25297 | Nagios Nagios XI | Nagios XI OS Command Injection | KEV added: 2022-01-18 | KEV due: 2022-02-01 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-1019Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'nagios' (in 'Nagios Nagios XI') | CVE: CVE-2021-25298 | Nagios Nagios XI | Nagios XI OS Command Injection | KEV added: 2022-01-18 | KEV due: 2022-02-01 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-1020Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-009 — Valid Accounts (Credential Reuse)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'microsoft exchange' (in 'Microsoft Exchange Server') | CVE: CVE-2021-33766 | Microsoft Exchange Server | Microsoft Exchange Server Information Disclosure | KEV added: 2022-01-18 | KEV due: 2022-02-01 | Mapping: CWE mapping: CWE-287 → THR-009

EXP-KEV-1022Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'npm package' (in 'Npm package System Information Library for Node.JS') | CVE: CVE-2021-21315 | Npm package System Information Library for Node.JS | System Information Library for Node.JS Command Injection | KEV added: 2022-01-18 | KEV due: 2022-02-01 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-1023Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'f5' (in 'F5 BIG-IP Traffic Management Microkernel') | CVE: CVE-2021-22991 | F5 BIG-IP Traffic Management Microkernel | F5 BIG-IP Traffic Management Microkernel Buffer Overflow | KEV added: 2022-01-18 | KEV due: 2022-02-01 | Mapping: CWE mapping: CWE-119 → THR-018

EXP-KEV-1024Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'intel' (in 'Oracle Intelligence Enterprise Edition') | CVE: CVE-2020-14864 | Oracle Intelligence Enterprise Edition | Oracle Business Intelligence Enterprise Edition Path Transversal | KEV added: 2022-01-18 | KEV due: 2022-07-18 | Mapping: CWE mapping: CWE-22 → THR-006

EXP-KEV-1025Web Shell (T1505.003)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-017 — Web Shell
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'drupal' (in 'Drupal Drupal core') | CVE: CVE-2020-13671 | Drupal Drupal core | Drupal core Un-restricted Upload of File | KEV added: 2022-01-18 | KEV due: 2022-07-18 | Mapping: CWE mapping: CWE-434 → THR-017

EXP-KEV-1026Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'apache airflow' (in 'Apache Airflow') | CVE: CVE-2020-11978 | Apache Airflow | Apache Airflow Command Injection | KEV added: 2022-01-18 | KEV due: 2022-07-18 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-1027Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'apache airflow' (in 'Apache Airflow's Experimental API') | CVE: CVE-2020-13927 | Apache Airflow's Experimental API | Apache Airflow's Experimental API Authentication Bypass | KEV added: 2022-01-18 | KEV due: 2022-07-18 | Mapping: Product match: 'apache' → THR-006

EXP-KEV-1028Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'hikvision' (in 'Hikvision Security cameras web server') | CVE: CVE-2021-36260 | Hikvision Security cameras web server | Hikvision Improper Input Validation | KEV added: 2022-01-10 | KEV due: 2022-01-24 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-1035Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'exim' (in 'Exim Mail Transfer Agent (MTA)') | CVE: CVE-2019-10149 | Exim Mail Transfer Agent (MTA) | Exim Mail Transfer Agent (MTA) Improper Input Validation | KEV added: 2022-01-10 | KEV due: 2022-07-10 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-1036Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'ibm' (in 'IBM WebSphere Application Server and Server Hypervisor Edition') | CVE: CVE-2015-7450 | IBM WebSphere Application Server and Server Hypervisor Edition | IBM WebSphere Application Server and Server Hypervisor Edition Code Injection. | KEV added: 2022-01-10 | KEV due: 2022-07-10 | Mapping: CWE mapping: CWE-94 → THR-010

EXP-KEV-1037Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'elastic' (in 'Elastic Kibana') | CVE: CVE-2019-7609 | Elastic Kibana | Kibana Arbitrary Code Execution | KEV added: 2022-01-10 | KEV due: 2022-07-10 | Mapping: CWE mapping: CWE-94 → THR-010

EXP-KEV-1038Web Shell (T1505.003)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-017 — Web Shell
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'fatpipe' (in 'FatPipe WARP, IPVPN, and MPVPN software') | CVE: CVE-2021-27860 | FatPipe WARP, IPVPN, and MPVPN software | FatPipe WARP, IPVPN, and MPVPN Configuration Upload exploit | KEV added: 2022-01-10 | KEV due: 2022-01-24 | Mapping: CWE mapping: CWE-434 → THR-017

EXP-KEV-1042Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'realtek' (in 'Realtek Jungle Software Development Kit (SDK)') | CVE: CVE-2021-35394 | Realtek Jungle Software Development Kit (SDK) | Realtek Jungle SDK Remote Code Execution Vulnerability | KEV added: 2021-12-10 | KEV due: 2021-12-24 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-1043Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'apache solr' (in 'Apache Solr') | CVE: CVE-2019-0193 | Apache Solr | Apache Solr DataImportHandler Code Injection Vulnerability | KEV added: 2021-12-10 | KEV due: 2022-06-10 | Mapping: CWE mapping: CWE-94 → THR-010

EXP-KEV-1045Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'embedthis' (in 'Embedthis GoAhead') | CVE: CVE-2017-17562 | Embedthis GoAhead | Embedthis GoAhead Remote Code Execution Vulnerability | KEV added: 2021-12-10 | KEV due: 2022-06-10 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-1047Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'red hat' (in 'Red Hat JBoss Seam 2') | CVE: CVE-2010-1871 | Red Hat JBoss Seam 2 | Red Hat Linux JBoss Seam 2 Remote Code Execution Vulnerability | KEV added: 2021-12-10 | KEV due: 2022-06-10 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-1048SQL Injection (T1190 (Web))HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-059 — SQL Injection
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'fuel cms' (in 'Fuel CMS Fuel CMS') | CVE: CVE-2020-17463 | Fuel CMS Fuel CMS | Fuel CMS SQL Injection Vulnerability | KEV added: 2021-12-10 | KEV due: 2022-06-10 | Mapping: CWE mapping: CWE-89 → THR-059

EXP-KEV-1049Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'pi-hole' (in 'Pi-hole AdminLTE') | CVE: CVE-2020-8816 | Pi-hole AdminLTE | Pi-Hole AdminLTE Remote Code Execution Vulnerability | KEV added: 2021-12-10 | KEV due: 2022-06-10 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-1050Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'mongodb' (in 'MongoDB mongo-express') | CVE: CVE-2019-10758 | MongoDB mongo-express | MongoDB mongo-express Remote Code Execution Vulnerability | KEV added: 2021-12-10 | KEV due: 2022-06-10 | Mapping: Product match: 'mongodb' → THR-006

EXP-KEV-1052Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'qualcomm' (in 'Qualcomm Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables') | CVE: CVE-2020-11261 | Qualcomm Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | Qualcomm Multiple Chipsets Improper Input Validation Vulnerability | KEV added: 2021-12-01 | KEV due: 2022-06-01 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-1053Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'mikrotik' (in 'MikroTik RouterOS') | CVE: CVE-2018-14847 | MikroTik RouterOS | MikroTik Router OS Directory Traversal Vulnerability | KEV added: 2021-12-01 | KEV due: 2022-06-01 | Mapping: CWE mapping: CWE-22 → THR-006

EXP-KEV-1063Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'adobe coldfusion' (in 'Adobe ColdFusion') | CVE: CVE-2018-4939 | Adobe ColdFusion | Adobe ColdFusion Deserialization of Untrusted Data Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-502 → THR-006

EXP-KEV-1064Web Shell (T1505.003)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-017 — Web Shell
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'adobe coldfusion' (in 'Adobe ColdFusion') | CVE: CVE-2018-15961 | Adobe ColdFusion | Adobe ColdFusion Unrestricted File Upload Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-434 → THR-017

EXP-KEV-1068Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'mediatek' (in 'MediaTek Multiple Chipsets') | CVE: CVE-2020-0069 | MediaTek Multiple Chipsets | Mediatek Multiple Chipsets Insufficient Input Validation Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-1069Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'apache struts' (in 'Apache Struts') | CVE: CVE-2017-9805 | Apache Struts | Apache Struts Deserialization of Untrusted Data Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-502 → THR-006

EXP-KEV-1073Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'apache shiro' (in 'Apache Shiro') | CVE: CVE-2016-4437 | Apache Shiro | Apache Shiro Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: Product match: 'apache' → THR-006

EXP-KEV-1074Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'apache solr' (in 'Apache Solr') | CVE: CVE-2019-17558 | Apache Solr | Apache Solr VelocityResponseWriter Plug-In Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: Product match: 'apache' → THR-006

EXP-KEV-1075Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'apache struts' (in 'Apache Struts') | CVE: CVE-2020-17530 | Apache Struts | Apache Struts Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: Product match: 'apache' → THR-006

EXP-KEV-1077Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'apache struts' (in 'Apache Struts') | CVE: CVE-2018-11776 | Apache Struts | Apache Struts Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-1101Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'arcadyan' (in 'Arcadyan Buffalo Firmware') | CVE: CVE-2021-20090 | Arcadyan Buffalo Firmware | Arcadyan Buffalo Firmware Path Traversal Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Mapping: CWE mapping: CWE-22 → THR-006

EXP-KEV-1102Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'arm trusted firmware' (in 'Arm Trusted Firmware') | CVE: CVE-2021-27562 | Arm Trusted Firmware | Arm Trusted Firmware Out-of-Bounds Write Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-1103Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'arm mali' (in 'Arm Mali Graphics Processing Unit (GPU)') | CVE: CVE-2021-28664 | Arm Mali Graphics Processing Unit (GPU) | Arm Mali Graphics Processing Unit (GPU) Unspecified Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-1104Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'arm mali' (in 'Arm Mali Graphics Processing Unit (GPU)') | CVE: CVE-2021-28663 | Arm Mali Graphics Processing Unit (GPU) | Arm Mali Graphics Processing Unit (GPU) Use-After-Free Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-1109Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)') | CVE: CVE-2020-3452 | Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) | Cisco ASA and FTD Read-Only Path Traversal Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-1111Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco HyperFlex HX') | CVE: CVE-2021-1497 | Cisco HyperFlex HX | Cisco HyperFlex HX Installer Virtual Machine Command Injection Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-1112Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco HyperFlex HX') | CVE: CVE-2021-1498 | Cisco HyperFlex HX | Cisco HyperFlex HX Data Platform Command Injection Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-1113Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS and IOS XE') | CVE: CVE-2018-0171 | Cisco IOS and IOS XE | Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-1114External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-005 — External Remote Services
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS XR') | CVE: CVE-2020-3118 | Cisco IOS XR | Cisco IOS XR Software Discovery Protocol Format String Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: Product match: 'cisco ios' → THR-005

EXP-KEV-1115External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-005 — External Remote Services
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS XR') | CVE: CVE-2020-3566 | Cisco IOS XR | Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: Product match: 'cisco ios' → THR-005

EXP-KEV-1116External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-005 — External Remote Services
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco IOS XR') | CVE: CVE-2020-3569 | Cisco IOS XR | Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: Product match: 'cisco ios' → THR-005

EXP-KEV-1117Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco Cisco IP Phones') | CVE: CVE-2020-3161 | Cisco Cisco IP Phones | Cisco IP Phones Web Server Remote Code Execution and Denial-of-Service Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-1118External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-005 — External Remote Services
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco Small Business RV320 and RV325 Routers') | CVE: CVE-2019-1653 | Cisco Small Business RV320 and RV325 Routers | Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: Product match: 'vpn' → THR-005

EXP-KEV-1119Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco Adaptive Security Appliance (ASA)') | CVE: CVE-2018-0296 | Cisco Adaptive Security Appliance (ASA) | Cisco Adaptive Security Appliance (ASA) Denial-of-Service Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-1120External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-005 — External Remote Services
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'citrix' (in 'Citrix Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance') | CVE: CVE-2020-8193 | Citrix Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance | Citrix ADC, Gateway, and SD-WAN WANOP Appliance Authorization Bypass Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: Product match: 'citrix adc' → THR-005

EXP-KEV-1121Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'citrix' (in 'Citrix Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance') | CVE: CVE-2020-8195 | Citrix Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance | Citrix ADC, Gateway, and SD-WAN WANOP Appliance Information Disclosure Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-1122External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-005 — External Remote Services
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'citrix' (in 'Citrix Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance') | CVE: CVE-2020-8196 | Citrix Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance | Citrix ADC, Gateway, and SD-WAN WANOP Appliance Information Disclosure Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: Product match: 'citrix adc' → THR-005

EXP-KEV-1128Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'docker' (in 'Docker Desktop Community Edition') | CVE: CVE-2019-15752 | Docker Desktop Community Edition | Docker Desktop Community Edition Privilege Escalation Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: Product match: 'docker' → THR-006

EXP-KEV-1129Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'draytek' (in 'DrayTek Multiple Vigor Routers') | CVE: CVE-2020-8515 | DrayTek Multiple Vigor Routers | Multiple DrayTek Vigor Routers Web Management Page Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-1133Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'eyesofnetwork' (in 'EyesOfNetwork EyesOfNetwork') | CVE: CVE-2020-8655 | EyesOfNetwork EyesOfNetwork | EyesOfNetwork Improper Privilege Management Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-269 → THR-018

EXP-KEV-1141Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'freetype' (in 'Google Chrome FreeType') | CVE: CVE-2020-15999 | Google Chrome FreeType | Google Chrome FreeType Heap Buffer Overflow Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-1162Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'ibm' (in 'IBM Data Risk Manager') | CVE: CVE-2020-4430 | IBM Data Risk Manager | IBM Data Risk Manager Directory Traversal Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-22 → THR-006

EXP-KEV-1163Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-009 — Valid Accounts (Credential Reuse)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'ibm' (in 'IBM Data Risk Manager') | CVE: CVE-2020-4427 | IBM Data Risk Manager | IBM Data Risk Manager Security Bypass Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: Product match: 'saml' → THR-009

EXP-KEV-1164Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'ibm' (in 'IBM Data Risk Manager') | CVE: CVE-2020-4428 | IBM Data Risk Manager | IBM Data Risk Manager Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-1165Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'ibm' (in 'IBM Planning Analytics') | CVE: CVE-2019-4716 | IBM Planning Analytics | IBM Planning Analytics Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-94 → THR-010

EXP-KEV-1166Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'imagemagick' (in 'ImageMagick ImageMagick') | CVE: CVE-2016-3718 | ImageMagick ImageMagick | ImageMagick Server-Side Request Forgery (SSRF) Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-1167External Remote Services (T1133)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-005 — External Remote Services
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'ivanti' (in 'Ivanti MobileIron Multiple Products') | CVE: CVE-2020-15505 | Ivanti MobileIron Multiple Products | Ivanti MobileIron Multiple Products Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: Product match: 'ivanti' → THR-005

EXP-KEV-1168Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'liferay' (in 'Liferay Liferay Portal') | CVE: CVE-2020-7961 | Liferay Liferay Portal | Liferay Portal Deserialization of Untrusted Data Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-502 → THR-006

EXP-KEV-1169Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-009 — Valid Accounts (Credential Reuse)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'micro focus' (in 'Micro Focus Micro Focus Access Manager') | CVE: CVE-2021-22506 | Micro Focus Micro Focus Access Manager | Micro Focus Access Manager Information Leakage Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Mapping: Product match: 'saml' → THR-009

EXP-KEV-1170Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'micro focus' (in 'Micro Focus Operation Bridge Reporter (OBR)') | CVE: CVE-2021-22502 | Micro Focus Operation Bridge Reporter (OBR) | Micro Focus Operation Bridge Report (OBR) Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-1183Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'microsoft exchange' (in 'Microsoft Exchange Server') | CVE: CVE-2020-17144 | Microsoft Exchange Server | Microsoft Exchange Server Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-502 → THR-006

EXP-KEV-1197Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'microsoft hyper-v' (in 'Microsoft Hyper-V RemoteFX') | CVE: CVE-2020-1040 | Microsoft Hyper-V RemoteFX | Microsoft Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-1203Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'microsoft internet explorer' (in 'Microsoft Internet Explorer') | CVE: CVE-2018-8653 | Microsoft Internet Explorer | Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-1208Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'microsoft mscomctl' (in 'Microsoft MSCOMCTL.OCX') | CVE: CVE-2012-0158 | Microsoft MSCOMCTL.OCX | Microsoft MSCOMCTL.OCX Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-94 → THR-010

EXP-KEV-1212Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'microsoft internet explorer' (in 'Microsoft Internet Explorer') | CVE: CVE-2020-0674 | Microsoft Internet Explorer | Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-1216Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'microsoft internet explorer' (in 'Microsoft Internet Explorer') | CVE: CVE-2020-1380 | Microsoft Internet Explorer | Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-1217Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'microsoft internet explorer' (in 'Microsoft Internet Explorer') | CVE: CVE-2019-1429 | Microsoft Internet Explorer | Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-1219Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'microsoft internet explorer' (in 'Microsoft Internet Explorer') | CVE: CVE-2020-0968 | Microsoft Internet Explorer | Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-1229Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'visual studio' (in 'Microsoft .NET Framework, SharePoint, Visual Studio') | CVE: CVE-2020-1147 | Microsoft .NET Framework, SharePoint, Visual Studio | Microsoft .NET Framework, SharePoint, and Visual Studio Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: Product match: 'sharepoint' → THR-006

EXP-KEV-1234Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'mozilla' (in 'Mozilla Firefox and Thunderbird') | CVE: CVE-2020-6819 | Mozilla Firefox and Thunderbird | Mozilla Firefox And Thunderbird Use-After-Free Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-1235Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-004 — Drive-By Compromise
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'mozilla' (in 'Mozilla Firefox and Thunderbird') | CVE: CVE-2020-6820 | Mozilla Firefox and Thunderbird | Mozilla Firefox And Thunderbird Use-After-Free Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: Product match: 'firefox' → THR-004

EXP-KEV-1236Drive-By Compromise (T1189)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-004 — Drive-By Compromise
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'mozilla' (in 'Mozilla Firefox and Thunderbird') | CVE: CVE-2019-17026 | Mozilla Firefox and Thunderbird | Mozilla Firefox And Thunderbird Type Confusion Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: Product match: 'firefox' → THR-004

EXP-KEV-1237Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'nagios' (in 'Nagios Nagios XI') | CVE: CVE-2019-15949 | Nagios Nagios XI | Nagios XI Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-1238Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'netis' (in 'Netis WF2419 Devices') | CVE: CVE-2019-19356 | Netis WF2419 Devices | Netis WF2419 Devices Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-1239Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'oracle' (in 'Oracle Multiple Products') | CVE: CVE-2020-2555 | Oracle Multiple Products | Oracle Multiple Products Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-502 → THR-006

EXP-KEV-1240Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'oracle' (in 'Oracle Solaris and Zettabyte File System (ZFS)') | CVE: CVE-2020-14871 | Oracle Solaris and Zettabyte File System (ZFS) | Oracle Solaris and Zettabyte File System (ZFS) Unspecified Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-1241Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'oracle' (in 'Oracle WebLogic Server') | CVE: CVE-2015-4852 | Oracle WebLogic Server | Oracle WebLogic Server Deserialization of Untrusted Data Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-502 → THR-006

EXP-KEV-1242Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'playsms' (in 'PlaySMS PlaySMS') | CVE: CVE-2020-8644 | PlaySMS PlaySMS | PlaySMS Server-Side Template Injection Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-94 → THR-010

EXP-KEV-1245Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'ivanti' (in 'Ivanti Pulse Connect Secure') | CVE: CVE-2020-8243 | Ivanti Pulse Connect Secure | Ivanti Pulse Connect Secure Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-94 → THR-010

EXP-KEV-1246Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'ivanti' (in 'Ivanti Pulse Connect Secure') | CVE: CVE-2021-22900 | Ivanti Pulse Connect Secure | Ivanti Pulse Connect Secure Unrestricted File Upload Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-94 → THR-010

EXP-KEV-1247Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'ivanti' (in 'Ivanti Pulse Connect Secure') | CVE: CVE-2021-22894 | Ivanti Pulse Connect Secure | Ivanti Pulse Connect Secure Collaboration Suite Buffer Overflow Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-94 → THR-010

EXP-KEV-1248Web Shell (T1505.003)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-017 — Web Shell
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'ivanti' (in 'Ivanti Pulse Connect Secure') | CVE: CVE-2020-8260 | Ivanti Pulse Connect Secure | Ivanti Pulse Connect Secure Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-434 → THR-017

EXP-KEV-1249Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'ivanti' (in 'Ivanti Pulse Connect Secure') | CVE: CVE-2021-22899 | Ivanti Pulse Connect Secure | Ivanti Pulse Connect Secure Command Injection Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-77 → THR-010

EXP-KEV-1252Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'qualcomm' (in 'Qualcomm Multiple Chipsets') | CVE: CVE-2021-1905 | Qualcomm Multiple Chipsets | Qualcomm Multiple Chipsets Use-After-Free Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-416 → THR-018

EXP-KEV-1253Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'rconfig' (in 'rConfig rConfig') | CVE: CVE-2020-10221 | rConfig rConfig | rConfig OS Command Injection Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-1254Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'realtek' (in 'Realtek AP-Router SDK') | CVE: CVE-2021-35395 | Realtek AP-Router SDK | Realtek AP-Router SDK Buffer Overflow Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-1255Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'saltstack' (in 'SaltStack Salt') | CVE: CVE-2020-11652 | SaltStack Salt | SaltStack Salt Path Traversal Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-22 → THR-006

EXP-KEV-1256Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'saltstack' (in 'SaltStack Salt') | CVE: CVE-2020-16846 | SaltStack Salt | SaltStack Salt Shell Injection Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-1258Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'sap' (in 'SAP NetWeaver') | CVE: CVE-2016-3976 | SAP NetWeaver | SAP NetWeaver Directory Traversal Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-22 → THR-006

EXP-KEV-1265Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'sumavision' (in 'Sumavision Enhanced Multimedia Router (EMR)') | CVE: CVE-2020-10181 | Sumavision Enhanced Multimedia Router (EMR) | Sumavision EMR Cross-Site Request Forgery (CSRF) Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-352 → THR-006

EXP-KEV-1266Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'symantec' (in 'Symantec Symantec Messaging Gateway') | CVE: CVE-2017-6327 | Symantec Symantec Messaging Gateway | Symantec Messaging Gateway Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-1267Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'tenda' (in 'Tenda AC11 Router') | CVE: CVE-2021-31755 | Tenda AC11 Router | Tenda AC11 Router Stack Buffer Overflow Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Mapping: CWE mapping: CWE-787 → THR-018

EXP-KEV-1268Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'tenda' (in 'Tenda AC1900 Router AC15 Model') | CVE: CVE-2020-10987 | Tenda AC1900 Router AC15 Model | Tenda AC1900 Router AC15 Model Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-1269Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'tenda' (in 'Tenda AC7, AC9, and AC10 Routers') | CVE: CVE-2018-14558 | Tenda AC7, AC9, and AC10 Routers | Tenda AC7, AC9, and AC10 Routers Command Injection Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-1270Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'php' (in 'ThinkPHP noneCms') | CVE: CVE-2018-20062 | ThinkPHP noneCms | ThinkPHP "noneCms" Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-1271Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'php' (in 'ThinkPHP ThinkPHP') | CVE: CVE-2019-9082 | ThinkPHP ThinkPHP | ThinkPHP Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-94 → THR-010

EXP-KEV-1272Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'trend micro' (in 'Trend Micro OfficeScan') | CVE: CVE-2019-18187 | Trend Micro OfficeScan | Trend Micro OfficeScan Directory Traversal Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-22 → THR-006

EXP-KEV-1273User Execution (T1204)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-012 — User Execution
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'trend micro' (in 'Trend Micro Apex One and OfficeScan') | CVE: CVE-2020-8467 | Trend Micro Apex One and OfficeScan | Trend Micro Apex One and OfficeScan Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: Product match: 'office' → THR-012

EXP-KEV-1274User Execution (T1204)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-012 — User Execution
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'trend micro' (in 'Trend Micro Apex One, OfficeScan and Worry-Free Business Security Agents') | CVE: CVE-2020-8468 | Trend Micro Apex One, OfficeScan and Worry-Free Business Security Agents | Trend Micro Multiple Products Content Validation Escape Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: Product match: 'office' → THR-012

EXP-KEV-1275User Execution (T1204)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-012 — User Execution
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'trend micro' (in 'Trend Micro Apex One, OfficeScan, and Worry-Free Business Security') | CVE: CVE-2020-24557 | Trend Micro Apex One, OfficeScan, and Worry-Free Business Security | Trend Micro Multiple Products Improper Access Control Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: Product match: 'office' → THR-012

EXP-KEV-1276User Execution (T1204)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-012 — User Execution
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'trend micro' (in 'Trend Micro Apex One and OfficeScan') | CVE: CVE-2020-8599 | Trend Micro Apex One and OfficeScan | Trend Micro Apex One and OfficeScan Authentication Bypass Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: Product match: 'office' → THR-012

EXP-KEV-1277Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'trend micro' (in 'Trend Micro Apex One, Apex One as a Service, and Worry-Free Business Security') | CVE: CVE-2021-36742 | Trend Micro Apex One, Apex One as a Service, and Worry-Free Business Security | Trend Micro Multiple Products Improper Input Validation Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Mapping: CWE mapping: CWE-20 → THR-006

EXP-KEV-1278Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'trend micro' (in 'Trend Micro Apex One, Apex One as a Service, and Worry-Free Business Security') | CVE: CVE-2021-36741 | Trend Micro Apex One, Apex One as a Service, and Worry-Free Business Security | Trend Micro Multiple Products Improper Input Validation Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Mapping: CWE mapping: CWE-22 → THR-006

EXP-KEV-1279Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'tvt nvms' (in 'TVT NVMS-1000') | CVE: CVE-2019-20085 | TVT NVMS-1000 | TVT NVMS-1000 Directory Traversal Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-22 → THR-006

EXP-KEV-1280Valid Accounts (Credential Reuse) (T1078)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-009 — Valid Accounts (Credential Reuse)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'unraid' (in 'Unraid Unraid') | CVE: CVE-2020-5849 | Unraid Unraid | Unraid Authentication Bypass Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-287 → THR-009

EXP-KEV-1281Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'unraid' (in 'Unraid Unraid') | CVE: CVE-2020-5847 | Unraid Unraid | Unraid Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: Product match: 'php' → THR-006

EXP-KEV-1282Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'vbulletin' (in 'vBulletin vBulletin') | CVE: CVE-2019-16759 | vBulletin vBulletin | vBulletin PHP Module Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-94 → THR-010

EXP-KEV-1283Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'vbulletin' (in 'vBulletin vBulletin') | CVE: CVE-2020-17496 | vBulletin vBulletin | vBulletin PHP Module Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: Product match: 'php' → THR-006

EXP-KEV-1286Exploitation for Privilege Escalation (T1068)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-018 — Exploitation for Privilege Escalation
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'vmware' (in 'VMware Multiple Products') | CVE: CVE-2020-3950 | VMware Multiple Products | VMware Multiple Products Privilege Escalation Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-269 → THR-018

EXP-KEV-1288Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'vmware' (in 'VMware Multiple Products') | CVE: CVE-2020-4006 | VMware Multiple Products | Multiple VMware Products Command Injection Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-1289Web Shell (T1505.003)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-017 — Web Shell
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'wordpress' (in 'WordPress File Manager Plugin') | CVE: CVE-2020-25213 | WordPress File Manager Plugin | WordPress File Manager Plugin Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-434 → THR-017

EXP-KEV-1290Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'wordpress' (in 'WordPress Snap Creek Duplicator Plugin') | CVE: CVE-2020-11738 | WordPress Snap Creek Duplicator Plugin | WordPress Snap Creek Duplicator Plugin File Download Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-22 → THR-006

EXP-KEV-1291Cross-Site Scripting (XSS) (T1190 (Web))HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-060 — Cross-Site Scripting (XSS)
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'wordpress' (in 'WordPress Social Warfare Plugin') | CVE: CVE-2019-9978 | WordPress Social Warfare Plugin | WordPress Social Warfare Plugin Cross-Site Scripting (XSS) Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-79 → THR-060

EXP-KEV-1292Command and Scripting Interpreter (T1059)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-010 — Command and Scripting Interpreter
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'yealink' (in 'Yealink Device Management') | CVE: CVE-2021-27561 | Yealink Device Management | Yealink Device Management Server-Side Request Forgery (SSRF) Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Mapping: CWE mapping: CWE-78 → THR-010

EXP-KEV-1293Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'zoho' (in 'Zoho ManageEngine') | CVE: CVE-2020-10189 | Zoho ManageEngine | Zoho ManageEngine Desktop Central File Upload Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-502 → THR-006

EXP-KEV-1294Web Shell (T1505.003)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-017 — Web Shell
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'zoho' (in 'Zoho ManageEngine') | CVE: CVE-2019-8394 | Zoho ManageEngine | Zoho ManageEngine ServiceDesk Plus (SDP) File Upload Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Mapping: CWE mapping: CWE-434 → THR-017

EXP-KEV-1296Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'arista' (in 'Arista Extensible Operating System') | CVE: CVE-2026-7473 | Arista Extensible Operating System | Arista Extensible Operating System Incomplete Comparison with Missing Factors Vulnerability | KEV added: 2026-06-09 | KEV due: 2026-06-23 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1297Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco Catalyst SD-WAN Manager') | CVE: CVE-2026-20245 | Cisco Catalyst SD-WAN Manager | Cisco Catalyst SD-WAN Manager Improper Encoding or Escaping of Output Vulnerability | KEV added: 2026-06-09 | KEV due: 2026-06-23 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1298Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'solarwinds' (in 'SolarWinds Serv-U') | CVE: CVE-2026-28318 | SolarWinds Serv-U | SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability | KEV added: 2026-06-05 | KEV due: 2026-06-19 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1299Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'oracle' (in 'Oracle WebLogic Server') | CVE: CVE-2024-21182 | Oracle WebLogic Server | Oracle WebLogic Server Unspecified Vulnerability | KEV added: 2026-06-01 | KEV due: 2026-06-04 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1302Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'daemon tools' (in 'Daemon Daemon Tools Lite') | CVE: CVE-2026-8398 | Daemon Daemon Tools Lite | Daemon Tools Lite Embedded Malicious Code Vulnerability | KEV added: 2026-05-27 | KEV due: 2026-05-30 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1303Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'litespeed' (in 'LiteSpeed cPanel Plugin') | CVE: CVE-2026-48172 | LiteSpeed cPanel Plugin | LiteSpeed cPanel Plugin Privilege Escalation Vulnerability | KEV added: 2026-05-26 | KEV due: 2026-05-29 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1304Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'langflow' (in 'Langflow Langflow') | CVE: CVE-2025-34291 | Langflow Langflow | Langflow Origin Validation Error Vulnerability | KEV added: 2026-05-21 | KEV due: 2026-06-04 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1305Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'trend micro' (in 'Trend Micro Apex One') | CVE: CVE-2026-34926 | Trend Micro Apex One | Trend Micro Apex One (On-Premise) Directory Traversal Vulnerability | KEV added: 2026-05-21 | KEV due: 2026-06-04 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1307Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'microsoft internet explorer' (in 'Microsoft Internet Explorer') | CVE: CVE-2010-0806 | Microsoft Internet Explorer | Microsoft Internet Explorer Use-After-Free Vulnerability | KEV added: 2026-05-20 | KEV due: 2026-06-03 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1310Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'marimo' (in 'Marimo Marimo') | CVE: CVE-2026-39987 | Marimo Marimo | Marimo Remote Code Execution Vulnerability | KEV added: 2026-04-23 | KEV due: 2026-05-07 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1312Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco Catalyst SD-WAN Manger') | CVE: CVE-2026-20122 | Cisco Catalyst SD-WAN Manger | Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability | KEV added: 2026-04-20 | KEV due: 2026-04-23 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1313Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco Catalyst SD-WAN Manager') | CVE: CVE-2026-20133 | Cisco Catalyst SD-WAN Manager | Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability | KEV added: 2026-04-20 | KEV due: 2026-04-23 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1314Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco Catalyst SD-WAN Manager') | CVE: CVE-2026-20128 | Cisco Catalyst SD-WAN Manager | Cisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format Vulnerability | KEV added: 2026-04-20 | KEV due: 2026-04-23 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1318Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'trueconf' (in 'TrueConf Client') | CVE: CVE-2026-3502 | TrueConf Client | TrueConf Client Download of Code Without Integrity Check Vulnerability | KEV added: 2026-04-02 | KEV due: 2026-04-16 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1319Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'f5' (in 'F5 BIG-IP') | CVE: CVE-2025-53521 | F5 BIG-IP | F5 BIG-IP Stack-Based Buffer Overflow Vulnerability | KEV added: 2026-03-27 | KEV due: 2026-03-30 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1320Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'aquasecurity' (in 'Aquasecurity Trivy') | CVE: CVE-2026-33634 | Aquasecurity Trivy | Aquasecurity Trivy Embedded Malicious Code Vulnerability | KEV added: 2026-03-26 | KEV due: 2026-04-09 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1321Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'wing' (in 'Wing FTP Server Wing FTP Server') | CVE: CVE-2025-47813 | Wing FTP Server Wing FTP Server | Wing FTP Server Information Disclosure Vulnerability | KEV added: 2026-03-16 | KEV due: 2026-03-30 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1322Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'n8n' (in 'n8n n8n') | CVE: CVE-2025-68613 | n8n n8n | n8n Improper Control of Dynamically-Managed Code Resources Vulnerability | KEV added: 2026-03-11 | KEV due: 2026-03-25 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1323Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'rockwell' (in 'Rockwell Multiple Products') | CVE: CVE-2021-22681 | Rockwell Multiple Products | Rockwell Multiple Products Insufficient Protected Credentials Vulnerability | KEV added: 2026-03-05 | KEV due: 2026-03-26 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1324Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'qualcomm' (in 'Qualcomm Multiple Chipsets') | CVE: CVE-2026-21385 | Qualcomm Multiple Chipsets | Qualcomm Multiple Chipsets Memory Corruption Vulnerability | KEV added: 2026-03-03 | KEV due: 2026-03-24 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1325Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco SD-WAN') | CVE: CVE-2022-20775 | Cisco SD-WAN | Cisco SD-WAN Path Traversal Vulnerability | KEV added: 2026-02-25 | KEV due: 2026-02-27 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1326Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'dell' (in 'Dell RecoverPoint for Virtual Machines (RP4VMs)') | CVE: CVE-2026-22769 | Dell RecoverPoint for Virtual Machines (RP4VMs) | Dell RecoverPoint for Virtual Machines (RP4VMs) Use of Hard-coded Credentials Vulnerability | KEV added: 2026-02-18 | KEV due: 2026-02-21 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1327Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'notepad++' (in 'Notepad++ Notepad++') | CVE: CVE-2025-15556 | Notepad++ Notepad++ | Notepad++ Download of Code Without Integrity Check Vulnerability | KEV added: 2026-02-12 | KEV due: 2026-03-05 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1328Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'solarwinds' (in 'SolarWinds Web Help Desk') | CVE: CVE-2025-40536 | SolarWinds Web Help Desk | SolarWinds Web Help Desk Security Control Bypass Vulnerability | KEV added: 2026-02-12 | KEV due: 2026-02-15 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1331Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'gnu' (in 'GNU InetUtils') | CVE: CVE-2026-24061 | GNU InetUtils | GNU InetUtils Argument Injection Vulnerability | KEV added: 2026-01-26 | KEV due: 2026-02-16 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1332Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'versa' (in 'Versa Concerto') | CVE: CVE-2025-34026 | Versa Concerto | Versa Concerto Improper Authentication Vulnerability | KEV added: 2026-01-22 | KEV due: 2026-02-12 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1333Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'vitejs' (in 'Vite Vitejs') | CVE: CVE-2025-31125 | Vite Vitejs | Vite Vitejs Improper Access Control Vulnerability | KEV added: 2026-01-22 | KEV due: 2026-02-12 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1334Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'asus' (in 'ASUS Live Update') | CVE: CVE-2025-59374 | ASUS Live Update | ASUS Live Update Embedded Malicious Code Vulnerability | KEV added: 2025-12-17 | KEV due: 2026-01-07 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1335Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'gladinet' (in 'Gladinet CentreStack and Triofox') | CVE: CVE-2025-14611 | Gladinet CentreStack and Triofox | Gladinet CentreStack and Triofox Hard Coded Cryptographic Vulnerability | KEV added: 2025-12-15 | KEV due: 2026-01-05 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1336Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'osgeo' (in 'OSGeo GeoServer') | CVE: CVE-2025-58360 | OSGeo GeoServer | OSGeo GeoServer Improper Restriction of XML External Entity Reference Vulnerability | KEV added: 2025-12-11 | KEV due: 2026-01-01 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1339Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'oracle' (in 'Oracle Fusion Middleware') | CVE: CVE-2025-61757 | Oracle Fusion Middleware | Oracle Fusion Middleware Missing Authentication for Critical Function Vulnerability | KEV added: 2025-11-21 | KEV due: 2025-12-12 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1341Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'gladinet' (in 'Gladinet Triofox') | CVE: CVE-2025-12480 | Gladinet Triofox | Gladinet Triofox Improper Access Control Vulnerability | KEV added: 2025-11-12 | KEV due: 2025-12-03 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1342Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'gladinet' (in 'Gladinet CentreStack and Triofox') | CVE: CVE-2025-11371 | Gladinet CentreStack and Triofox | Gladinet CentreStack and Triofox Files or Directories Accessible to External Parties Vulnerability | KEV added: 2025-11-04 | KEV due: 2025-11-25 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1343Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'broadcom' (in 'Broadcom VMware Aria Operations and VMware Tools') | CVE: CVE-2025-41244 | Broadcom VMware Aria Operations and VMware Tools | Broadcom VMware Aria Operations and VMware Tools Privilege Defined with Unsafe Actions Vulnerability | KEV added: 2025-10-30 | KEV due: 2025-11-20 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1344Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'xwiki' (in 'XWiki Platform') | CVE: CVE-2025-24893 | XWiki Platform | XWiki Platform Eval Injection Vulnerability | KEV added: 2025-10-30 | KEV due: 2025-11-20 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1345Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'motex' (in 'Motex LANSCOPE Endpoint Manager') | CVE: CVE-2025-61932 | Motex LANSCOPE Endpoint Manager | Motex LANSCOPE Endpoint Manager Improper Verification of Source of a Communication Channel Vulnerability | KEV added: 2025-10-22 | KEV due: 2025-11-12 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1346Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'kentico' (in 'Kentico Xperience CMS') | CVE: CVE-2025-2746 | Kentico Xperience CMS | Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability | KEV added: 2025-10-20 | KEV due: 2025-11-10 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1347Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'kentico' (in 'Kentico Xperience CMS') | CVE: CVE-2025-2747 | Kentico Xperience CMS | Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability | KEV added: 2025-10-20 | KEV due: 2025-11-10 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1348Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'adobe experience manager' (in 'Adobe Experience Manager (AEM) Forms') | CVE: CVE-2025-54253 | Adobe Experience Manager (AEM) Forms | Adobe Experience Manager Forms Code Execution Vulnerability | KEV added: 2025-10-15 | KEV due: 2025-11-05 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1349Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'microsoft internet explorer' (in 'Microsoft Internet Explorer') | CVE: CVE-2010-3962 | Microsoft Internet Explorer | Microsoft Internet Explorer Uninitialized Memory Corruption Vulnerability | KEV added: 2025-10-06 | KEV due: 2025-10-27 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1351Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'sudo' (in 'Sudo Sudo') | CVE: CVE-2025-32463 | Sudo Sudo | Sudo Inclusion of Functionality from Untrusted Control Sphere Vulnerability | KEV added: 2025-09-29 | KEV due: 2025-10-20 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1353Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'tp-link' (in 'TP-Link TL-WR841N') | CVE: CVE-2023-50224 | TP-Link TL-WR841N | TP-Link TL-WR841N Authentication Bypass by Spoofing Vulnerability | KEV added: 2025-09-03 | KEV due: 2025-09-24 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1354Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'tp-link' (in 'TP-Link TL-WA855RE') | CVE: CVE-2020-24363 | TP-Link TL-WA855RE | TP-link TL-WA855RE Missing Authentication for Critical Function Vulnerability | KEV added: 2025-09-02 | KEV due: 2025-09-23 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1355Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'git git' (in 'Git Git') | CVE: CVE-2025-48384 | Git Git | Git Link Following Vulnerability | KEV added: 2025-08-25 | KEV due: 2025-09-15 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1356Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'n-able' (in 'N-able N-Central') | CVE: CVE-2025-8876 | N-able N-Central | N-able N-Central Command Injection Vulnerability | KEV added: 2025-08-13 | KEV due: 2025-08-20 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1357Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'n-able' (in 'N-able N-Central') | CVE: CVE-2025-8875 | N-able N-Central | N-able N-Central Insecure Deserialization Vulnerability | KEV added: 2025-08-13 | KEV due: 2025-08-20 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1358Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'microsoft internet explorer' (in 'Microsoft Internet Explorer') | CVE: CVE-2013-3893 | Microsoft Internet Explorer | Microsoft Internet Explorer Resource Management Errors Vulnerability | KEV added: 2025-08-12 | KEV due: 2025-09-02 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1361Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco Identity Services Engine') | CVE: CVE-2025-20337 | Cisco Identity Services Engine | Cisco Identity Services Engine Injection Vulnerability | KEV added: 2025-07-28 | KEV due: 2025-08-18 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1362Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco Identity Services Engine') | CVE: CVE-2025-20281 | Cisco Identity Services Engine | Cisco Identity Services Engine Injection Vulnerability | KEV added: 2025-07-28 | KEV due: 2025-08-18 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1363Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'sysaid' (in 'SysAid SysAid On-Prem') | CVE: CVE-2025-2775 | SysAid SysAid On-Prem | SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability | KEV added: 2025-07-22 | KEV due: 2025-08-12 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1364Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'sysaid' (in 'SysAid SysAid On-Prem') | CVE: CVE-2025-2776 | SysAid SysAid On-Prem | SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability | KEV added: 2025-07-22 | KEV due: 2025-08-12 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1365Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'crushftp' (in 'CrushFTP CrushFTP') | CVE: CVE-2025-54309 | CrushFTP CrushFTP | CrushFTP Unprotected Alternate Channel Vulnerability | KEV added: 2025-07-22 | KEV due: 2025-08-12 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1366Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'wing' (in 'Wing FTP Server Wing FTP Server') | CVE: CVE-2025-47812 | Wing FTP Server Wing FTP Server | Wing FTP Server Improper Neutralization of Null Byte or NUL Character Vulnerability | KEV added: 2025-07-14 | KEV due: 2025-08-04 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1367Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'telemessage' (in 'TeleMessage TM SGNL') | CVE: CVE-2025-48928 | TeleMessage TM SGNL | TeleMessage TM SGNL Exposure of Core Dump File to an Unauthorized Control Sphere Vulnerability | KEV added: 2025-07-01 | KEV due: 2025-07-22 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1368Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'ami megarac' (in 'AMI MegaRAC SPx') | CVE: CVE-2024-54085 | AMI MegaRAC SPx | AMI MegaRAC SPx Authentication Bypass by Spoofing Vulnerability | KEV added: 2025-06-25 | KEV due: 2025-07-16 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1369Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'erlang' (in 'Erlang Erlang/OTP') | CVE: CVE-2025-32433 | Erlang Erlang/OTP | Erlang Erlang/OTP SSH Server Missing Authentication for Critical Function Vulnerability | KEV added: 2025-06-09 | KEV due: 2025-06-30 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1370Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'telemessage' (in 'TeleMessage TM SGNL') | CVE: CVE-2025-47729 | TeleMessage TM SGNL | TeleMessage TM SGNL Hidden Functionality Vulnerability | KEV added: 2025-05-12 | KEV due: 2025-06-02 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1371Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'langflow' (in 'Langflow Langflow') | CVE: CVE-2025-3248 | Langflow Langflow | Langflow Missing Authentication Vulnerability | KEV added: 2025-05-05 | KEV due: 2025-05-26 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1372Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'yiiframework' (in 'Yiiframework Yii') | CVE: CVE-2024-58136 | Yiiframework Yii | Yiiframework Yii Improper Protection of Alternate Path Vulnerability | KEV added: 2025-05-02 | KEV due: 2025-05-23 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1373Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'qualitia' (in 'Qualitia Active! Mail') | CVE: CVE-2025-42599 | Qualitia Active! Mail | Qualitia Active! Mail Stack-Based Buffer Overflow Vulnerability | KEV added: 2025-04-28 | KEV due: 2025-05-19 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1374Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'gladinet' (in 'Gladinet CentreStack') | CVE: CVE-2025-30406 | Gladinet CentreStack | Gladinet CentreStack and Triofox Use of Hard-coded Cryptographic Key Vulnerability | KEV added: 2025-04-08 | KEV due: 2025-04-29 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1376Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco Smart Licensing Utility') | CVE: CVE-2024-20439 | Cisco Smart Licensing Utility | Cisco Smart Licensing Utility Static Credential Vulnerability | KEV added: 2025-03-31 | KEV due: 2025-04-21 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1377Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'reviewdog' (in 'reviewdog action-setup GitHub Action') | CVE: CVE-2025-30154 | reviewdog action-setup GitHub Action | reviewdog/action-setup GitHub Action Embedded Malicious Code Vulnerability | KEV added: 2025-03-24 | KEV due: 2025-04-14 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1378Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'nakivo' (in 'NAKIVO Backup and Replication') | CVE: CVE-2024-48248 | NAKIVO Backup and Replication | NAKIVO Backup and Replication Absolute Path Traversal Vulnerability | KEV added: 2025-03-19 | KEV due: 2025-04-09 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1379Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'tj-actions' (in 'tj-actions changed-files GitHub Action') | CVE: CVE-2025-30066 | tj-actions changed-files GitHub Action | tj-actions/changed-files GitHub Action Embedded Malicious Code Vulnerability | KEV added: 2025-03-18 | KEV due: 2025-04-08 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1380Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'juniper' (in 'Juniper Junos OS') | CVE: CVE-2025-21590 | Juniper Junos OS | Juniper Junos OS Improper Isolation or Compartmentalization Vulnerability | KEV added: 2025-03-13 | KEV due: 2025-04-03 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1382Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'vmware' (in 'VMware ESXi and Workstation') | CVE: CVE-2025-22224 | VMware ESXi and Workstation | VMware ESXi and Workstation TOCTOU Race Condition Vulnerability | KEV added: 2025-03-04 | KEV due: 2025-03-25 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1383Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'hitachi' (in 'Hitachi Vantara Pentaho Business Analytics (BA) Server') | CVE: CVE-2022-43939 | Hitachi Vantara Pentaho Business Analytics (BA) Server | Hitachi Vantara Pentaho BA Server Authorization Bypass Vulnerability | KEV added: 2025-03-03 | KEV due: 2025-03-24 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1384Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'microsoft power pages' (in 'Microsoft Power Pages') | CVE: CVE-2025-24989 | Microsoft Power Pages | Microsoft Power Pages Improper Access Control Vulnerability | KEV added: 2025-02-21 | KEV due: 2025-03-14 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1385Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'mitel' (in 'Mitel SIP Phones') | CVE: CVE-2024-41710 | Mitel SIP Phones | Mitel SIP Phones Argument Injection Vulnerability | KEV added: 2025-02-12 | KEV due: 2025-03-05 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1386Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'sophos' (in 'Sophos XG Firewall') | CVE: CVE-2020-15069 | Sophos XG Firewall | Sophos XG Firewall Buffer Overflow Vulnerability | KEV added: 2025-02-06 | KEV due: 2025-02-27 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1387Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'audinate' (in 'Audinate Dante Discovery') | CVE: CVE-2022-23748 | Audinate Dante Discovery | Dante Discovery Process Control Vulnerability | KEV added: 2025-02-06 | KEV due: 2025-02-27 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1388Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched '7-zip' (in '7-Zip 7-Zip') | CVE: CVE-2025-0411 | 7-Zip 7-Zip | 7-Zip Mark of the Web Bypass Vulnerability | KEV added: 2025-02-06 | KEV due: 2025-02-27 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1389Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'paessler' (in 'Paessler PRTG Network Monitor') | CVE: CVE-2018-19410 | Paessler PRTG Network Monitor | Paessler PRTG Network Monitor Local File Inclusion Vulnerability | KEV added: 2025-02-04 | KEV due: 2025-02-25 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1392Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'oracle' (in 'Oracle WebLogic Server') | CVE: CVE-2020-2883 | Oracle WebLogic Server | Oracle WebLogic Server Unspecified Vulnerability | KEV added: 2025-01-07 | KEV due: 2025-01-28 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1393Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'acclaim' (in 'Acclaim Systems USAHERDS') | CVE: CVE-2021-44207 | Acclaim Systems USAHERDS | Acclaim Systems USAHERDS Use of Hard-Coded Credentials Vulnerability | KEV added: 2024-12-23 | KEV due: 2025-01-13 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1394Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'nuuo' (in 'NUUO NVRmini2 Devices') | CVE: CVE-2022-23227 | NUUO NVRmini2 Devices | NUUO NVRmini2 Devices Missing Authentication Vulnerability | KEV added: 2024-12-18 | KEV due: 2025-01-08 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1395Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'adobe coldfusion' (in 'Adobe ColdFusion') | CVE: CVE-2024-20767 | Adobe ColdFusion | Adobe ColdFusion Improper Access Control Vulnerability | KEV added: 2024-12-16 | KEV due: 2025-01-06 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1397Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'north grid' (in 'North Grid Proself') | CVE: CVE-2023-45727 | North Grid Proself | North Grid Proself Improper Restriction of XML External Entity (XXE) Reference Vulnerability | KEV added: 2024-12-03 | KEV due: 2024-12-24 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1398Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'vmware' (in 'VMware vCenter Server') | CVE: CVE-2024-38813 | VMware vCenter Server | VMware vCenter Server Privilege Escalation Vulnerability | KEV added: 2024-11-20 | KEV due: 2024-12-11 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1399Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'vmware' (in 'VMware vCenter Server') | CVE: CVE-2024-38812 | VMware vCenter Server | VMware vCenter Server Heap-Based Buffer Overflow Vulnerability | KEV added: 2024-11-20 | KEV due: 2024-12-11 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1400Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'meta' (in 'Metabase Metabase') | CVE: CVE-2021-41277 | Metabase Metabase | Metabase GeoJSON API Local File Inclusion Vulnerability | KEV added: 2024-11-12 | KEV due: 2024-12-03 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1402Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'sciencelogic' (in 'ScienceLogic SL1') | CVE: CVE-2024-9537 | ScienceLogic SL1 | ScienceLogic SL1 Unspecified Vulnerability | KEV added: 2024-10-21 | KEV due: 2024-11-11 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1403Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'solarwinds' (in 'SolarWinds Web Help Desk') | CVE: CVE-2024-28987 | SolarWinds Web Help Desk | SolarWinds Web Help Desk Hardcoded Credential Vulnerability | KEV added: 2024-10-15 | KEV due: 2024-11-05 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1404Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'synacor' (in 'Synacor Zimbra Collaboration Suite (ZCS)') | CVE: CVE-2024-45519 | Synacor Zimbra Collaboration Suite (ZCS) | Synacor Zimbra Collaboration Suite (ZCS) Command Execution Vulnerability | KEV added: 2024-10-03 | KEV due: 2024-10-24 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1405Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'oracle' (in 'Oracle WebLogic Server') | CVE: CVE-2020-14644 | Oracle WebLogic Server | Oracle WebLogic Server Remote Code Execution Vulnerability | KEV added: 2024-09-18 | KEV due: 2024-10-09 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1407Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'acronis' (in 'Acronis Cyber Infrastructure (ACI)') | CVE: CVE-2023-45249 | Acronis Cyber Infrastructure (ACI) | Acronis Cyber Infrastructure (ACI) Insecure Default Password Vulnerability | KEV added: 2024-07-29 | KEV due: 2024-08-19 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1408Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'servicenow' (in 'ServiceNow Utah, Vancouver, and Washington DC Now Platform') | CVE: CVE-2024-5217 | ServiceNow Utah, Vancouver, and Washington DC Now Platform | ServiceNow Incomplete List of Disallowed Inputs Vulnerability | KEV added: 2024-07-29 | KEV due: 2024-08-19 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1409Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'servicenow' (in 'ServiceNow Utah, Vancouver, and Washington DC Now Platform') | CVE: CVE-2024-4879 | ServiceNow Utah, Vancouver, and Washington DC Now Platform | ServiceNow Improper Input Validation Vulnerability | KEV added: 2024-07-29 | KEV due: 2024-08-19 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1410Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'twilio' (in 'Twilio Authy') | CVE: CVE-2024-39891 | Twilio Authy | Twilio Authy Information Disclosure Vulnerability | KEV added: 2024-07-23 | KEV due: 2024-08-13 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1411Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'vmware' (in 'VMware vCenter Server') | CVE: CVE-2022-22948 | VMware vCenter Server | VMware vCenter Server Incorrect Default File Permissions Vulnerability | KEV added: 2024-07-17 | KEV due: 2024-08-07 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1412Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'osgeo' (in 'OSGeo GeoServer') | CVE: CVE-2024-36401 | OSGeo GeoServer | OSGeo GeoServer GeoTools Eval Injection Vulnerability | KEV added: 2024-07-15 | KEV due: 2024-08-05 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1413Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'rejetto' (in 'Rejetto HTTP File Server') | CVE: CVE-2024-23692 | Rejetto HTTP File Server | Rejetto HTTP File Server Improper Neutralization of Special Elements Used in a Template Engine Vulnerability | KEV added: 2024-07-09 | KEV due: 2024-07-30 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1414Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'roundcube' (in 'Roundcube Webmail') | CVE: CVE-2020-13965 | Roundcube Webmail | Roundcube Webmail Cross-Site Scripting (XSS) Vulnerability | KEV added: 2024-06-26 | KEV due: 2024-07-17 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1415Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'progress' (in 'Progress Telerik Report Server') | CVE: CVE-2024-4358 | Progress Telerik Report Server | Progress Telerik Report Server Authentication Bypass by Spoofing Vulnerability | KEV added: 2024-06-13 | KEV due: 2024-07-04 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1416Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'justice av' (in 'Justice AV Solutions Viewer') | CVE: CVE-2024-4978 | Justice AV Solutions Viewer | Justice AV Solutions (JAVS) Viewer Installer Embedded Malicious Code Vulnerability | KEV added: 2024-05-29 | KEV due: 2024-06-19 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1420Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'crushftp' (in 'CrushFTP CrushFTP') | CVE: CVE-2024-4040 | CrushFTP CrushFTP | CrushFTP VFS Sandbox Escape Vulnerability | KEV added: 2024-04-24 | KEV due: 2024-05-01 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1425Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'spreadsheet::parseexcel' (in 'Spreadsheet::ParseExcel Spreadsheet::ParseExcel') | CVE: CVE-2023-7101 | Spreadsheet::ParseExcel Spreadsheet::ParseExcel | Spreadsheet::ParseExcel Remote Code Execution Vulnerability | KEV added: 2024-01-02 | KEV due: 2024-01-23 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1426Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'unitronics' (in 'Unitronics Vision PLC and HMI') | CVE: CVE-2023-6448 | Unitronics Vision PLC and HMI | Unitronics Vision PLC and HMI Insecure Default Password Vulnerability | KEV added: 2023-12-11 | KEV due: 2023-12-18 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1428Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'qualcomm' (in 'Qualcomm Multiple Chipsets') | CVE: CVE-2023-33106 | Qualcomm Multiple Chipsets | Qualcomm Multiple Chipsets Use of Out-of-Range Pointer Offset Vulnerability | KEV added: 2023-12-05 | KEV due: 2023-12-26 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1429Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'gnu' (in 'GNU GNU C Library') | CVE: CVE-2023-4911 | GNU GNU C Library | GNU C Library Buffer Overflow Vulnerability | KEV added: 2023-11-21 | KEV due: 2023-12-12 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1430Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'oracle' (in 'Oracle Fusion Middleware') | CVE: CVE-2020-2551 | Oracle Fusion Middleware | Oracle Fusion Middleware Unspecified Vulnerability | KEV added: 2023-11-16 | KEV due: 2023-12-07 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1431Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'ietf' (in 'IETF Service Location Protocol (SLP)') | CVE: CVE-2023-29552 | IETF Service Location Protocol (SLP) | Service Location Protocol (SLP) Denial-of-Service Vulnerability | KEV added: 2023-11-08 | KEV due: 2023-11-29 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1433Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'ietf' (in 'IETF HTTP/2') | CVE: CVE-2023-44487 | IETF HTTP/2 | HTTP/2 Rapid Reset Attack Vulnerability | KEV added: 2023-10-10 | KEV due: 2023-10-31 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1435Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'trend micro' (in 'Trend Micro Apex One and Worry-Free Business Security') | CVE: CVE-2023-41179 | Trend Micro Apex One and Worry-Free Business Security | Trend Micro Apex One and Worry-Free Business Security Remote Code Execution Vulnerability | KEV added: 2023-09-21 | KEV due: 2023-10-12 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1436Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'samsung' (in 'Samsung Mobile Devices') | CVE: CVE-2022-22265 | Samsung Mobile Devices | Samsung Mobile Devices Use-After-Free Vulnerability | KEV added: 2023-09-18 | KEV due: 2023-10-09 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1440Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'citrix' (in 'Citrix Content Collaboration') | CVE: CVE-2023-24489 | Citrix Content Collaboration | Citrix Content Collaboration ShareFile Improper Access Control Vulnerability | KEV added: 2023-08-16 | KEV due: 2023-09-06 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1441Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'visual studio' (in 'Microsoft .NET Core and Visual Studio') | CVE: CVE-2023-38180 | Microsoft .NET Core and Visual Studio | Microsoft .NET Core and Visual Studio Denial-of-Service Vulnerability | KEV added: 2023-08-09 | KEV due: 2023-08-30 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1442Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'adobe coldfusion' (in 'Adobe ColdFusion') | CVE: CVE-2023-29298 | Adobe ColdFusion | Adobe ColdFusion Improper Access Control Vulnerability | KEV added: 2023-07-20 | KEV due: 2023-08-10 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1443Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'adobe coldfusion' (in 'Adobe ColdFusion') | CVE: CVE-2023-38205 | Adobe ColdFusion | Adobe ColdFusion Improper Access Control Vulnerability | KEV added: 2023-07-20 | KEV due: 2023-08-10 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1444Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'samsung' (in 'Samsung Mobile Devices') | CVE: CVE-2021-25395 | Samsung Mobile Devices | Samsung Mobile Devices Race Condition Vulnerability | KEV added: 2023-06-29 | KEV due: 2023-07-20 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1445Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'samsung' (in 'Samsung Mobile Devices') | CVE: CVE-2021-25371 | Samsung Mobile Devices | Samsung Mobile Devices Unspecified Vulnerability | KEV added: 2023-06-29 | KEV due: 2023-07-20 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1447Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'oracle' (in 'Oracle Java SE and JRockit') | CVE: CVE-2016-3427 | Oracle Java SE and JRockit | Oracle Java SE and JRockit Unspecified Vulnerability | KEV added: 2023-05-12 | KEV due: 2023-06-02 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1448Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'oracle' (in 'Oracle WebLogic Server') | CVE: CVE-2023-21839 | Oracle WebLogic Server | Oracle WebLogic Server Unspecified Vulnerability | KEV added: 2023-05-01 | KEV due: 2023-05-22 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1449Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'minio' (in 'MinIO MinIO') | CVE: CVE-2023-28432 | MinIO MinIO | MinIO Information Disclosure Vulnerability | KEV added: 2023-04-21 | KEV due: 2023-05-12 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1451Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'arm mali' (in 'Arm Mali Graphics Processing Unit (GPU)') | CVE: CVE-2023-26083 | Arm Mali Graphics Processing Unit (GPU) | Arm Mali GPU Kernel Driver Information Disclosure Vulnerability | KEV added: 2023-04-07 | KEV due: 2023-04-28 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1452Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'adobe coldfusion' (in 'Adobe ColdFusion') | CVE: CVE-2023-26360 | Adobe ColdFusion | Adobe ColdFusion Deserialization of Untrusted Data Vulnerability | KEV added: 2023-03-15 | KEV due: 2023-04-05 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1453Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'teclib' (in 'Teclib GLPI') | CVE: CVE-2022-35914 | Teclib GLPI | Teclib GLPI Remote Code Execution Vulnerability | KEV added: 2023-03-07 | KEV due: 2023-03-28 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1455Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cacti' (in 'Cacti Cacti') | CVE: CVE-2022-46169 | Cacti Cacti | Cacti Command Injection Vulnerability | KEV added: 2023-02-16 | KEV due: 2023-03-09 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1459Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'samsung' (in 'Samsung Mobile Devices') | CVE: CVE-2021-25369 | Samsung Mobile Devices | Samsung Mobile Devices Improper Access Control Vulnerability | KEV added: 2022-11-08 | KEV due: 2022-11-29 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1464Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'trend micro' (in 'Trend Micro Apex One and Apex One as a Service') | CVE: CVE-2022-40139 | Trend Micro Apex One and Apex One as a Service | Trend Micro Apex One and Apex One as a Service Improper Validation Vulnerability | KEV added: 2022-09-15 | KEV due: 2022-10-06 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1466Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'netgear' (in 'NETGEAR Multiple Devices') | CVE: CVE-2017-5521 | NETGEAR Multiple Devices | NETGEAR Multiple Devices Exposure of Sensitive Information Vulnerability | KEV added: 2022-09-08 | KEV due: 2022-09-29 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1468Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'sap' (in 'SAP Multiple Products') | CVE: CVE-2022-22536 | SAP Multiple Products | SAP Multiple Products HTTP Request Smuggling Vulnerability | KEV added: 2022-08-18 | KEV due: 2022-09-08 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1471Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'sap' (in 'SAP NetWeaver') | CVE: CVE-2021-38163 | SAP NetWeaver | SAP NetWeaver Unrestricted File Upload Vulnerability | KEV added: 2022-06-09 | KEV due: 2022-06-30 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1472Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'sap' (in 'SAP NetWeaver') | CVE: CVE-2016-2388 | SAP NetWeaver | SAP NetWeaver Information Disclosure Vulnerability | KEV added: 2022-06-09 | KEV due: 2022-06-30 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1474Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'microsoft internet explorer' (in 'Microsoft Internet Explorer') | CVE: CVE-2012-4969 | Microsoft Internet Explorer | Microsoft Internet Explorer Use-After-Free Vulnerability | KEV added: 2022-06-08 | KEV due: 2022-06-22 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1478Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'oracle' (in 'Oracle Solaris') | CVE: CVE-2019-3010 | Oracle Solaris | Oracle Solaris Privilege Escalation Vulnerability | KEV added: 2022-05-25 | KEV due: 2022-06-15 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1479Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'microsoft internet explorer' (in 'Microsoft Internet Explorer') | CVE: CVE-2015-0071 | Microsoft Internet Explorer | Microsoft Internet Explorer ASLR Bypass Vulnerability | KEV added: 2022-05-25 | KEV due: 2022-06-15 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1480Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'microsoft internet explorer' (in 'Microsoft Internet Explorer') | CVE: CVE-2014-4123 | Microsoft Internet Explorer | Microsoft Internet Explorer Privilege Escalation Vulnerability | KEV added: 2022-05-25 | KEV due: 2022-06-15 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1481Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'microsoft internet explorer' (in 'Microsoft Internet Explorer') | CVE: CVE-2014-2817 | Microsoft Internet Explorer | Microsoft Internet Explorer Privilege Escalation Vulnerability | KEV added: 2022-05-25 | KEV due: 2022-06-15 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1482Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'microsoft internet explorer' (in 'Microsoft Internet Explorer') | CVE: CVE-2013-7331 | Microsoft Internet Explorer | Microsoft Internet Explorer Information Disclosure Vulnerability | KEV added: 2022-05-25 | KEV due: 2022-06-15 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1484Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'oracle' (in 'Oracle Java Runtime Environment (JRE)') | CVE: CVE-2013-2423 | Oracle Java Runtime Environment (JRE) | Oracle JRE Unspecified Vulnerability | KEV added: 2022-05-25 | KEV due: 2022-06-15 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1489Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'oracle' (in 'Oracle Java Runtime Environment (JRE)') | CVE: CVE-2010-0840 | Oracle Java Runtime Environment (JRE) | Oracle JRE Unspecified Vulnerability | KEV added: 2022-05-25 | KEV due: 2022-06-15 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1491Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'microsoft internet explorer' (in 'Microsoft Internet Explorer') | CVE: CVE-2017-0210 | Microsoft Internet Explorer | Microsoft Internet Explorer Privilege Escalation Vulnerability | KEV added: 2022-05-24 | KEV due: 2022-06-14 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1492Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'artifex' (in 'Artifex Ghostscript') | CVE: CVE-2017-8291 | Artifex Ghostscript | Artifex Ghostscript Type Confusion Vulnerability | KEV added: 2022-05-24 | KEV due: 2022-06-14 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1493Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'microsoft internet explorer' (in 'Microsoft Internet Explorer') | CVE: CVE-2016-0162 | Microsoft Internet Explorer | Microsoft Internet Explorer Information Disclosure Vulnerability | KEV added: 2022-05-24 | KEV due: 2022-06-14 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1494Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'microsoft internet explorer' (in 'Microsoft Internet Explorer') | CVE: CVE-2016-3298 | Microsoft Internet Explorer | Microsoft Internet Explorer Messaging API Information Disclosure Vulnerability | KEV added: 2022-05-24 | KEV due: 2022-06-14 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1496Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'microsoft internet explorer' (in 'Microsoft Internet Explorer') | CVE: CVE-2019-0676 | Microsoft Internet Explorer | Microsoft Internet Explorer Information Disclosure Vulnerability | KEV added: 2022-05-23 | KEV due: 2022-06-13 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1503Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'meta' (in 'Meta Platforms WhatsApp') | CVE: CVE-2019-3568 | Meta Platforms WhatsApp | WhatsApp VOIP Stack Buffer Overflow Vulnerability | KEV added: 2022-04-19 | KEV due: 2022-05-10 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1504Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'vmware' (in 'VMware Multiple Products') | CVE: CVE-2022-22960 | VMware Multiple Products | VMware Multiple Products Privilege Escalation Vulnerability | KEV added: 2022-04-15 | KEV due: 2022-05-06 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1505Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'watchguard' (in 'WatchGuard Firebox and XTM') | CVE: CVE-2022-23176 | WatchGuard Firebox and XTM | WatchGuard Firebox and XTM Privilege Escalation Vulnerability | KEV added: 2022-04-11 | KEV due: 2022-05-02 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1506Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'telerik' (in 'Telerik User Interface (UI) for ASP.NET AJAX') | CVE: CVE-2017-11317 | Telerik User Interface (UI) for ASP.NET AJAX | Telerik UI for ASP.NET AJAX Unrestricted File Upload Vulnerability | KEV added: 2022-04-11 | KEV due: 2022-05-02 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1507Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'sudo' (in 'Sudo Sudo') | CVE: CVE-2021-3156 | Sudo Sudo | Sudo Heap-Based Buffer Overflow Vulnerability | KEV added: 2022-04-06 | KEV due: 2022-04-27 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1508Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'trend micro' (in 'Trend Micro Apex Central') | CVE: CVE-2022-26871 | Trend Micro Apex Central | Trend Micro Apex Central Arbitrary File Upload Vulnerability | KEV added: 2022-03-31 | KEV due: 2022-04-21 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1509Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'sophos' (in 'Sophos Firewall') | CVE: CVE-2022-1040 | Sophos Firewall | Sophos Firewall Authentication Bypass Vulnerability | KEV added: 2022-03-31 | KEV due: 2022-04-21 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1511Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'dell' (in 'Dell dbutil Driver') | CVE: CVE-2021-21551 | Dell dbutil Driver | Dell dbutil Driver Insufficient Access Control Vulnerability | KEV added: 2022-03-31 | KEV due: 2022-04-21 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1514Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'microsoft internet explorer' (in 'Microsoft Internet Explorer') | CVE: CVE-2017-0059 | Microsoft Internet Explorer | Microsoft Internet Explorer Information Disclosure Vulnerability | KEV added: 2022-03-28 | KEV due: 2022-04-18 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1517Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'oracle' (in 'Oracle Java SE') | CVE: CVE-2012-5076 | Oracle Java SE | Oracle Java SE Sandbox Bypass Vulnerability | KEV added: 2022-03-28 | KEV due: 2022-04-18 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1519Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'oracle' (in 'Oracle Fusion Middleware') | CVE: CVE-2012-0518 | Oracle Fusion Middleware | Oracle Fusion Middleware Unspecified Vulnerability | KEV added: 2022-03-28 | KEV due: 2022-04-18 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1520Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'watchguard' (in 'WatchGuard Firebox and XTM Appliances') | CVE: CVE-2022-26318 | WatchGuard Firebox and XTM Appliances | WatchGuard Firebox and XTM Appliances Arbitrary Code Execution | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1521Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'mitel' (in 'Mitel MiCollab, MiVoice Business Express') | CVE: CVE-2022-26143 | Mitel MiCollab, MiVoice Business Express | MiCollab, MiVoice Business Express Access Control Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1523Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'qnap' (in 'QNAP Systems Helpdesk') | CVE: CVE-2020-2506 | QNAP Systems Helpdesk | QNAP Helpdesk Improper Access Control Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1524Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'oracle' (in 'Oracle BI Publisher (Formerly XML Publisher)') | CVE: CVE-2019-2616 | Oracle BI Publisher (Formerly XML Publisher) | Oracle BI Publisher Unauthorized Access Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1525Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'elastic' (in 'Elastic Elasticsearch') | CVE: CVE-2015-1427 | Elastic Elasticsearch | Elasticsearch Groovy Scripting Engine Remote Code Execution Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1526Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'elastic' (in 'Elastic Elasticsearch') | CVE: CVE-2014-3120 | Elastic Elasticsearch | Elasticsearch Remote Code Execution Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1527Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'exim' (in 'Exim Exim') | CVE: CVE-2010-4345 | Exim Exim | Exim Privilege Escalation Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1528Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'hewlett' (in 'Hewlett Packard (HP) OpenView Network Node Manager') | CVE: CVE-2005-2773 | Hewlett Packard (HP) OpenView Network Node Manager | HP OpenView Network Node Manager Remote Code Execution Vulnerability | KEV added: 2022-03-25 | KEV due: 2022-04-15 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1529Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'sonicwall' (in 'SonicWall SonicOS') | CVE: CVE-2020-5135 | SonicWall SonicOS | SonicWall SonicOS Buffer Overflow Vulnerability | KEV added: 2022-03-15 | KEV due: 2022-04-05 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1531Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'adobe coldfusion' (in 'Adobe ColdFusion') | CVE: CVE-2013-0631 | Adobe ColdFusion | Adobe ColdFusion Information Disclosure Vulnerability | KEV added: 2022-03-07 | KEV due: 2022-09-07 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1532Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'adobe coldfusion' (in 'Adobe ColdFusion') | CVE: CVE-2013-0629 | Adobe ColdFusion | Adobe ColdFusion Directory Traversal Vulnerability | KEV added: 2022-03-07 | KEV due: 2022-09-07 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1533Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'adobe coldfusion' (in 'Adobe ColdFusion') | CVE: CVE-2013-0625 | Adobe ColdFusion | Adobe ColdFusion Authentication Bypass Vulnerability | KEV added: 2022-03-07 | KEV due: 2022-09-07 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1535Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers') | CVE: CVE-2022-20708 | Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers | Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-17 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1536Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers') | CVE: CVE-2022-20703 | Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers | Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-17 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1537Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers') | CVE: CVE-2022-20701 | Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers | Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-17 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1538Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers') | CVE: CVE-2022-20700 | Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers | Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-17 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1539Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'cisco' (in 'Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers') | CVE: CVE-2022-20699 | Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers | Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-17 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1541Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'chakracore' (in 'ChakraCore ChakraCore scripting engine') | CVE: CVE-2018-8298 | ChakraCore ChakraCore scripting engine | ChakraCore Scripting Engine Type Confusion Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-17 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1542Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'oracle' (in 'Oracle Java SE') | CVE: CVE-2015-4902 | Oracle Java SE | Oracle Java SE Integrity Check Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1543Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'oracle' (in 'Oracle Java SE') | CVE: CVE-2015-2590 | Oracle Java SE | Oracle Java SE and Java SE Embedded Remote Code Execution Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1545Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'microsoft internet explorer' (in 'Microsoft Internet Explorer') | CVE: CVE-2013-3897 | Microsoft Internet Explorer | Microsoft Internet Explorer Use-After-Free Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1547Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'adobe coldfusion' (in 'Adobe ColdFusion') | CVE: CVE-2013-0632 | Adobe ColdFusion | Adobe ColdFusion Authentication Bypass Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1551Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'oracle' (in 'Oracle Java SE JDK and JRE') | CVE: CVE-2011-3544 | Oracle Java SE JDK and JRE | Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1552Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'oracle' (in 'Oracle VirtualBox') | CVE: CVE-2008-3431 | Oracle VirtualBox | Oracle VirtualBox Insufficient Input Validation Vulnerability | KEV added: 2022-03-03 | KEV due: 2022-03-24 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1553Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'zabbix' (in 'Zabbix Frontend') | CVE: CVE-2022-23134 | Zabbix Frontend | Zabbix Frontend Improper Access Control Vulnerability | KEV added: 2022-02-22 | KEV due: 2022-03-08 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1559Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'intel' (in 'Intel Active Management Technology (AMT), Small Business Technology (SBT), and Standard Manageability') | CVE: CVE-2017-5689 | Intel Active Management Technology (AMT), Small Business Technology (SBT), and Standard Manageability | Intel Active Management Technology (AMT), Small Business Technology (SBT), and Standard Manageability Privilege Escalation Vulnerability | KEV added: 2022-01-28 | KEV due: 2022-07-28 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1560Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'aviatrix' (in 'Aviatrix Aviatrix Controller') | CVE: CVE-2021-40870 | Aviatrix Aviatrix Controller | Aviatrix Controller Unrestricted Upload of File | KEV added: 2022-01-18 | KEV due: 2022-02-01 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1561Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'vmware' (in 'VMware vCenter Server') | CVE: CVE-2021-22017 | VMware vCenter Server | VMware vCenter Server Improper Access Control | KEV added: 2022-01-10 | KEV due: 2022-01-24 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1563Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'synacor' (in 'Synacor Zimbra Collaboration Suite (ZCS)') | CVE: CVE-2019-9670 | Synacor Zimbra Collaboration Suite (ZCS) | Synacor Zimbra Collaboration Suite (ZCS) Improper Restriction of XML External Entity Reference | KEV added: 2022-01-10 | KEV due: 2022-07-10 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1564Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'primetek' (in 'Primetek Primefaces Application') | CVE: CVE-2017-1000486 | Primetek Primefaces Application | Primetek Primefaces Remote Code Execution Vulnerability | KEV added: 2022-01-10 | KEV due: 2022-07-10 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1565Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'zoho' (in 'Zoho Desktop Central') | CVE: CVE-2021-44515 | Zoho Desktop Central | Zoho Desktop Central Authentication Bypass Vulnerability | KEV added: 2021-12-10 | KEV due: 2021-12-24 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1566Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'sonatype' (in 'Sonatype Nexus Repository Manager') | CVE: CVE-2019-7238 | Sonatype Nexus Repository Manager | Sonatype Nexus Repository Manager Incorrect Access Control Vulnerability | KEV added: 2021-12-10 | KEV due: 2022-06-10 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1567Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'zoho' (in 'Zoho ManageEngine ServiceDesk Plus (SDP)') | CVE: CVE-2021-37415 | Zoho ManageEngine ServiceDesk Plus (SDP) | Zoho ManageEngine ServiceDesk Authentication Bypass Vulnerability | KEV added: 2021-12-01 | KEV due: 2021-12-15 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1568Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'zoho' (in 'Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus') | CVE: CVE-2021-44077 | Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus | Zoho ManageEngine ServiceDesk Plus Remote Code Execution Vulnerability | KEV added: 2021-12-01 | KEV due: 2021-12-15 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1569Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'perl exiftool' (in 'Perl Exiftool') | CVE: CVE-2021-22204 | Perl Exiftool | ExifTool Remote Code Execution Vulnerability | KEV added: 2021-11-17 | KEV due: 2021-12-01 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1571Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'amcrest' (in 'Amcrest Cameras and Network Video Recorder (NVR)') | CVE: CVE-2020-5735 | Amcrest Cameras and Network Video Recorder (NVR) | Amcrest Cameras and NVR Stack-based Buffer Overflow Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1574Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'dotnetnuke' (in 'DotNetNuke (DNN) DotNetNuke (DNN)') | CVE: CVE-2018-15811 | DotNetNuke (DNN) DotNetNuke (DNN) | DotNetNuke (DNN) Inadequate Encryption Strength Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1575Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'dotnetnuke' (in 'DotNetNuke (DNN) DotNetNuke (DNN)') | CVE: CVE-2018-18325 | DotNetNuke (DNN) DotNetNuke (DNN) | DotNetNuke (DNN) Inadequate Encryption Strength Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1576Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'eyesofnetwork' (in 'EyesOfNetwork EyesOfNetwork') | CVE: CVE-2020-8657 | EyesOfNetwork EyesOfNetwork | EyesOfNetwork Use of Hard-Coded Credentials Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1577Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'imagemagick' (in 'ImageMagick ImageMagick') | CVE: CVE-2016-3715 | ImageMagick ImageMagick | ImageMagick Arbitrary File Deletion Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1579Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'mcafee' (in 'McAfee McAfee Total Protection (MTP)') | CVE: CVE-2021-23874 | McAfee McAfee Total Protection (MTP) | McAfee Total Protection (MTP) Improper Privilege Management Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1585Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'microsoft open management infrastructure' (in 'Microsoft Open Management Infrastructure (OMI)') | CVE: CVE-2021-38645 | Microsoft Open Management Infrastructure (OMI) | Microsoft Open Management Infrastructure (OMI) Privilege Escalation Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1586Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'microsoft open management infrastructure' (in 'Microsoft Open Management Infrastructure (OMI)') | CVE: CVE-2021-38649 | Microsoft Open Management Infrastructure (OMI) | Microsoft Open Management Infrastructure (OMI) Privilege Escalation Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1591Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'microsoft internet explorer' (in 'Microsoft Internet Explorer') | CVE: CVE-2021-27085 | Microsoft Internet Explorer | Microsoft Internet Explorer Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1595Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'microsoft open management infrastructure' (in 'Microsoft Open Management Infrastructure (OMI)') | CVE: CVE-2021-38648 | Microsoft Open Management Infrastructure (OMI) | Microsoft Open Management Infrastructure (OMI) Privilege Escalation Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1596Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'netgear' (in 'NETGEAR JGS516PE Devices') | CVE: CVE-2020-26919 | NETGEAR JGS516PE Devices | Netgear JGS516PE Devices Missing Function Level Access Control Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1597Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'oracle' (in 'Oracle Fusion Middleware') | CVE: CVE-2012-3152 | Oracle Fusion Middleware | Oracle Fusion Middleware Unspecified Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1598Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'oracle' (in 'Oracle WebLogic Server') | CVE: CVE-2020-14750 | Oracle WebLogic Server | Oracle WebLogic Server Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1599Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'oracle' (in 'Oracle WebLogic Server') | CVE: CVE-2020-14882 | Oracle WebLogic Server | Oracle WebLogic Server Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1600Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'oracle' (in 'Oracle WebLogic Server') | CVE: CVE-2020-14883 | Oracle WebLogic Server | Oracle WebLogic Server Unspecified Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1601Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'qualcomm' (in 'Qualcomm Multiple Chipsets') | CVE: CVE-2021-1906 | Qualcomm Multiple Chipsets | Qualcomm Multiple Chipsets Detection of Error Condition Without Action Vulnerability | KEV added: 2021-11-03 | KEV due: 2021-11-17 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1602Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'roundcube' (in 'Roundcube Roundcube Webmail') | CVE: CVE-2017-16651 | Roundcube Roundcube Webmail | Roundcube Webmail File Disclosure Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1603Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'saltstack' (in 'SaltStack Salt') | CVE: CVE-2020-11651 | SaltStack Salt | SaltStack Salt Authentication Bypass Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1604Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'sap' (in 'SAP NetWeaver') | CVE: CVE-2010-5326 | SAP NetWeaver | SAP NetWeaver Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1605Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'sap' (in 'SAP NetWeaver') | CVE: CVE-2016-9563 | SAP NetWeaver | SAP NetWeaver XML External Entity (XXE) Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1606Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'sap' (in 'SAP NetWeaver') | CVE: CVE-2020-6287 | SAP NetWeaver | SAP NetWeaver Missing Authentication for Critical Function Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1607Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'sap' (in 'SAP Solution Manager') | CVE: CVE-2020-6207 | SAP Solution Manager | SAP Solution Manager Missing Authentication for Critical Function Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1608Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'simalliance' (in 'SIMalliance Toolbox Browser') | CVE: CVE-2019-16256 | SIMalliance Toolbox Browser | SIMalliance Toolbox Browser Command Injection Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1609Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'solarwinds' (in 'SolarWinds Orion') | CVE: CVE-2020-10148 | SolarWinds Orion | SolarWinds Orion Authentication Bypass Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1610Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'solarwinds' (in 'SolarWinds Virtualization Manager') | CVE: CVE-2016-3643 | SolarWinds Virtualization Manager | SolarWinds Virtualization Manager Privilege Escalation Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1611Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'sonatype' (in 'Sonatype Nexus Repository') | CVE: CVE-2020-10199 | Sonatype Nexus Repository | Sonatype Nexus Repository Remote Code Execution Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1613Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'teamviewer' (in 'TeamViewer Desktop') | CVE: CVE-2019-18988 | TeamViewer Desktop | TeamViewer Desktop Bypass Remote Login Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1614Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'progress' (in 'Progress ASP.NET AJAX and Sitefinity') | CVE: CVE-2017-9248 | Progress ASP.NET AJAX and Sitefinity | Progress Telerik UI for ASP.NET AJAX and Sitefinity Cryptographic Weakness Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1616Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'vmware' (in 'VMware vCenter Server') | CVE: CVE-2020-3952 | VMware vCenter Server | VMware vCenter Server Information Disclosure Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

EXP-KEV-1619Exploit Public-Facing Application (T1190)HighSRC-0012026-06-13SOC ManagerClosed
Threat: THR-006 — Exploit Public-Facing Application
Source: SRC-001
Affected Asset:
Affected Vendor:
Identified: 2026-06-13
Validated:
Target Remediation: 2026-07-13
Actual Remediation:
Linked Action:

Treating Controls

Detection Controls

OUT_OF_SCOPE: matched 'zyxel' (in 'Zyxel Multiple Products') | CVE: CVE-2020-29583 | Zyxel Multiple Products | Zyxel Multiple Products Use of Hard-Coded Credentials Vulnerability | KEV added: 2021-11-03 | KEV due: 2022-05-03 | Triage required — low-confidence mapping: No specific mapping; default Exploit Public-Facing Application

Threat Catalogue 60

Stable taxonomy — MITRE ATT&CK aligned plus AI-specific entries.

IDNameTacticLikelihoodTechniqueOwner
THR-001PhishingInitial AccessCriticalT1566SOC Manager
Tactic: Initial Access
Technique: T1566
Likelihood: Critical
Asset Classes Affected: All endpoints; Email
Owner: SOC Manager
Last Reviewed: 2026-05-01

Description. Adversary delivers malicious email to obtain initial access or credentials.

Treating Controls

Detection Controls

THR-002Spear Phishing AttachmentInitial AccessHighT1566.001SOC Manager
Tactic: Initial Access
Technique: T1566.001
Likelihood: High
Asset Classes Affected: Email
Owner: SOC Manager
Last Reviewed: 2026-05-01

Description. Targeted phishing with malicious attachment.

Treating Controls

Detection Controls

THR-003Spear Phishing LinkInitial AccessHighT1566.002SOC Manager
Tactic: Initial Access
Technique: T1566.002
Likelihood: High
Asset Classes Affected: Email
Owner: SOC Manager
Last Reviewed: 2026-05-01

Description. Targeted phishing with malicious link.

Treating Controls

Detection Controls

THR-004Drive-By CompromiseInitial AccessMediumT1189SOC Manager
Tactic: Initial Access
Technique: T1189
Likelihood: Medium
Asset Classes Affected: Endpoints; Browsers
Owner: SOC Manager
Last Reviewed: 2026-05-01

Description. Malicious code served from a compromised web resource.

Treating Controls

Detection Controls

THR-005External Remote ServicesInitial AccessCriticalT1133Identity & Access Manager
Tactic: Initial Access
Technique: T1133
Likelihood: Critical
Asset Classes Affected: Network perimeter
Owner: Identity & Access Manager
Last Reviewed: 2026-04-15

Description. Adversary leverages externally-facing remote services (VPN, RDP, SSH).

Treating Controls

Detection Controls

THR-006Exploit Public-Facing ApplicationInitial AccessCriticalT1190AppSec Lead
Tactic: Initial Access
Technique: T1190
Likelihood: Critical
Asset Classes Affected: Web applications; APIs
Owner: AppSec Lead
Last Reviewed: 2026-05-10

Description. Adversary exploits a vulnerability in a public-facing application.

Treating Controls

Detection Controls

THR-007Supply Chain CompromiseInitial AccessHighT1195Vendor Risk Manager
Tactic: Initial Access
Technique: T1195
Likelihood: High
Asset Classes Affected: Software dependencies
Owner: Vendor Risk Manager
Last Reviewed: 2026-04-20

Description. Adversary tampers with software supply chain prior to delivery.

Treating Controls

Detection Controls

THR-008Trusted RelationshipInitial AccessHighT1199Vendor Risk Manager
Tactic: Initial Access
Technique: T1199
Likelihood: High
Asset Classes Affected: Third-party connections
Owner: Vendor Risk Manager
Last Reviewed: 2026-04-20

Description. Adversary breaches a third-party with privileged access.

Treating Controls

Detection Controls

THR-009Valid Accounts (Credential Reuse)Initial AccessCriticalT1078Identity & Access Manager
Tactic: Initial Access
Technique: T1078
Likelihood: Critical
Asset Classes Affected: All identities
Owner: Identity & Access Manager
Last Reviewed: 2026-05-01

Description. Adversary uses legitimate credentials obtained elsewhere.

Treating Controls

Detection Controls

THR-010Command and Scripting InterpreterExecutionHighT1059SOC Manager
Tactic: Execution
Technique: T1059
Likelihood: High
Asset Classes Affected: Endpoints; Servers
Owner: SOC Manager
Last Reviewed: 2026-04-30

Description. Adversary executes commands via shell or scripting.

Treating Controls

Detection Controls

THR-011PowerShell AbuseExecutionHighT1059.001SOC Manager
Tactic: Execution
Technique: T1059.001
Likelihood: High
Asset Classes Affected: Windows endpoints
Owner: SOC Manager
Last Reviewed: 2026-04-30

Description. Adversary abuses PowerShell for execution.

Treating Controls

Detection Controls

THR-012User ExecutionExecutionHighT1204CISO
Tactic: Execution
Technique: T1204
Likelihood: High
Asset Classes Affected: All users
Owner: CISO
Last Reviewed: 2026-05-05

Description. Adversary relies on user opening malicious content.

Treating Controls

Detection Controls

THR-013LOLBins AbuseExecutionMediumT1218SOC Manager
Tactic: Execution
Technique: T1218
Likelihood: Medium
Asset Classes Affected: Endpoints
Owner: SOC Manager
Last Reviewed: 2026-04-30

Description. Adversary abuses signed binary proxy execution.

Treating Controls

Detection Controls

THR-014Account ManipulationPersistenceHighT1098Identity & Access Manager
Tactic: Persistence
Technique: T1098
Likelihood: High
Asset Classes Affected: Identity systems
Owner: Identity & Access Manager
Last Reviewed: 2026-05-01

Description. Adversary creates or modifies accounts for persistence.

Treating Controls

Detection Controls

THR-015Scheduled Task / Cron JobPersistenceMediumT1053SOC Manager
Tactic: Persistence
Technique: T1053
Likelihood: Medium
Asset Classes Affected: Endpoints; Servers
Owner: SOC Manager
Last Reviewed: 2026-04-30

Description. Adversary creates scheduled tasks for persistence.

Treating Controls

Detection Controls

THR-016Autostart ExecutionPersistenceMediumT1547SOC Manager
Tactic: Persistence
Technique: T1547
Likelihood: Medium
Asset Classes Affected: Endpoints
Owner: SOC Manager
Last Reviewed: 2026-04-30

Description. Adversary modifies registry or startup folders.

Treating Controls

Detection Controls

THR-017Web ShellPersistenceHighT1505.003AppSec Lead
Tactic: Persistence
Technique: T1505.003
Likelihood: High
Asset Classes Affected: Web servers
Owner: AppSec Lead
Last Reviewed: 2026-05-10

Description. Adversary deploys web shell on compromised web server.

Treating Controls

Detection Controls

THR-018Exploitation for Privilege EscalationPrivilege EscalationHighT1068SOC Manager
Tactic: Privilege Escalation
Technique: T1068
Likelihood: High
Asset Classes Affected: Endpoints; Servers
Owner: SOC Manager
Last Reviewed: 2026-05-01

Description. Adversary exploits vulnerabilities for elevated privileges.

Treating Controls

Detection Controls

THR-019Access Token ManipulationPrivilege EscalationMediumT1134SOC Manager
Tactic: Privilege Escalation
Technique: T1134
Likelihood: Medium
Asset Classes Affected: Windows endpoints
Owner: SOC Manager
Last Reviewed: 2026-04-30

Description. Adversary manipulates access tokens for elevated context.

Treating Controls

Detection Controls

THR-020Process InjectionPrivilege EscalationHighT1055SOC Manager
Tactic: Privilege Escalation
Technique: T1055
Likelihood: High
Asset Classes Affected: Endpoints
Owner: SOC Manager
Last Reviewed: 2026-04-30

Description. Adversary injects code into legitimate processes.

Treating Controls

Detection Controls

THR-021Impair DefensesDefense EvasionHighT1562SOC Manager
Tactic: Defense Evasion
Technique: T1562
Likelihood: High
Asset Classes Affected: Security tools
Owner: SOC Manager
Last Reviewed: 2026-04-30

Description. Adversary disables or modifies security tools.

Treating Controls

Detection Controls

THR-022Indicator RemovalDefense EvasionMediumT1070SOC Manager
Tactic: Defense Evasion
Technique: T1070
Likelihood: Medium
Asset Classes Affected: Logs
Owner: SOC Manager
Last Reviewed: 2026-04-30

Description. Adversary clears logs to evade detection.

Treating Controls

Detection Controls

THR-023MasqueradingDefense EvasionMediumT1036SOC Manager
Tactic: Defense Evasion
Technique: T1036
Likelihood: Medium
Asset Classes Affected: Endpoints
Owner: SOC Manager
Last Reviewed: 2026-04-30

Description. Adversary masquerades as legitimate process or file.

Treating Controls

Detection Controls

THR-024OS Credential DumpingCredential AccessCriticalT1003Identity & Access Manager
Tactic: Credential Access
Technique: T1003
Likelihood: Critical
Asset Classes Affected: Endpoints; Domain controllers
Owner: Identity & Access Manager
Last Reviewed: 2026-05-01

Description. Adversary dumps credentials from OS memory.

Treating Controls

Detection Controls

THR-025Brute ForceCredential AccessHighT1110Identity & Access Manager
Tactic: Credential Access
Technique: T1110
Likelihood: High
Asset Classes Affected: Identity systems
Owner: Identity & Access Manager
Last Reviewed: 2026-05-01

Description. Adversary attempts password brute force.

Treating Controls

Detection Controls

THR-026Credential StuffingCredential AccessCriticalT1110.004Identity & Access Manager
Tactic: Credential Access
Technique: T1110.004
Likelihood: Critical
Asset Classes Affected: Identity systems
Owner: Identity & Access Manager
Last Reviewed: 2026-05-01

Description. Adversary uses leaked credentials from elsewhere.

Treating Controls

Detection Controls

THR-027Steal Kerberos TicketsCredential AccessHighT1558Identity & Access Manager
Tactic: Credential Access
Technique: T1558
Likelihood: High
Asset Classes Affected: Domain controllers
Owner: Identity & Access Manager
Last Reviewed: 2026-05-01

Description. Adversary steals or forges Kerberos tickets (Golden/Silver Ticket).

Treating Controls

Detection Controls

THR-028MFA Request GenerationCredential AccessHighT1621Identity & Access Manager
Tactic: Credential Access
Technique: T1621
Likelihood: High
Asset Classes Affected: Identity systems
Owner: Identity & Access Manager
Last Reviewed: 2026-05-01

Description. Adversary spams MFA requests to fatigue user into approving (MFA fatigue).

Treating Controls

Detection Controls

THR-029Account DiscoveryDiscoveryMediumT1087SOC Manager
Tactic: Discovery
Technique: T1087
Likelihood: Medium
Asset Classes Affected: Identity systems
Owner: SOC Manager
Last Reviewed: 2026-04-30

Description. Adversary enumerates accounts to identify targets.

Treating Controls

None

Detection Controls

THR-030Network Service DiscoveryDiscoveryMediumT1046SOC Manager
Tactic: Discovery
Technique: T1046
Likelihood: Medium
Asset Classes Affected: Network
Owner: SOC Manager
Last Reviewed: 2026-04-30

Description. Adversary scans for available services.

Treating Controls

Detection Controls

THR-031Lateral Tool TransferLateral MovementHighT1570SOC Manager
Tactic: Lateral Movement
Technique: T1570
Likelihood: High
Asset Classes Affected: Network
Owner: SOC Manager
Last Reviewed: 2026-05-01

Description. Adversary transfers tools laterally for further compromise.

Treating Controls

Detection Controls

THR-032Remote Services (RDP, SSH)Lateral MovementHighT1021Identity & Access Manager
Tactic: Lateral Movement
Technique: T1021
Likelihood: High
Asset Classes Affected: Network
Owner: Identity & Access Manager
Last Reviewed: 2026-05-01

Description. Adversary uses legitimate remote services for movement.

Treating Controls

Detection Controls

THR-033Exploitation of Remote ServicesLateral MovementHighT1210SOC Manager
Tactic: Lateral Movement
Technique: T1210
Likelihood: High
Asset Classes Affected: Internal services
Owner: SOC Manager
Last Reviewed: 2026-05-01

Description. Adversary exploits vulns in internal services for lateral movement.

Treating Controls

Detection Controls

THR-034Data from Information RepositoriesCollectionMediumT1213DPO
Tactic: Collection
Technique: T1213
Likelihood: Medium
Asset Classes Affected: Collaboration tools
Owner: DPO
Last Reviewed: 2026-05-01

Description. Adversary mines internal repos (SharePoint, Confluence, Slack) for sensitive data.

Treating Controls

Detection Controls

THR-035Email CollectionCollectionMediumT1114DPO
Tactic: Collection
Technique: T1114
Likelihood: Medium
Asset Classes Affected: Email
Owner: DPO
Last Reviewed: 2026-05-01

Description. Adversary collects emails for sensitive data.

Treating Controls

Detection Controls

THR-036Application Layer ProtocolCommand and ControlHighT1071SOC Manager
Tactic: Command and Control
Technique: T1071
Likelihood: High
Asset Classes Affected: Network
Owner: SOC Manager
Last Reviewed: 2026-04-30

Description. Adversary uses HTTPS for C2.

Treating Controls

Detection Controls

THR-037Encrypted ChannelCommand and ControlHighT1573SOC Manager
Tactic: Command and Control
Technique: T1573
Likelihood: High
Asset Classes Affected: Network
Owner: SOC Manager
Last Reviewed: 2026-04-30

Description. Adversary uses encrypted channels to hide C2.

Treating Controls

Detection Controls

THR-038Exfiltration Over C2 ChannelExfiltrationHighT1041SOC Manager
Tactic: Exfiltration
Technique: T1041
Likelihood: High
Asset Classes Affected: Network
Owner: SOC Manager
Last Reviewed: 2026-05-01

Description. Adversary exfiltrates data over C2 channel.

Treating Controls

Detection Controls

THR-039Exfiltration Over Cloud StorageExfiltrationHighT1567SOC Manager
Tactic: Exfiltration
Technique: T1567
Likelihood: High
Asset Classes Affected: Network
Owner: SOC Manager
Last Reviewed: 2026-05-01

Description. Adversary exfiltrates to attacker-controlled cloud storage.

Treating Controls

Detection Controls

THR-040Ransomware (Data Encrypted)ImpactCriticalT1486Incident Response Lead
Tactic: Impact
Technique: T1486
Likelihood: Critical
Asset Classes Affected: Endpoints; File shares
Owner: Incident Response Lead
Last Reviewed: 2026-05-01

Description. Adversary encrypts data for ransom.

Treating Controls

Detection Controls

THR-041Data DestructionImpactCriticalT1485Business Continuity Manager
Tactic: Impact
Technique: T1485
Likelihood: Critical
Asset Classes Affected: Data; Backups
Owner: Business Continuity Manager
Last Reviewed: 2026-05-01

Description. Adversary destroys data or systems.

Treating Controls

Detection Controls

THR-042Account Access RemovalImpactMediumT1531Identity & Access Manager
Tactic: Impact
Technique: T1531
Likelihood: Medium
Asset Classes Affected: Identity systems
Owner: Identity & Access Manager
Last Reviewed: 2026-05-01

Description. Adversary locks legitimate users from accounts.

Treating Controls

Detection Controls

THR-043Endpoint Denial of ServiceImpactMediumT1499SOC Manager
Tactic: Impact
Technique: T1499
Likelihood: Medium
Asset Classes Affected: Endpoints
Owner: SOC Manager
Last Reviewed: 2026-04-30

Description. Adversary degrades endpoint availability.

Treating Controls

Detection Controls

THR-044Network Denial of ServiceImpactMediumT1498SOC Manager
Tactic: Impact
Technique: T1498
Likelihood: Medium
Asset Classes Affected: Network perimeter
Owner: SOC Manager
Last Reviewed: 2026-04-30

Description. Adversary degrades network availability (DDoS).

Treating Controls

Detection Controls

THR-045Resource Hijacking (Cryptojacking)ImpactLowT1496SOC Manager
Tactic: Impact
Technique: T1496
Likelihood: Low
Asset Classes Affected: Endpoints; Cloud
Owner: SOC Manager
Last Reviewed: 2026-04-30

Description. Adversary uses compute for cryptocurrency mining.

Treating Controls

Detection Controls

THR-046Phishing for InformationReconnaissanceMediumT1598CISO
Tactic: Reconnaissance
Technique: T1598
Likelihood: Medium
Asset Classes Affected: All staff
Owner: CISO
Last Reviewed: 2026-05-01

Description. Adversary phishes for non-credential information.

Treating Controls

Detection Controls

THR-047Gather Victim Identity InformationReconnaissanceLowT1589CISO
Tactic: Reconnaissance
Technique: T1589
Likelihood: Low
Asset Classes Affected: Public web; Social media
Owner: CISO
Last Reviewed: 2026-05-01

Description. Adversary collects employee names, roles, contact info (OSINT).

Treating Controls

Detection Controls

None
THR-048Compromise AccountsResource DevelopmentMediumT1586Vendor Risk Manager
Tactic: Resource Development
Technique: T1586
Likelihood: Medium
Asset Classes Affected: Third-party accounts
Owner: Vendor Risk Manager
Last Reviewed: 2026-05-01

Description. Adversary uses compromised accounts (legitimate-seeming) for operations.

Treating Controls

Detection Controls

None
THR-049Cloud Service DiscoveryDiscoveryHighT1526CIO
Tactic: Discovery
Technique: T1526
Likelihood: High
Asset Classes Affected: Cloud workloads
Owner: CIO
Last Reviewed: 2026-05-05

Description. Adversary discovers cloud services and misconfigurations.

Treating Controls

Detection Controls

THR-050Multi-Factor Authentication InterceptionCredential AccessHighT1111Identity & Access Manager
Tactic: Credential Access
Technique: T1111
Likelihood: High
Asset Classes Affected: Identity systems
Owner: Identity & Access Manager
Last Reviewed: 2026-05-01

Description. Adversary intercepts MFA via AiTM proxy or session hijacking.

Treating Controls

Detection Controls

THR-051Prompt Injection (LLM)AI-specific (OWASP LLM01)HighAI.001Chief AI Officer
Tactic: AI-specific (OWASP LLM01)
Technique: AI.001
Likelihood: High
Asset Classes Affected: LLM-integrated applications
Owner: Chief AI Officer
Last Reviewed: 2026-05-30

Description. Adversary crafts prompts to manipulate LLM behaviour, bypass guardrails.

Treating Controls

Detection Controls

None
THR-052Model Inversion / Data ExtractionAI-specific (OWASP LLM06)HighAI.002Chief AI Officer
Tactic: AI-specific (OWASP LLM06)
Technique: AI.002
Likelihood: High
Asset Classes Affected: LLMs; ML models
Owner: Chief AI Officer
Last Reviewed: 2026-05-30

Description. Adversary extracts training data or sensitive context from model responses.

Treating Controls

Detection Controls

None
THR-053Training Data PoisoningAI-specific (OWASP LLM03)MediumAI.003Chief AI Officer
Tactic: AI-specific (OWASP LLM03)
Technique: AI.003
Likelihood: Medium
Asset Classes Affected: ML training pipelines
Owner: Chief AI Officer
Last Reviewed: 2026-05-30

Description. Adversary corrupts training data to alter model behaviour.

Treating Controls

Detection Controls

None
THR-054Model Theft / ExtractionAI-specific (OWASP LLM10)MediumAI.004Chief AI Officer
Tactic: AI-specific (OWASP LLM10)
Technique: AI.004
Likelihood: Medium
Asset Classes Affected: Proprietary models
Owner: Chief AI Officer
Last Reviewed: 2026-05-30

Description. Adversary steals proprietary model via repeated queries or direct exfiltration.

Treating Controls

Detection Controls

None
THR-055Adversarial ExamplesAI-specific (OWASP LLM02)MediumAI.005Chief AI Officer
Tactic: AI-specific (OWASP LLM02)
Technique: AI.005
Likelihood: Medium
Asset Classes Affected: Production ML systems
Owner: Chief AI Officer
Last Reviewed: 2026-05-30

Description. Adversary crafts inputs to cause model misclassification.

Treating Controls

Detection Controls

None
THR-056LLM JailbreakAI-specific (OWASP LLM01)HighAI.006Chief AI Officer
Tactic: AI-specific (OWASP LLM01)
Technique: AI.006
Likelihood: High
Asset Classes Affected: LLM-integrated apps
Owner: Chief AI Officer
Last Reviewed: 2026-05-30

Description. Adversary bypasses safety guardrails to obtain prohibited outputs.

Treating Controls

Detection Controls

None
THR-057AI Supply Chain CompromiseAI-specific (OWASP LLM05)MediumAI.007Chief AI Officer
Tactic: AI-specific (OWASP LLM05)
Technique: AI.007
Likelihood: Medium
Asset Classes Affected: Third-party models
Owner: Chief AI Officer
Last Reviewed: 2026-05-30

Description. Adversary delivers compromised pre-trained model via marketplace.

Treating Controls

Detection Controls

None
THR-058Sensitive Disclosure via LLMAI-specific (OWASP LLM06)HighAI.008Chief AI Officer
Tactic: AI-specific (OWASP LLM06)
Technique: AI.008
Likelihood: High
Asset Classes Affected: LLM-integrated apps
Owner: Chief AI Officer
Last Reviewed: 2026-05-30

Description. LLM reveals sensitive info via prompt context leakage.

Treating Controls

Detection Controls

None
THR-059SQL InjectionInitial Access (Web)HighT1190 (Web)AppSec Lead
Tactic: Initial Access (Web)
Technique: T1190 (Web)
Likelihood: High
Asset Classes Affected: Web applications; APIs
Owner: AppSec Lead
Last Reviewed: 2026-05-10

Description. Adversary injects SQL to access or modify database.

Treating Controls

Detection Controls

THR-060Cross-Site Scripting (XSS)Initial Access (Web)MediumT1190 (Web)AppSec Lead
Tactic: Initial Access (Web)
Technique: T1190 (Web)
Likelihood: Medium
Asset Classes Affected: Web applications
Owner: AppSec Lead
Last Reviewed: 2026-05-10

Description. Adversary injects scripts that execute in victim browsers.

Treating Controls

Detection Controls

Validations 15

Empirical results from BAS, red team, and pen-test exercises. Closes the loop between catalogued treating Controls and reality.

IDDateThreatSourceResultLinked Exposures
VAL-0102026-05-30THR-052 — Model Inversion / Data ExtractionSRC-011 Red Team InternalSuccessful exploitationEXP-012 EXP-022
Limited but confirmed; output filtering needed. · Detection Gap: Prompt-based extraction of training context
VAL-0122026-05-30THR-051 — Prompt Injection (LLM)SRC-011 Red Team InternalSuccessful exploitationEXP-004 EXP-030
System prompt hardening + output filters in dev. · Detection Gap: Jailbreak via multi-turn prompt sequence
VAL-0052026-05-28THR-031 — Lateral Tool TransferSRC-007 CymulateSuccessful exploitationEXP-021
Need network segmentation + East-West traffic monitoring. · Detection Gap: SMB lateral movement undetected
VAL-0042026-05-25THR-013 — LOLBins AbuseSRC-007 CymulateDetected and blockedEXP-023
LOLBin abuse via certutil detected by EDR.
VAL-0032026-05-22THR-024 — OS Credential DumpingSRC-007 CymulateSuccessful exploitationEXP-026
Need Credential Guard rollout — confirmed gap. · Detection Gap: Credential dump from LSASS not detected
VAL-0012026-05-15THR-001 — PhishingSRC-007 CymulateDetected and blockedEXP-032
Phishing simulation — email gateway blocked 96% of test payloads.
VAL-0022026-05-15THR-002 — Spear Phishing AttachmentSRC-007 CymulateDetected but not blockedEXP-032
Tuning required on attachment classification rules. · Detection Gap: Email gateway flagged but did not quarantine 4% of attachments
VAL-0082026-05-10THR-018 — Exploitation for Privilege EscalationSRC-007 CymulateSuccessful exploitationEXP-011
Confirmed vuln exploitable; patch deployment in flight. · Detection Gap: Kernel-level privesc undetected
VAL-0112026-05-05THR-026 — Credential StuffingSRC-011 Red Team InternalDetected but not blockedEXP-027
Lockout policy tuning required. · Detection Gap: Credential stuffing pattern detected at IDP level but did not trigger lockout
VAL-0092026-04-25THR-038 — Exfiltration Over C2 ChannelSRC-007 CymulateDetected but not blockedEXP-029
DLP coverage expansion in flight. · Detection Gap: Egress traffic flagged in SIEM but not blocked at firewall
VAL-0072026-04-15THR-016 — Autostart ExecutionSRC-007 CymulateDetected and blockedEXP-033
Boot autostart modification detected by EDR.
VAL-0062026-04-10THR-022 — Indicator RemovalSRC-007 CymulateFailed at executionEXP-038
Log clearing attempt blocked by file integrity monitoring.
VAL-0142026-04-05THR-040 — Ransomware (Data Encrypted)SRC-007 CymulateFailed at execution
Ransomware payload detonation blocked by EDR — controlled test.
VAL-0132026-03-20THR-006 — Exploit Public-Facing ApplicationSRC-012 External Pen-TestSuccessful exploitationEXP-025
See AUD-005 finding — critical; remediation 60% complete. · Detection Gap: Public-facing app vuln exploited by SecureCo
VAL-0152026-03-15THR-019 — Access Token ManipulationSRC-007 CymulateDetected and blockedEXP-036
Token impersonation detected; control validated.

Sources 12

Data feeds powering Discovery and Validation. Stale feeds become hygiene flags below.

IDToolTypeLast RefreshFrequencyOwnerStatus
SRC-001CISA KEV CatalogThreat Intel2026-06-13 (0 days ago)DailySOC ManagerActive (auto-poll)
SRC-002Tenable NessusVuln Scanner2026-06-11 (2 days ago)DailySOC ManagerActive
SRC-003Splunk EnterpriseSIEM2026-06-12 (1 days ago)Continuous (streaming)SOC ManagerActive
SRC-004AlienVault OTXThreat Intel2026-06-12 (1 days ago)DailySOC ManagerActive
SRC-005MITRE ATT&CKThreat Intel2026-05-01 (43 days ago)QuarterlySOC ManagerManual
SRC-006CrowdStrike FalconEDR/Threat Intel2026-06-12 (1 days ago)Continuous (streaming)SOC ManagerActive
SRC-007CymulateBAS2026-06-09 (4 days ago)WeeklySOC ManagerActive
SRC-008Microsoft Defender XDREDR/SIEM2026-06-12 (1 days ago)Continuous (streaming)SOC ManagerActive
SRC-009AxoniusCAASM2026-06-11 (2 days ago)DailyCIOActive
SRC-010Mandiant AdvantageThreat Intel2026-06-12 (1 days ago)DailyCISOActive
SRC-011Red Team InternalManual / Red Team (—)2026-05-30 00:00:00SOC ManagerActive
SRC-012Black Box / External Pen-TestManual / Red Team (—)2026-04-15 00:00:00CISOActive

Governance Hygiene

Automated flags — items needing CTEM programme attention.

Active Critical / High exposures 608

EXP-KEV-0002Exploitation for Privilege EscalationHigh — IdentifiedIdentified
EXP-KEV-0006Valid Accounts (Credential Reuse)High — IdentifiedIdentified
EXP-KEV-0007Exploitation for Privilege EscalationHigh — IdentifiedIdentified
EXP-KEV-0008External Remote ServicesHigh — IdentifiedIdentified
EXP-KEV-0010Command and Scripting InterpreterHigh — IdentifiedIdentified
EXP-KEV-0011Exploitation for Privilege EscalationHigh — IdentifiedIdentified
EXP-KEV-0013Cross-Site Scripting (XSS)High — IdentifiedIdentified
EXP-KEV-0017Exploitation for Privilege EscalationHigh — IdentifiedIdentified
EXP-KEV-0018Exploitation for Privilege EscalationHigh — IdentifiedIdentified
EXP-KEV-0021Exploitation for Privilege EscalationHigh — IdentifiedIdentified

Critical/High threats not validated in 90 days 26

THR-003Spear Phishing LinkNo validation since 2026-03 — empirical credibility gapUntested
THR-005External Remote ServicesNo validation since 2026-03 — empirical credibility gapUntested
THR-007Supply Chain CompromiseNo validation since 2026-03 — empirical credibility gapUntested
THR-008Trusted RelationshipNo validation since 2026-03 — empirical credibility gapUntested
THR-009Valid Accounts (Credential Reuse)No validation since 2026-03 — empirical credibility gapUntested
THR-010Command and Scripting InterpreterNo validation since 2026-03 — empirical credibility gapUntested
THR-011PowerShell AbuseNo validation since 2026-03 — empirical credibility gapUntested
THR-012User ExecutionNo validation since 2026-03 — empirical credibility gapUntested
THR-014Account ManipulationNo validation since 2026-03 — empirical credibility gapUntested
THR-017Web ShellNo validation since 2026-03 — empirical credibility gapUntested

Training

Mandatory training catalogue, completion rates, and role-based programmes. People-side execution layer for the framework.

Active Programmes
15
Mandatory Avg Completion
92%
Below Target
12
Overdue Refresh
0
Compliance-linked
15
IDProgrammeTypeAudienceLast RunCompletion / TargetOwner
TRN-009Acceptable Use Policy AcknowledgementMandatoryAll Staff2026-05-3097% / 100%CISO
Cadence: On Hire + Annual
Status: Active
Owner: CISO

Compliance Requirement. ISO 27001 A.6.4

Linked Controls

Tied to AUP review cycle.

TRN-011Physical Security AwarenessMandatoryOn-Site Staff2026-04-1095% / 98%Facilities
Cadence: On Hire + Annual
Status: Active
Owner: Facilities

Compliance Requirement. ISO 27001 A.7

Linked Controls

Workplace access and physical-asset protection.

TRN-001Annual Security AwarenessMandatoryAll Staff2026-04-3094% / 98%CISO
Cadence: Annual
Status: Active
Owner: CISO

Compliance Requirement. ISO 27001 A.6.3; SOC 2 CC1.4

Linked Controls

KnowBe4-delivered; awareness modules + assessment.

TRN-012Insider Threat AwarenessMandatoryAll Staff2026-04-3094% / 98%CISO
Cadence: Annual
Status: Active
Owner: CISO

Compliance Requirement. ISO 27001 A.6.3

Linked Controls

Indicator recognition + reporting channels.

TRN-005Data Protection & GDPRMandatoryAll Staff2026-02-2892% / 98%DPO
Cadence: Annual
Status: Active
Owner: DPO

Compliance Requirement. GDPR Art. 39; ISO 27001 A.6.3

Linked Controls

DPO-led; modules updated for 2026.

TRN-007AI Acceptable UseMandatoryAll Staff2026-05-0578% / 95%Chief AI Officer
Cadence: Annual
Status: Active
Owner: Chief AI Officer

Compliance Requirement. EU AI Act Art. 4 (AI literacy)

Linked Controls

New 2026 programme; rollout in progress.

TRN-006Incident Response TabletopRole-BasedIR Team + Leadership2026-04-15100% / 100%Incident Response Lead
Cadence: Semi-annual
Status: Active
Owner: Incident Response Lead

Compliance Requirement. ISO 27001 A.5.24; NIS 2 Art. 21

Linked Controls

Q2 exercise focused on ransomware scenario.

TRN-010Cloud Security FundamentalsRole-BasedCloud Platform Team2026-03-20100% / 100%CTO
Cadence: Annual
Status: Active
Owner: CTO

Compliance Requirement. ISO 27001 A.8.22

Linked Controls

AWS / Azure / GCP fundamentals.

TRN-008Vendor Risk ManagementRole-BasedProcurement + IT + Legal2026-01-2596% / 100%Vendor Risk Manager
Cadence: Annual
Status: Active
Owner: Vendor Risk Manager

Compliance Requirement. ISO 27001 A.5.19; NIS 2 Art. 21

Linked Controls

Required for anyone onboarding a vendor.

TRN-003Privileged Access TrainingRole-BasedPrivileged Users2026-03-1591% / 100%Identity & Access Manager
Cadence: Annual
Status: Active
Owner: Identity & Access Manager

Compliance Requirement. ISO 27001 A.8.2

Linked Controls

Required for all PIM-elevated accounts.

TRN-013Business Continuity AwarenessRole-BasedAll Staff (Critical Functions)2026-03-3089% / 95%Business Continuity Manager
Cadence: Annual
Status: Active
Owner: Business Continuity Manager

Compliance Requirement. ISO 27001 A.5.29; ISO 22301

Linked Controls

Function-specific BC plan walkthrough.

TRN-015Software Composition Analysis (SCA) ProcessRole-BasedEngineering2026-05-2588% / 95%AppSec Lead
Cadence: Quarterly
Status: Active
Owner: AppSec Lead

Compliance Requirement. ISO 27001 A.8.28

Linked Controls

Dependency-risk module.

TRN-004Secure Coding PracticesRole-BasedEngineering2026-05-0187% / 95%AppSec Lead
Cadence: Semi-annual
Status: Active
Owner: AppSec Lead

Compliance Requirement. ISO 27001 A.8.28; PCI DSS 6.4.5

Linked Controls

SAST findings tied to training completion.

TRN-014Records ManagementRole-BasedRecords Owners2025-09-2083% / 95%DPO
Cadence: Annual
Status: Active
Owner: DPO

Compliance Requirement. GDPR; ISO 27001 A.5.33

Linked Controls

Last run overdue refresh — flagged for hygiene.

TRN-002Phishing Simulation — QuarterlyPhishing SimulationAll Staff2026-05-15— / —CISO
Cadence: Quarterly
Status: Active
Owner: CISO

Compliance Requirement. ISO 27001 A.6.3

Linked Controls

Click rate Q2 2026: 6.8% (down from Q1's 8.1%).

Governance Hygiene

Automated flags — items needing management attention.

Below target completion 12

TRN-001Annual Security Awareness94% vs target 98% — 4% gapWatch
TRN-003Privileged Access Training91% vs target 100% — 9% gapWatch
TRN-004Secure Coding Practices87% vs target 95% — 8% gapWatch
TRN-005Data Protection & GDPR92% vs target 98% — 6% gapWatch
TRN-007AI Acceptable Use78% vs target 95% — 17% gapWatch
TRN-008Vendor Risk Management96% vs target 100% — 4% gapWatch
TRN-009Acceptable Use Policy Acknowledgement97% vs target 100% — 3% gapWatch
TRN-011Physical Security Awareness95% vs target 98% — 3% gapWatch
TRN-012Insider Threat Awareness94% vs target 98% — 4% gapWatch
TRN-013Business Continuity Awareness89% vs target 95% — 6% gapWatch
TRN-014Records Management83% vs target 95% — 12% gapWatch
TRN-015Software Composition Analysis (SCA) Process88% vs target 95% — 7% gapWatch

Audits

Internal and external audits, findings, response status, and Control test history. Closes the loop between scored maturity and external validation — Controls audit-tested carry higher credibility.

Total Audits YTD
12
In Flight
5
Open Findings
19
Critical Findings
0
Next Audit
2026-07-01
IDTitleTypeBodyScheduledFindingsStatus
AUD-001ISO 27001 Surveillance Audit 2026ExternalBSI2026-09-15Planned
Standard / Scope: ISO/IEC 27001:2022
Owner: CISO
Conclusion: NA
Response Due:
Response Progress: 0%
Re-audit: 2027-09-15

Findings Breakdown

Critical: 0 · Major: 0 · Minor: 0 · Observations: 0

Linked Controls

None mapped

Annual surveillance; preparation in progress.

AUD-010TISAX Assessment Level 2ExternalAuditor X2026-07-01Planned
Standard / Scope: TISAX Level 2
Owner: CISO
Conclusion: NA
Response Due:
Response Progress: 0%
Re-audit:

Findings Breakdown

Critical: 0 · Major: 0 · Minor: 0 · Observations: 0

Linked Controls

None mapped

Scheduled — preparation under way; gap assessment scheduled June.

AUD-011Pen Test — Internal Network 2026ExternalSecureCo2026-06-01In Progress
Standard / Scope: Internal segmentation, lateral movement
Owner: SOC Manager
Conclusion: NA
Response Due:
Response Progress: 0%
Re-audit:

Findings Breakdown

Critical: 0 · Major: 0 · Minor: 0 · Observations: 0

Linked Controls

Fieldwork in progress.

AUD-006Internal Audit — AI GovernanceInternalInternal Audit2026-05-100C / 2M / 5m / 4OResponse Due
Standard / Scope: ISO 42001 / EU AI Act readiness
Owner: Chief AI Officer
Conclusion: Pass with Conditions
Response Due: 2026-08-05
Response Progress: 20%
Re-audit: 2026-11-10

Findings Breakdown

Critical: 0 · Major: 2 · Minor: 5 · Observations: 4

Linked Controls

Material findings on impact assessment coverage and supplier DPA currency.

AUD-008Backup & Recovery AuditInternalInternal Audit2026-04-200C / 0M / 2m / 2OClosed
Standard / Scope: Recovery readiness
Owner: Business Continuity Manager
Conclusion: Pass
Response Due: 2026-08-05
Response Progress: 100%
Re-audit: 2027-04-20

Findings Breakdown

Critical: 0 · Major: 0 · Minor: 2 · Observations: 2

Linked Controls

Verification cadence tightened; RTO test results within target.

AUD-003SOC 2 Type II 2026 H1ExternalKPMG2026-04-010C / 1M / 5m / 2OFindings Issued
Standard / Scope: SOC 2 Type II (Security, Availability)
Owner: CISO
Conclusion: Pass with Conditions
Response Due: 2026-07-15
Response Progress: 60%
Re-audit: 2026-12-01

Findings Breakdown

Critical: 0 · Major: 1 · Minor: 5 · Observations: 2

Linked Controls

Major finding: PIM coverage on privileged accounts. Remediation in flight.

AUD-007GDPR Data Protection Audit 2026InternalDPO + External counsel2026-03-200C / 1M / 3m / 1OClosed
Standard / Scope: GDPR Articles 25, 32, 33, 35
Owner: DPO
Conclusion: Pass with Conditions
Response Due: 2026-07-25
Response Progress: 100%
Re-audit: 2027-03-20

Findings Breakdown

Critical: 0 · Major: 1 · Minor: 3 · Observations: 1

Linked Controls

DPIA coverage gap closed; data minimisation review embedded in change process.

AUD-005Penetration Test — External Surface 2026ExternalSecureCo2026-03-011C / 3M / 4m / 1OClosed
Standard / Scope: External attack surface
Owner: SOC Manager
Conclusion: Pass with Conditions
Response Due: 2026-06-15
Response Progress: 75%
Re-audit: 2026-09-15

Findings Breakdown

Critical: 1 · Major: 3 · Minor: 4 · Observations: 1

Linked Controls

1 critical (legacy VPN config) closed; remaining majors in flight.

AUD-004Internal Audit — Vendor Risk ManagementInternalInternal Audit2026-02-150C / 0M / 3m / 2OClosed
Standard / Scope: Vendor Risk Programme
Owner: Vendor Risk Manager
Conclusion: Pass
Response Due: 2026-05-10
Response Progress: 100%
Re-audit: 2027-02-15

Findings Breakdown

Critical: 0 · Major: 0 · Minor: 3 · Observations: 2

Linked Controls

All minor findings closed; programme refresh underway.

AUD-009NIS 2 Readiness Self-AssessmentSelf-AssessmentInternal2026-02-010C / 3M / 6m / 3OClosed
Standard / Scope: NIS 2 Directive
Owner: CISO
Conclusion: Pass with Conditions
Response Due: 2026-06-01
Response Progress: 80%
Re-audit: 2026-08-01

Findings Breakdown

Critical: 0 · Major: 3 · Minor: 6 · Observations: 3

Linked Controls

Article 21 controls largely in place; supply-chain due diligence remediation in progress.

AUD-012SOX IT General Controls 2025ExternalKPMG2025-11-010C / 0M / 4m / 2OClosed
Standard / Scope: SOX ITGCs
Owner: CIO
Conclusion: Pass
Response Due: 2026-03-15
Response Progress: 100%
Re-audit: 2026-11-01

Findings Breakdown

Critical: 0 · Major: 0 · Minor: 4 · Observations: 2

Linked Controls

All findings closed; SOX 2026 cycle starting Q3.

AUD-002ISO 27001 Certification Audit 2025ExternalBSI2025-09-120C / 2M / 4m / 3OClosed
Standard / Scope: ISO/IEC 27001:2022
Owner: CISO
Conclusion: Pass with Conditions
Response Due: 2025-12-12
Response Progress: 100%
Re-audit: 2026-09-15

Findings Breakdown

Critical: 0 · Major: 2 · Minor: 4 · Observations: 3

Linked Controls

All findings closed; certification awarded.

Governance Hygiene

Automated flags — items needing management attention.

Incidents

Historical and active security incidents with Control-failure attribution, asset and vendor impact, and lessons-learned status. Empirical validation layer for the framework: scored maturity meets operational reality here.

Total YTD
15
Open / Active
1
Critical/High Active
1
Repeat Categories
1
Lessons Open
2
IDTitleCategorySeverityDetectedOwnerStatus
INC-004Insider data export — pending investigationInsiderHigh2026-06-05CISOActive
Detection Method: SIEM
Date Closed:
MTTD: 180 min
MTTR: 4 hours
MTTC: — hours
Regulatory Trigger: Yes — GDPR Art. 33 considered; under review

Lessons Learned. Investigation ongoing; legal & HR engaged. Action Open

Failed Controls

Affected Assets

Affected Vendors

INC-009Lost laptop — encrypted, no exposurePhysicalLow2026-05-25IT Service DeskResolved
Detection Method: User Report
Date Closed: 2026-05-26
MTTD: — min
MTTR: 12 hours
MTTC: — hours
Regulatory Trigger: No

Lessons Learned. Disk encryption verified; remote wipe issued. Implemented

Failed Controls

Affected Assets

Affected Vendors

INC-001Phishing campaign — credential harvest attemptPhishingHigh2026-05-20Incident Response LeadLessons Implemented
Detection Method: User Report
Date Closed: 2026-05-22
MTTD: 45 min
MTTR: 2.5 hours
MTTC: 1.5 hours
Regulatory Trigger: No

Lessons Learned. Click rate spike in finance team; localised training delivered; MFA enforcement gap on legacy AD account closed. Implemented

Failed Controls

Affected Assets

Affected Vendors

INC-007Brute-force login attempts — OktaAccount TakeoverMedium2026-05-12Identity & Access ManagerResolved
Detection Method: SIEM
Date Closed: 2026-05-12
MTTD: 6 min
MTTR: 0.5 hours
MTTC: 0.2 hours
Regulatory Trigger: No

Lessons Learned. Source IPs blocked; affected accounts forced password reset; MFA enforcement confirmed. Implemented

Failed Controls

Affected Assets

Affected Vendors

INC-005Misdirected email — limited PII exposureData LossLow2026-05-08DPOLessons Implemented
Detection Method: User Report
Date Closed: 2026-05-09
MTTD: 60 min
MTTR: 3 hours
MTTC: 2 hours
Regulatory Trigger: Yes — GDPR breach notification submitted

Lessons Learned. Recipient confirmed deletion; DPO notified; awareness training reinforced. Implemented

Failed Controls

Affected Assets

Affected Vendors

INC-008LLM prompt-injection attempt — customer support botAI-relatedMedium2026-04-30Chief AI OfficerResolved
Detection Method: Logging Review
Date Closed: 2026-05-03
MTTD: 240 min
MTTR: 6 hours
MTTC: 4 hours
Regulatory Trigger: No

Lessons Learned. Prompt-injection guardrails strengthened; pattern added to anomaly detection. Implemented

Failed Controls

Affected Assets

Affected Vendors

INC-015BC tabletop finding — IR escalation gapProcessLow2026-04-30Incident Response LeadLessons Implemented
Detection Method: Tabletop Exercise
Date Closed: 2026-05-30
MTTD: — min
MTTR: — hours
MTTC: — hours
Regulatory Trigger: No

Lessons Learned. Escalation matrix had stale on-call contacts; updated and tested. Implemented

Failed Controls

Affected Assets

Affected Vendors

Found via planned tabletop exercise, not real incident.

INC-006Phishing simulation failure cluster — sales teamPhishingLow2026-04-22CISOResolved
Detection Method: Internal Audit
Date Closed: 2026-05-15
MTTD: — min
MTTR: — hours
MTTC: — hours
Regulatory Trigger: No

Lessons Learned. Phishing simulation click rate 18% in sales; targeted re-training rolled out; subsequent run dropped to 6%. Implemented

Failed Controls

Affected Assets

Affected Vendors

INC-012Unauthorised AI tool usage — marketingShadow IT / AILow2026-04-15Chief AI OfficerResolved
Detection Method: Self-Disclosure
Date Closed: 2026-05-10
MTTD: — min
MTTR: — hours
MTTC: — hours
Regulatory Trigger: No

Lessons Learned. Marketing team using consumer Claude account for content review; usage migrated to enterprise account; policy reinforced. Implemented

Failed Controls

Affected Assets

Affected Vendors

INC-002Ransomware vector — blocked at endpointMalwareMedium2026-04-10SOC ManagerResolved
Detection Method: EDR
Date Closed: 2026-04-10
MTTD: 8 min
MTTR: 1 hours
MTTC: 0.3 hours
Regulatory Trigger: No

Lessons Learned. CrowdStrike kill-chain blocked execution; user education delivered. Implemented

Failed Controls

Affected Assets

Affected Vendors

INC-014Stale access — terminated employeeAccess ManagementMedium2026-03-25Identity & Access ManagerLessons Implemented
Detection Method: Internal Audit
Date Closed: 2026-04-15
MTTD: — min
MTTR: — hours
MTTC: — hours
Regulatory Trigger: No

Lessons Learned. Offboarding gap identified; PIM cleanup process accelerated; quarterly attestation cycle tightened. Implemented

Failed Controls

Affected Assets

Affected Vendors

INC-003Vendor breach notification — AWS S3 misconfig (3rd party)Third-PartyMedium2026-03-15Vendor Risk ManagerResolved
Detection Method: External Notification
Date Closed: 2026-04-02
MTTD: — min
MTTR: 72 hours
MTTC: 48 hours
Regulatory Trigger: No

Lessons Learned. Vendor self-remediated; reviewed our config; no data exposure on our tenant. Implemented

Failed Controls

Affected Assets

Affected Vendors

INC-011Backup verification gap — 1 missed cycleOperationalLow2026-03-02Business Continuity ManagerResolved
Detection Method: Internal Audit
Date Closed: 2026-03-04
MTTD: — min
MTTR: — hours
MTTC: — hours
Regulatory Trigger: No

Lessons Learned. Job scheduling fix; weekly verification report added. Implemented

Failed Controls

Affected Assets

Affected Vendors

INC-013DDoS attempt — mitigated upstreamAvailabilityMedium2026-02-28SOC ManagerResolved
Detection Method: Vendor Alert
Date Closed: 2026-02-28
MTTD: 3 min
MTTR: 0.2 hours
MTTC: 0.1 hours
Regulatory Trigger: No

Lessons Learned. AWS Shield mitigated; no customer impact. Implemented

Failed Controls

Affected Assets

Affected Vendors

INC-010Q1 phishing campaign — Finance departmentPhishingHigh2026-01-18Incident Response LeadLessons Implemented
Detection Method: User Report
Date Closed: 2026-02-05
MTTD: 55 min
MTTR: 3 hours
MTTC: 1.5 hours
Regulatory Trigger: No

Lessons Learned. Same finance team as INC-001 — repeat category. Systemic root cause investigation underway. Captured

Failed Controls

Affected Assets

Affected Vendors

Repeat category — flagged for systemic review.

Governance Hygiene

Automated flags — items needing management attention.

Active Critical/High incidents 1

INC-004Insider data export — pending investigationHigh — Active since 2026-06-05Active

Repeat categories 1

Phishing3 incidents in this category — potential systemic root causeWatch

Policy Register

Formal policies with explicit owner, approval body, version, review cadence, and the Controls they govern. Formalises the per-Objective policy stubs into a single source of truth and drives review-cadence accountability.

Total Policies
15
across Domains
Active
12
80% of estate
Overdue Review
1
past next review date
Review Due 90 days
3
approaching window
In Review / Pending
2
draft → approval pipeline
Board-approved
5
CISO-approved
9
CTO-approved
1
IT Committee-approved
0
Policy IDNameDomainApproval BodyOwnerNext ReviewStatus
POL-001Information Security Policy (Umbrella)AllBoardCISO2027-01-15Active
Version: v4.2
Approved Date: 2026-01-15
Review Cadence: Annual
Next Review Due: 2027-01-15
Distribution: All staff (intranet) + contractor onboarding
Acknowledgement: 94%

Description. Umbrella policy stating commitment to information security; all other policies operate under its authority.

Implements Controls

POL-002Acceptable Use PolicyGOVCISOCISO2026-11-30Active
Version: v3.1
Approved Date: 2025-11-30
Review Cadence: Annual
Next Review Due: 2026-11-30
Distribution: All staff (intranet) + onboarding
Acknowledgement: 96%

Implements Controls

POL-003Access Control PolicyPROCISOIdentity & Access Manager2026-09-15In Review
Version: v2.5 (v2.6 in review)
Approved Date: 2025-09-15
Review Cadence: Annual
Next Review Due: 2026-09-15
Distribution: IT staff + system owners
Acknowledgement: 98%

Description. v2.6 draft updates for FIDO2 / passkey rollout pending CISO sign-off.

Implements Controls

POL-004Asset Management PolicyIDECISOCIO2025-09-15Overdue
Version: v2.0
Approved Date: 2024-09-15
Review Cadence: Annual
Next Review Due: 2025-09-15 (overdue 270 days)
Distribution: IT staff
Acknowledgement: 0%

Description. Refresh required before next audit cycle; Asset Register go-live changes Coverage requirement.

Implements Controls

POL-005Risk Management PolicyGOVBoardCISO2027-02-28Active
Version: v3.0
Approved Date: 2026-02-28
Review Cadence: Annual
Next Review Due: 2027-02-28
Distribution: Senior leadership + Risk owners
Acknowledgement: 100%

Implements Controls

POL-006Incident Response PolicyRESBoardIncident Response Lead2027-03-15Active
Version: v4.1
Approved Date: 2026-03-15
Review Cadence: Annual + on material change
Next Review Due: 2027-03-15
Distribution: All staff (intranet)
Acknowledgement: 91%

Implements Controls

POL-007Business Continuity PolicyRECBoardBusiness Continuity Manager2026-12-01Active
Version: v2.8
Approved Date: 2025-12-01
Review Cadence: Annual
Next Review Due: 2026-12-01
Distribution: Senior leadership + IT
Acknowledgement: 100%

Implements Controls

POL-008Vendor Risk Management PolicyGOVCISOVendor Risk Manager2027-01-20Active
Version: v2.2
Approved Date: 2026-01-20
Review Cadence: Annual
Next Review Due: 2027-01-20
Distribution: Procurement + IT + Legal
Acknowledgement: 100%

Implements Controls

POL-009AI Risk Management PolicyAIIBoardChief AI Officer2027-02-10Active
Version: v1.3
Approved Date: 2026-02-10
Review Cadence: Semi-annual (AI Act effective-date driven)
Next Review Due: 2027-02-10
Distribution: All staff (intranet)
Acknowledgement: 88%

Implements Controls

POL-010Data Classification PolicyPROCISODPO2026-10-25Active
Version: v3.0
Approved Date: 2025-10-25
Review Cadence: Annual
Next Review Due: 2026-10-25
Distribution: All staff (intranet)
Acknowledgement: 92%

Implements Controls

POL-011Cryptography PolicyPROCISOCTO2026-08-30Active
Version: v2.1
Approved Date: 2025-08-30
Review Cadence: Annual + on cryptography landscape change
Next Review Due: 2026-08-30
Distribution: Engineering + Security
Acknowledgement: 100%

Implements Controls

POL-012Vulnerability Management PolicyDETCISOSOC Manager2027-04-10Active
Version: v3.4
Approved Date: 2026-04-10
Review Cadence: Annual
Next Review Due: 2027-04-10
Distribution: IT staff
Acknowledgement: 95%

Implements Controls

POL-013Secure Development Policy (SSDLC)APSCTOAppSec Lead2026-06-15Pending Approval
Version: v2.0 (v3.0 pending CTO)
Approved Date: 2024-06-15
Review Cadence: Annual
Next Review Due: 2026-06-15
Distribution: Engineering
Acknowledgement: 78%

Description. v3.0 draft signed off by AppSec; with CTO 9 days.

Implements Controls

POL-014Logging & Monitoring PolicyDETCISOSOC Manager2027-03-05Active
Version: v2.7
Approved Date: 2026-03-05
Review Cadence: Annual
Next Review Due: 2027-03-05
Distribution: Engineering + SOC
Acknowledgement: 100%

Implements Controls

POL-015Remote Work PolicyPROCISOCISO2026-07-12Active
Version: v1.8
Approved Date: 2025-07-12
Review Cadence: Annual
Next Review Due: 2026-07-12
Distribution: All staff (intranet)
Acknowledgement: 97%

Description. Review due in 31 days; on track.

Implements Controls

Governance Hygiene

Automated flags — items needing management attention.

Reviews overdue 1

POL-004Asset Management PolicyOverdue 270 days — AnnualOverdue

Reviews due within 90 days 3

POL-011Cryptography PolicyDue in 79 daysActive
POL-013Secure Development Policy (SSDLC)Due in 3 daysActive
POL-015Remote Work PolicyDue in 30 daysActive

In review / pending approval 2

POL-003Access Control PolicyStatus: In ReviewIn Review
POL-013Secure Development Policy (SSDLC)Status: Pending ApprovalPending Approval

Vendor Register

First-class third parties with contract status, certifications, criticality, treating Controls, and recertification cadence. Anchors NIS 2 supply-chain due diligence, AIT (third-party AI) governance, and DPO data-processor obligations.

Total Vendors
15
in scope
Critical
6
40% of estate
Contracts Expiring / Renewing
4
attention horizon
Reviews Overdue
2
past recertification
Certification Coverage
100%
with attestation
Vendor IDNameCriticalityTypeOwnerContract ExpiryStatus
VND-001Amazon Web Services (AWS)CriticalCloud InfrastructureCIO2027-03-31Active
Vendor Type: Cloud Infrastructure
Geographic Locations: EU (eu-west-2); US (us-east-1 fail-over)
Last Review: 2026-05-15
Next Review Due: 2026-11-15
DPA Status: Current
Risk Rating: Medium residual (concentration risk)

Services. Compute, storage, networking, security primitives

Certifications

ISO/IEC 27001 ISO/IEC 27017 ISO/IEC 27018 SOC 2 Type II SOC 3 PCI DSS

Data Accessed

Customer PII Financial Source Code

Treating Controls

Assets Affected

Hosts AST-002, AST-004, AST-005.

VND-002Microsoft 365CriticalSaaS ProductivityCIO2027-06-30Active
Vendor Type: SaaS Productivity
Geographic Locations: Microsoft EU Cloud
Last Review: 2026-04-20
Next Review Due: 2026-10-20
DPA Status: Current
Risk Rating: Medium

Services. Email, Teams, SharePoint, OneDrive

Certifications

ISO/IEC 27001 SOC 2 Type II EU Cloud Code of Conduct

Data Accessed

Employee email documents

Treating Controls

Assets Affected

VND-003SalesforceCriticalSaaS CRMCIO2026-12-31Renewing
Vendor Type: SaaS CRM
Geographic Locations: Salesforce EU (eu-central-1)
Last Review: 2026-03-10
Next Review Due: 2026-09-10
DPA Status: Current
Risk Rating: Medium

Services. Customer relationship management

Certifications

ISO/IEC 27001 SOC 2 Type II

Data Accessed

Customer Contact Data

Treating Controls

Assets Affected

Contract renewal in progress.

VND-004ServiceNowHighSaaS ITSMCIO2027-09-30Active
Vendor Type: SaaS ITSM
Geographic Locations: ServiceNow EU
Last Review: 2026-02-15
Next Review Due: 2026-08-15
DPA Status: Current
Risk Rating: Low

Services. Service management, ticketing, asset CMDB

Certifications

ISO/IEC 27001 SOC 2 Type II

Data Accessed

Asset metadata ticket content

Treating Controls

Assets Affected

None
VND-005OktaCriticalIdentity ProviderIdentity & Access Manager2026-10-31Active
Vendor Type: Identity Provider
Geographic Locations: Okta EU
Last Review: 2026-04-01
Next Review Due: 2026-10-01
DPA Status: Current
Risk Rating: High (identity perimeter)

Services. Identity and access management

Certifications

ISO/IEC 27001 SOC 2 Type II FedRAMP Moderate

Data Accessed

All user credentials

Treating Controls

Assets Affected

VND-006CrowdStrikeCriticalSecurity OperationsSOC Manager2027-01-31Active
Vendor Type: Security Operations
Geographic Locations: CrowdStrike EU
Last Review: 2026-05-20
Next Review Due: 2026-11-20
DPA Status: Current
Risk Rating: Medium

Services. EDR / XDR / Threat Intelligence

Certifications

ISO/IEC 27001 SOC 2 Type II FedRAMP High

Data Accessed

Endpoint telemetry

Treating Controls

Assets Affected

None
VND-007WorkdayHighHRISDPO2026-11-30Renewing
Vendor Type: HRIS
Geographic Locations: Workday EU Cloud
Last Review: 2026-03-25
Next Review Due: 2026-09-25
DPA Status: Current
Risk Rating: Medium

Services. Human resources, payroll, talent

Certifications

ISO/IEC 27001 SOC 2 Type II ISO/IEC 27018

Data Accessed

HR PII

Treating Controls

Assets Affected

DPA executed 2024-09-01.

VND-008KnowBe4MediumTrainingCISO2026-09-30Active
Vendor Type: Training
Geographic Locations: KnowBe4 US
Last Review: 2025-11-10
Next Review Due: 2026-05-10 (overdue 33 days)
DPA Status: Current
Risk Rating: Low

Services. Security awareness training, phishing simulations

Certifications

SOC 2 Type II

Data Accessed

Employee training records

Treating Controls

Assets Affected

None

Annual review overdue 33 days as of 2026-06-12.

VND-009Anthropic (Claude API)HighAI / LLM ProviderChief AI Officer2026-12-31Active
Vendor Type: AI / LLM Provider
Geographic Locations: US
Last Review: 2026-05-30
Next Review Due: 2026-11-30
DPA Status: Current
Risk Rating: Medium

Services. Claude API for internal copilot, document classification

Certifications

SOC 2 Type II ISO/IEC 42001 (in progress)

Data Accessed

Prompts (anonymised no PII)

Treating Controls

Assets Affected

VND-010Secondary LLM ProviderHighAI / LLM ProviderChief AI Officer2026-12-31Active
Vendor Type: AI / LLM Provider
Geographic Locations: US
Last Review: 2026-05-30
Next Review Due: 2026-11-30
DPA Status: Current
Risk Rating: Medium

Services. LLM API for customer-support automation

Certifications

SOC 2 Type II

Data Accessed

Prompts (anonymised no PII)

Treating Controls

Assets Affected

VND-011SplunkHighSIEMSOC Manager2026-12-31Renewing
Vendor Type: SIEM
Geographic Locations: Splunk EU
Last Review: 2025-12-15
Next Review Due: 2026-06-15
DPA Status: Current
Risk Rating: Medium

Services. Security log aggregation and analytics

Certifications

ISO/IEC 27001

Data Accessed

Security logs

Treating Controls

Assets Affected

None
VND-012GitHub EnterpriseCriticalDeveloper PlatformCTO2027-04-30Active
Vendor Type: Developer Platform
Geographic Locations: GitHub EU
Last Review: 2026-04-15
Next Review Due: 2026-10-15
DPA Status: Current
Risk Rating: High

Services. Source code hosting, CI/CD

Certifications

ISO/IEC 27001 SOC 2 Type II

Data Accessed

Source code secrets (where misconfigured)

Treating Controls

Assets Affected

VND-013Iron MountainHighBackupBusiness Continuity Manager2027-02-28Active
Vendor Type: Backup
Geographic Locations: Iron Mountain UK
Last Review: 2026-04-05
Next Review Due: 2026-10-05
DPA Status: Current
Risk Rating: Low

Services. Offsite backup storage

Certifications

ISO/IEC 27001

Data Accessed

Encrypted backups

Treating Controls

Assets Affected

VND-014DBC & Co Legal CounselLowProfessional ServicesDPO2026-12-31Active
Vendor Type: Professional Services
Geographic Locations: London, UK
Last Review: 2024-09-01
Next Review Due: 2025-09-01 (overdue 284 days)
DPA Status: Current
Risk Rating: Low

Services. Legal advisory

Certifications

None registered

Data Accessed

Advisory only

Treating Controls

Assets Affected

None

Overdue 285 days as of 2026-06-12.

VND-015KPMG (External Audit)MediumProfessional ServicesCISO2026-06-30Expiring
Vendor Type: Professional Services
Geographic Locations: London, UK
Last Review: 2026-03-01
Next Review Due: 2026-09-01
DPA Status: Current
Risk Rating: Medium

Services. External audit

Certifications

ISO/IEC 27001

Data Accessed

Audit working papers

Treating Controls

Assets Affected

None

Contract expires 18 days; renewal RFP in progress.

Governance Hygiene

Automated flags — items needing management attention.

Recertification overdue 2

VND-008KnowBe4Overdue 33 daysOverdue
VND-014DBC & Co Legal CounselOverdue 284 daysOverdue

Contracts expiring 1

VND-015KPMG (External Audit)Contract status: Expiring — expires 2026-06-30Action

Asset Register

First-class assets (systems, data, processes, locations) with owners, classifications, treating Controls, and review cadence. Anchors scope for incident response and supports asset-led risk treatment.

Total Assets
15
across asset types
Critical / Restricted
12
80% of estate
Stale Review
3
past review cadence
Unowned
0
no named owner
Coverage
100%
with treating Controls
Systems
7
Datas
3
Process
2
Locations
3
Personnel Roles
0
Asset IDNameTypeClassificationOwnerLast ReviewedStatus
AST-001Customer CRM Platform (Salesforce)SystemCriticalCIO2026-04-10Active
Custodian: Salesforce (vendor-managed)
Location: Salesforce EU (eu-central-1)
Review Cadence: Quarterly
Next Review Due: 2026-07-10
Business Processes: Sales; Customer Support; Account Management

Description. Primary CRM holding customer contact data, opportunity records, support tickets. SSO via Okta; data residency EU.

Treating Controls

Treating Vendor

Risks Affecting

AST-002Enterprise Data WarehouseSystemCriticalCIO2026-03-25Active
Custodian: Data Engineering Team
Location: AWS eu-west-2
Review Cadence: Quarterly
Next Review Due: 2026-06-25
Business Processes: Analytics; Regulatory Reporting; Finance Close

Description. Centralised analytics warehouse and source for regulatory reporting.

Treating Controls

Treating Vendor

Risks Affecting

AST-003Production Source Code RepositoriesDataRestrictedCTO2026-04-15Active
Custodian: Engineering Platform Team
Location: GitHub Enterprise Cloud (EU)
Review Cadence: Quarterly
Next Review Due: 2026-07-15
Business Processes: Software Development; Release Management

Description. All production application source code, IaC, deployment pipelines.

Treating Controls

Treating Vendor

Risks Affecting

AST-004Customer PII DatabaseDataRestrictedDPO2026-02-10Stale Review
Custodian: Data Engineering Team
Location: AWS eu-west-2 (encrypted at rest)
Review Cadence: Quarterly
Next Review Due: 2026-05-10 (overdue 33 days)
Business Processes: Customer Onboarding; Marketing; Support

Description. Personal data covering customer identity, contact, transaction history. DSAR handled per process.

Treating Controls

Treating Vendor

Risks Affecting

AST-005Financial Records DatabaseDataRestrictedCFO2026-03-30Active
Custodian: Finance Operations
Location: AWS eu-west-2
Review Cadence: Quarterly
Next Review Due: 2026-06-30
Business Processes: Finance

Description. General ledger, AP/AR, financial close working data.

Treating Controls

Treating Vendor

Risks Affecting

AST-006HR Information System (Workday)SystemCriticalCIO2026-03-12Stale Review
Custodian: Workday (vendor-managed)
Location: Workday EU Cloud
Review Cadence: Quarterly
Next Review Due: 2026-06-12
Business Processes: HR Operations; Payroll

Description. HRIS holding employee personal data, payroll, performance.

Treating Controls

Treating Vendor

Risks Affecting

AST-007Email & Collaboration Platform (M365)SystemSensitiveCIO2026-04-20Active
Custodian: Microsoft (vendor-managed)
Location: Microsoft Cloud (EU)
Review Cadence: Semi-annual
Next Review Due: 2026-10-20
Business Processes: All employee productivity

Description. Email, Teams, SharePoint, OneDrive.

Treating Controls

Treating Vendor

Risks Affecting

AST-008Identity Platform (Okta + AD)SystemCriticalIdentity & Access Manager2026-05-01Active
Custodian: Identity Team
Location: Okta EU + On-prem AD (London HQ)
Review Cadence: Quarterly
Next Review Due: 2026-08-01
Business Processes: All identity

Description. Authentication, MFA, group provisioning. Underpins access to all other systems.

Treating Controls

Treating Vendor

Risks Affecting

AST-009Incident Response ProcessProcessCriticalIncident Response Lead2026-04-30Active
Custodian: SOC + IR Team
Location: All operating locations
Review Cadence: Quarterly (with tabletop)
Next Review Due: 2026-07-31
Business Processes: Incident Management

Description. Documented IR runbook, escalation matrix, tabletop schedule.

Treating Controls

Treating Vendor

None

Risks Affecting

AST-010London HQ DatacentreLocationCriticalCIO2026-02-15Stale Review
Custodian: Facilities Team
Location: London HQ — basement, restricted area
Review Cadence: Quarterly
Next Review Due: 2026-05-15 (overdue 28 days)
Business Processes: Infrastructure

Description. Primary on-premises datacentre; houses AD, network core, edge.

Treating Controls

Treating Vendor

None

Risks Affecting

AST-011DR Site (Manchester)LocationCriticalBusiness Continuity Manager2026-03-08Active
Custodian: Facilities Team
Location: Manchester — warm-site
Review Cadence: Semi-annual (with failover test)
Next Review Due: 2026-09-08
Business Processes: Business Continuity

Description. Disaster recovery / co-located warm site. Failover tested semi-annually.

Treating Controls

Treating Vendor

None

Risks Affecting

AST-012AWS eu-west-2 RegionLocationCriticalCIO2026-05-01Active
Custodian: Cloud Platform Team
Location: AWS London Region
Review Cadence: Quarterly
Next Review Due: 2026-08-01
Business Processes: All cloud workloads

Description. Primary public-cloud region for production workloads.

Treating Controls

Treating Vendor

Risks Affecting

AST-013LLM API Integration (Claude + secondary LLM)SystemCriticalChief AI Officer2026-05-15Active
Custodian: AI Platform Team
Location: Anthropic US + Secondary LLM Provider US (DPA executed)
Review Cadence: Quarterly
Next Review Due: 2026-08-15
Business Processes: Customer support automation; Internal copilot; Document classification

Description. Production LLM API calls for copilot, classification, support automation.

Treating Controls

Treating Vendor

Risks Affecting

AST-014Payroll ProcessProcessSensitiveHR Director2026-04-05Active
Custodian: Payroll Team
Location: All operating locations (via Workday)
Review Cadence: Semi-annual
Next Review Due: 2026-10-05
Business Processes: HR; Finance

Description. Monthly payroll run, statutory submissions.

Treating Controls

Treating Vendor

Risks Affecting

AST-015Backup Storage (Iron Mountain)SystemSensitiveBusiness Continuity Manager2026-04-05Active
Custodian: Iron Mountain (vendor-managed)
Location: Iron Mountain UK — offsite
Review Cadence: Semi-annual
Next Review Due: 2026-10-05
Business Processes: Business Continuity

Description. Encrypted offsite backups, monthly rotation, restoration testing.

Treating Controls

Treating Vendor

Risks Affecting

Governance Hygiene

Automated flags — items needing management attention.

Overdue review 2

AST-004Customer PII DatabaseOverdue 33 days — Quarterly reviewOverdue
AST-010London HQ DatacentreOverdue 28 days — Quarterly reviewOverdue

Owners

Per-Owner roll-up of Controls, Actions, and Evidence. The escalation lens for steering committee — concentrates accountability, workload, and treatment progress in one view. Rows sorted by lowest % at target first (escalation candidates surface up top). Click any row to expand.

Owners
12
Company-Wide At Target
66%
226 of 341 Controls
Highest Workload
CISO
63 Controls
Lowest % At Target
AI Risk Lead
45% — 10 of 22
Most Overdue Actions
CISO
1 overdue
OwnerControls% At TargetFloor (lowest Control)Open / In Prog / Blocked / OverdueWeak Evidence
AI Risk Lead2245%AIT.AG-06 Cur 1 / Tgt 71200 overdue8 weak/none

Controls below target 12

Active Actions 3

ACT-050AII.AG-02Audit human-in-the-loop checks for high-risk agentsIn Progress34 days
ACT-048AIT.RT-02Risk treatment plan for high-risk AI vendorsIn Progress65 days
ACT-049AIT.MO-02Continuous monitoring of vendor AI policy driftOpen111 days
Chief AI Officer3050%AII.OP-07 Cur 1 / Tgt 61200 overdue7 weak/none

Controls below target 15

Active Actions 3

ACT-024AII.US-02Acceptable AI use policy rolloutIn Progress39 days
ACT-022AIT.AG-02Vendor AI agent inventory baselineIn Progress49 days
ACT-023AII.GV-03Internal AI Governance Board charterOpen65 days
Vendor Risk Manager2850%IDE.ES-04 Cur 4 / Tgt 62200 overdue6 weak/none

Controls below target 14

Active Actions 4

ACT-051IDE.SC-03Tier vendor portfolio by criticalityIn Progress49 days
ACT-053AIT.AM-02Subcontractor inventory for 8 critical AI vendorsIn Progress96 days
ACT-052AIT.VR-02Refresh vendor security assessment templateOpen80 days
ACT-054APS.SC-03Software supplier security baselineOpen111 days
CIO2458%IDE.AM-07 Cur 4 / Tgt 62300 overdue0 weak/none

Controls below target 10

Active Actions 5

ACT-017PRO.EP-04Push CrowdStrike Falcon to last 1.3% endpointsIn Progress9 days
ACT-014IDE.AM-03Decommission shadow IT asset inventory itemsIn Progress49 days
ACT-015IDE.AM-05Onboard cloud asset inventory into CMDBIn Progress80 days
ACT-016PRO.EM-02Implement DKIM/DMARC enforcement on legacy subdomainsOpen96 days
ACT-018PRO.PS-02Complete physical access review for HQ + 2 regional officesOpen111 days
AppSec Lead4963%AII.VM-06 Cur 2 / Tgt 74400 overdue7 weak/none

Controls below target 18

Active Actions 8

ACT-046AII.SD-03Secure-by-design checklist for AI feature rolloutsIn Progress49 days
ACT-040APS.SD-04Roll out Snyk SAST to all main repositoriesIn Progress50 days
ACT-044APS.TA-02FY26 developer secure coding training rolloutIn Progress65 days
ACT-041APS.VM-03Reduce critical AppSec vuln SLA to 14 daysIn Progress80 days
ACT-043APS.OP-03Centralise AppSec findings in shared workspaceOpen80 days
ACT-042APS.SC-02SBOM generation for all production servicesOpen96 days
ACT-047AII.VM-02AI model vulnerability tracker live integrationOpen96 days
ACT-045APS.AM-03Application catalogue refresh — tag criticalityOpen111 days
Identity & Access Manager1566%PRO.IR-03 Cur 4 / Tgt 60300 overdue0 weak/none

Controls below target 5

Active Actions 3

ACT-055PRO.AA-03Quarterly access review across Tier-1 systemsIn Progress14 days
ACT-057PRO.IR-03Automate leaver offboarding for SaaSIn Progress49 days
ACT-056PRO.AA-06Just-In-Time access for production adminIn Progress65 days
DPO2470%IDE.DI-03 Cur 5 / Tgt 61200 overdue0 weak/none

Controls below target 7

Active Actions 3

ACT-027PRO.DS-04Implement DLP rules for sensitive personal dataIn Progress49 days
ACT-025IDE.DI-03Complete personal data inventory for cloud appsIn Progress81 days
ACT-026IDE.DI-05Refresh data flow diagrams for customer journeyOpen96 days
CISO6373%GOV.RR-08 Cur 2 / Tgt 66611 overdue12 weak/none

Controls below target 17

Active Actions 13

ACT-004GOV.RR-04Document segregation-of-duties matrixBlocked82 days
ACT-006GOV.AC-02Refresh Accountability & Sanctions PolicyIn Progress14 days
ACT-003GOV.RM-03Update enterprise risk appetite statementIn Progress19 days
ACT-001GOV.OC-01Refresh ISMS Scope & Boundaries document for FY26In Progress34 days
ACT-011RES.GV-01Annual IR Plan review and tabletop scheduleIn Progress34 days
ACT-009PRO.TA-01Run FY26 mandatory security awareness trainingIn Progress50 days
ACT-013APS.GV-03AppSec governance review — DevSecOps maturity modelIn Progress80 days
ACT-059GOV.RM-05Update risk treatment register with Q1 outcomesOpen12 days overdue
ACT-005GOV.PO-02Annual Information Security Policy reviewOpen65 days
ACT-002GOV.LE-02Schedule CEO ISMS commitment statement reviewOpen80 days
ACT-010DET.GV-02Define SOC governance escalation matrixOpen80 days
ACT-012REC.GV-02Business Continuity policy refreshOpen96 days
ACT-008IDE.RA-02Refresh annual risk assessment methodologyOpen111 days
SOC Manager2774%IDE.TM-02 Cur 4 / Tgt 62401 overdue4 weak/none

Controls below target 7

Active Actions 6

ACT-060DET.EA-02Reduce mean time to detect (MTTD) below 12hIn Progress12 days overdue
ACT-028DET.CM-04Onboard 4 new log sources into Splunk SIEMIn Progress34 days
ACT-029DET.DE-02Tune 14 false-positive heavy detectionsIn Progress65 days
ACT-032IDE.TM-02Operationalise threat intel into SIEM correlationIn Progress80 days
ACT-031DET.TH-01Quarterly threat hunt against MITRE T1078 (Valid Accounts)Open50 days
ACT-030DET.LM-03Extend log retention to 13 months for complianceOpen111 days
Business Continuity Manager2080%REC.RV-03 Cur 5 / Tgt 61200 overdue3 weak/none

Controls below target 4

Active Actions 3

ACT-039REC.RV-02Validate backups for 3 Tier-1 systemsIn Progress34 days
ACT-037REC.RP-02Annual DR plan tabletop testIn Progress65 days
ACT-038REC.RO-02Define Tier-1 system RTO targetsOpen96 days
CTO1681%PRO.NS-02 Cur 4 / Tgt 61301 overdue3 weak/none

Controls below target 3

Active Actions 4

ACT-021PRO.VM-04Reduce critical vulnerability SLA breach rate to <5%In Progress49 days
ACT-019PRO.CR-02Migrate legacy crypto to HSM-backed keysIn Progress65 days
ACT-020PRO.NS-03Roll out Zero-Trust network access for contractorsIn Progress111 days
ACT-058PRO.VM-02Patch backlog burn-down for legacy estateOpen27 days overdue
Incident Response Lead2386%RES.PR-01 Cur 5 / Tgt 62110 overdue4 weak/none

Controls below target 3

Active Actions 4

ACT-036RES.AN-02Implement enriched alert triage in SOARBlocked80 days
ACT-033RES.IR-04Refresh ransomware response playbookIn Progress49 days
ACT-034RES.PR-03Update on-call schedule for Q3 2026Open14 days
ACT-035RES.IC-02Crisis communications trainingOpen96 days

Actions

Open remediation actions across the framework. Each action targets a specific Control gap. Bridges the work between “we identified the gap” (Quick Wins, Evidence Watchlist, Below Target) and “we’re fixing it”.

Total Actions
64
Open
23
In Progress
34
Blocked
2
Due This Week
0
Overdue
3
Title
ACT-060DET.EA-02Reduce mean time to detect (MTTD) below 12hSOC ManagerHighIn Progress11 days overdue
Due: 2026-05-30Created: 2026-02-25Ticket: SOC-6035 →
OVERDUE. Currently 18h.
ACT-017PRO.EP-04Push CrowdStrike Falcon to last 1.3% endpointsCIOCriticalIn Progress10 days
Due: 2026-06-20Created: 2026-04-05Ticket: IT-2025 →
On final wave. Targeting 100% by audit prep cutoff.
ACT-006GOV.AC-02Refresh Accountability & Sanctions PolicyCISOCriticalIn Progress15 days
Due: 2026-06-25Created: 2026-04-10Ticket: SEC-1260 →
Stale per Evidence Registry — overdue policy review.
ACT-055PRO.AA-03Quarterly access review across Tier-1 systemsIdentity & Access ManagerCriticalIn Progress15 days
Due: 2026-06-25Created: 2026-04-01Ticket: IAM-12001 →
Risks Treated
Q2 cycle 80% complete. Due before audit.
ACT-003GOV.RM-03Update enterprise risk appetite statementCISOHighIn Progress20 days
Due: 2026-06-30Created: 2026-04-15Ticket: SEC-1245 →
Board input due by 2026-06-25.
ACT-001GOV.OC-01Refresh ISMS Scope & Boundaries document for FY26CISOHighIn Progress35 days
Due: 2026-07-15Created: 2026-04-01Ticket: SEC-1234 →
Stakeholder review on 2026-06-20.
ACT-011RES.GV-01Annual IR Plan review and tabletop scheduleCISOHighIn Progress35 days
Due: 2026-07-15Created: 2026-04-30Ticket: SEC-1290 →
Tabletop with senior leadership team scheduled for 2026-07-10.
ACT-028DET.CM-04Onboard 4 new log sources into Splunk SIEMSOC ManagerHighIn Progress35 days
Due: 2026-07-15Created: 2026-04-25Ticket: SOC-6001 →
AWS, Okta, Slack, GitHub. 2 of 4 onboarded.
ACT-039REC.RV-02Validate backups for 3 Tier-1 systemsBusiness Continuity ManagerHighIn Progress35 days
Due: 2026-07-15Created: 2026-04-20Ticket: BCM-8020 →
Quarterly restore test in progress.
ACT-050AII.AG-02Audit human-in-the-loop checks for high-risk agentsAI Risk LeadCriticalIn Progress35 days
Due: 2026-07-15Created: 2026-04-12Ticket: AIRISK-10020 →
Critical risk per EU AI Act.
ACT-024AII.US-02Acceptable AI use policy rolloutChief AI OfficerHighIn Progress40 days
Due: 2026-07-20Created: 2026-04-22Ticket: AI-4020 →
Rollout via mandatory training.
ACT-014IDE.AM-03Decommission shadow IT asset inventory itemsCIOHighIn Progress50 days
Due: 2026-07-30Created: 2026-04-15Ticket: IT-2001 →
44 unmanaged assets identified.
ACT-021PRO.VM-04Reduce critical vulnerability SLA breach rate to <5%CTOHighIn Progress50 days
Due: 2026-07-30Created: 2026-04-12Ticket: ENG-3120 →
Currently 8%. Automation rollout in progress.
ACT-022AIT.AG-02Vendor AI agent inventory baselineChief AI OfficerHighIn Progress50 days
Due: 2026-07-30Created: 2026-04-30Ticket: AI-4001 →
Manual inventory in progress. 60% complete.
ACT-027PRO.DS-04Implement DLP rules for sensitive personal dataDPOHighIn Progress50 days
Due: 2026-07-30Created: 2026-04-15Ticket: PRIV-5020 →
Risks Treated
Purview DLP policies in tuning.
ACT-033RES.IR-04Refresh ransomware response playbookIncident Response LeadHighIn Progress50 days
Due: 2026-07-30Created: 2026-04-22Ticket: IR-7001 →
Drawing from Q1 2026 tabletop lessons learned.
ACT-046AII.SD-03Secure-by-design checklist for AI feature rolloutsAppSec LeadHighIn Progress50 days
Due: 2026-07-30Created: 2026-04-22Ticket: APPSEC-9040 →
Pilot with one product team.
ACT-051IDE.SC-03Tier vendor portfolio by criticalityVendor Risk ManagerHighIn Progress50 days
Due: 2026-07-30Created: 2026-04-20Ticket: VRM-11001 →
Tier 1 done, Tier 2 underway.
ACT-057PRO.IR-03Automate leaver offboarding for SaaSIdentity & Access ManagerHighIn Progress50 days
Due: 2026-07-30Created: 2026-04-20Ticket: IAM-12020 →
Major SaaS apps in scope.
ACT-009PRO.TA-01Run FY26 mandatory security awareness trainingCISOHighIn Progress51 days
Due: 2026-07-31Created: 2026-04-12Ticket: SEC-1280 →
Risks Treated
KnowBe4 modules being prepared. 70% completion target before audit.
ACT-040APS.SD-04Roll out Snyk SAST to all main repositoriesAppSec LeadHighIn Progress51 days
Due: 2026-07-31Created: 2026-04-25Ticket: APPSEC-9001 →
70% repo coverage.
ACT-019PRO.CR-02Migrate legacy crypto to HSM-backed keysCTOCriticalIn Progress66 days
Due: 2026-08-15Created: 2026-04-01Ticket: ENG-3101 →
Risks Treated
Phase 1 (auth) complete. Phase 2 (data-at-rest) underway.
ACT-029DET.DE-02Tune 14 false-positive heavy detectionsSOC ManagerMediumIn Progress66 days
Due: 2026-08-15Created: 2026-05-10Ticket: SOC-6010 →
ACT-037REC.RP-02Annual DR plan tabletop testBusiness Continuity ManagerHighIn Progress66 days
Due: 2026-08-15Created: 2026-04-15Ticket: BCM-8001 →
Risks Treated
Coordinating with CTO team.
ACT-044APS.TA-02FY26 developer secure coding training rolloutAppSec LeadMediumIn Progress66 days
Due: 2026-08-15Created: 2026-04-30Ticket: APPSEC-9030 →
85% completion so far.
ACT-048AIT.RT-02Risk treatment plan for high-risk AI vendorsAI Risk LeadHighIn Progress66 days
Due: 2026-08-15Created: 2026-04-25Ticket: AIRISK-10001 →
6 of 12 vendors complete.
ACT-056PRO.AA-06Just-In-Time access for production adminIdentity & Access ManagerHighIn Progress66 days
Due: 2026-08-15Created: 2026-04-25Ticket: IAM-12010 →
Risks Treated
Pilot with cloud platform team.
ACT-013APS.GV-03AppSec governance review — DevSecOps maturity modelCISOMediumIn Progress81 days
Due: 2026-08-30Created: 2026-05-15Ticket: SEC-1300 →
ACT-015IDE.AM-05Onboard cloud asset inventory into CMDBCIOMediumIn Progress81 days
Due: 2026-08-30Created: 2026-04-20Ticket: IT-2010 →
Aligning with ServiceNow team.
ACT-032IDE.TM-02Operationalise threat intel into SIEM correlationSOC ManagerMediumIn Progress81 days
Due: 2026-08-30Created: 2026-04-30Ticket: SOC-6030 →
Recorded Future feed live; tuning rules.
ACT-041APS.VM-03Reduce critical AppSec vuln SLA to 14 daysAppSec LeadHighIn Progress81 days
Due: 2026-08-30Created: 2026-04-30Ticket: APPSEC-9010 →
ACT-025IDE.DI-03Complete personal data inventory for cloud appsDPOCriticalIn Progress82 days
Due: 2026-08-31Created: 2026-03-20Ticket: PRIV-5001 →
Discovery via BigID. 80% complete.
ACT-053AIT.AM-02Subcontractor inventory for 8 critical AI vendorsVendor Risk ManagerMediumIn Progress97 days
Due: 2026-09-15Created: 2026-05-15Ticket: VRM-11020 →
ACT-020PRO.NS-03Roll out Zero-Trust network access for contractorsCTOHighIn Progress112 days
Due: 2026-09-30Created: 2026-04-25Ticket: ENG-3110 →
Risks Treated
Pilot complete, expanding to all contractors.
ACT-058PRO.VM-02Patch backlog burn-down for legacy estateCTOCriticalOpen26 days overdue
Due: 2026-05-15Created: 2026-02-01Ticket: ENG-3130 →
Risks Treated
OVERDUE. Escalated to CISO.
ACT-059GOV.RM-05Update risk treatment register with Q1 outcomesCISOMediumOpen11 days overdue
Due: 2026-05-30Created: 2026-02-15Ticket: SEC-1310 →
OVERDUE. Following up with Risk Owners.
ACT-034RES.PR-03Update on-call schedule for Q3 2026Incident Response LeadMediumOpen15 days
Due: 2026-06-25Created: 2026-05-15Ticket: IR-7010 →
ACT-031DET.TH-01Quarterly threat hunt against MITRE T1078 (Valid Accounts)SOC ManagerMediumOpen51 days
Due: 2026-07-31Created: 2026-05-22Ticket: SOC-6025 →
Hunt plan drafted.
ACT-005GOV.PO-02Annual Information Security Policy reviewCISOHighOpen66 days
Due: 2026-08-15Created: 2026-05-01Ticket: SEC-1255 →
Risks Treated
Schedule legal review first.
ACT-023AII.GV-03Internal AI Governance Board charterChief AI OfficerHighOpen66 days
Due: 2026-08-15Created: 2026-05-15Ticket: AI-4010 →
Drafting in progress.
ACT-002GOV.LE-02Schedule CEO ISMS commitment statement reviewCISOMediumOpen81 days
Due: 2026-08-30Created: 2026-05-12Ticket: SEC-1240 →
Add to Q3 CEO 1:1.
ACT-010DET.GV-02Define SOC governance escalation matrixCISOMediumOpen81 days
Due: 2026-08-30Created: 2026-05-22Ticket: SEC-1285 →
ACT-043APS.OP-03Centralise AppSec findings in shared workspaceAppSec LeadMediumOpen81 days
Due: 2026-08-30Created: 2026-05-22Ticket: APPSEC-9025 →
ACT-052AIT.VR-02Refresh vendor security assessment templateVendor Risk ManagerMediumOpen81 days
Due: 2026-08-30Created: 2026-05-10Ticket: VRM-11010 →
ACT-012REC.GV-02Business Continuity policy refreshCISOMediumOpen97 days
Due: 2026-09-15Created: 2026-05-08Ticket: SEC-1295 →
ACT-016PRO.EM-02Implement DKIM/DMARC enforcement on legacy subdomainsCIOMediumOpen97 days
Due: 2026-09-15Created: 2026-05-10Ticket: IT-2018 →
ACT-026IDE.DI-05Refresh data flow diagrams for customer journeyDPOHighOpen97 days
Due: 2026-09-15Created: 2026-05-08Ticket: PRIV-5010 →
ACT-035RES.IC-02Crisis communications trainingIncident Response LeadMediumOpen97 days
Due: 2026-09-15Created: 2026-05-20Ticket: IR-7020 →
Coordinate with Comms team.
ACT-038REC.RO-02Define Tier-1 system RTO targetsBusiness Continuity ManagerHighOpen97 days
Due: 2026-09-15Created: 2026-05-10Ticket: BCM-8010 →
ACT-042APS.SC-02SBOM generation for all production servicesAppSec LeadMediumOpen97 days
Due: 2026-09-15Created: 2026-05-18Ticket: APPSEC-9020 →
ACT-047AII.VM-02AI model vulnerability tracker live integrationAppSec LeadMediumOpen97 days
Due: 2026-09-15Created: 2026-05-15Ticket: APPSEC-9045 →
ACT-008IDE.RA-02Refresh annual risk assessment methodologyCISOMediumOpen112 days
Due: 2026-09-30Created: 2026-05-18Ticket: SEC-1275 →
Schedule with Internal Audit.
ACT-018PRO.PS-02Complete physical access review for HQ + 2 regional officesCIOLowOpen112 days
Due: 2026-09-30Created: 2026-05-25Ticket: IT-2030 →
ACT-030DET.LM-03Extend log retention to 13 months for complianceSOC ManagerHighOpen112 days
Due: 2026-09-30Created: 2026-05-18Ticket: SOC-6020 →
Storage cost approval needed.
ACT-045APS.AM-03Application catalogue refresh — tag criticalityAppSec LeadLowOpen112 days
Due: 2026-09-30Created: 2026-05-25Ticket: APPSEC-9035 →
ACT-049AIT.MO-02Continuous monitoring of vendor AI policy driftAI Risk LeadMediumOpen112 days
Due: 2026-09-30Created: 2026-05-12Ticket: AIRISK-10010 →
ACT-054APS.SC-03Software supplier security baselineVendor Risk ManagerHighOpen112 days
Due: 2026-09-30Created: 2026-05-18Ticket: VRM-11030 →
ACT-036RES.AN-02Implement enriched alert triage in SOARIncident Response LeadMediumBlocked81 days
Due: 2026-08-30Created: 2026-04-30Ticket: IR-7025 →
Blocked on SOAR vendor delivery.
ACT-004GOV.RR-04Document segregation-of-duties matrixCISOMediumBlocked83 days
Due: 2026-09-01Created: 2026-04-20Ticket: SEC-1252 →
Blocked on HR data classification.
ACT-062PRO.DS-02Sign DPA with Tier-1 cloud processorsDPOCriticalCompleteComplete
Due: 2026-04-15Created: 2026-02-01Ticket: PRIV-5030 →
All 8 Tier-1 processors signed.
ACT-061APS.SD-02Move secrets scanning into pre-merge checksAppSec LeadHighCompleteComplete
Due: 2026-04-30Created: 2026-02-15Ticket: APPSEC-9050 →
Live since April. Caught 7 secret leaks in first month.
ACT-063IDE.AM-02Decommission EOL Windows Server 2012R2 instancesCIOCriticalCompleteComplete
Due: 2026-05-01Created: 2026-01-20Ticket: IT-2040 →
Risks Treated
All 22 systems decommissioned ahead of schedule.
ACT-007GOV.OV-03Q3 ISMS Steering Committee agenda templateCISOLowCompleteComplete
Due: 2026-05-15Created: 2026-04-25Ticket: SEC-1268 →
Delivered.
ACT-064PRO.NS-05Implement bespoke DDoS protection in-houseCTOLowCancelledCancelled
Due: 2026-08-15Created: 2026-03-15Ticket: ENG-3140 →
Cancelled — moved to managed Cloudflare instead.

Evidence

Audit-defensible proof per Control — policies, procedures, attestations, telemetry, external audits. Controls render in framework order; apply a filter to focus on a band. Click any row to expand its evidence detail.

Lifecycle alert: 49 evidence items stale; 216 approaching staleness within 30 days.
Stale items have exceeded their per-type refresh cadence (Policy/Procedure/Attestation/External Audit: 365 days; Telemetry: 30 days; Other: 180 days). Approaching items will go stale soon — refresh proactively.
Total Controls
341
Strong
216
Adequate
71
Weak
54
No Evidence Registered
0

Stale Evidence by Owner 49

Owners with stale evidence items, ordered by stale count. Click the per-Owner Export button to download a Markdown report for that Owner.

CISO11 stale items
GOV.OV-06PolicyOversight Policy (GOV.OV-06)85 days overdueOpen →
GOV.AC-01PolicyAccountability Policy (GOV.AC-01)85 days overdueOpen →
GOV.AC-02PolicyAccountability Policy (GOV.AC-02)85 days overdueOpen →
GOV.AC-03PolicyAccountability Policy (GOV.AC-03)85 days overdueOpen →
GOV.AC-04PolicyAccountability Policy (GOV.AC-04)85 days overdueOpen →
PRO.TA-01PolicySecurity Training Policy (PRO.TA-01)85 days overdueOpen →
PRO.TA-02PolicySecurity Training Policy (PRO.TA-02)85 days overdueOpen →
PRO.TA-03PolicySecurity Training Policy (PRO.TA-03)85 days overdueOpen →
PRO.TA-04PolicySecurity Training Policy (PRO.TA-04)85 days overdueOpen →
PRO.TA-05PolicySecurity Training Policy (PRO.TA-05)85 days overdueOpen →
PRO.TA-06PolicySecurity Training Policy (PRO.TA-06)85 days overdueOpen →
AI Risk Lead6 stale items
AIT.IR-03PolicyAI Vendor Incident Response Policy (AIT.IR-03)85 days overdueOpen →
AIT.RT-01PolicyAI Vendor Risk Treatment Policy (AIT.RT-01)85 days overdueOpen →
AIT.RT-02PolicyAI Vendor Risk Treatment Policy (AIT.RT-02)85 days overdueOpen →
AIT.RT-03PolicyAI Vendor Risk Treatment Policy (AIT.RT-03)85 days overdueOpen →
AII.AG-04PolicyInternal AI Agents Policy (AII.AG-04)85 days overdueOpen →
AII.AG-05PolicyInternal AI Agents Policy (AII.AG-05)85 days overdueOpen →
AppSec Lead6 stale items
APS.OP-02PolicyAppSec Operations Policy (APS.OP-02)85 days overdueOpen →
APS.OP-03PolicyAppSec Operations Policy (APS.OP-03)85 days overdueOpen →
APS.OP-04PolicyAppSec Operations Policy (APS.OP-04)85 days overdueOpen →
APS.OP-05PolicyAppSec Operations Policy (APS.OP-05)85 days overdueOpen →
APS.TA-01PolicyAppSec Training Policy (APS.TA-01)85 days overdueOpen →
APS.TA-02PolicyAppSec Training Policy (APS.TA-02)85 days overdueOpen →
Chief AI Officer6 stale items
AII.TA-01PolicyAI Awareness Training Policy (AII.TA-01)85 days overdueOpen →
AII.TA-02PolicyAI Awareness Training Policy (AII.TA-02)85 days overdueOpen →
AII.US-01PolicyInternal AI Use Policy (AII.US-01)85 days overdueOpen →
AII.US-02PolicyInternal AI Use Policy (AII.US-02)85 days overdueOpen →
AII.US-03PolicyInternal AI Use Policy (AII.US-03)85 days overdueOpen →
AII.US-04PolicyInternal AI Use Policy (AII.US-04)85 days overdueOpen →
Vendor Risk Manager6 stale items
IDE.SC-02PolicySupply Chain Policy (IDE.SC-02)85 days overdueOpen →
IDE.SC-03PolicySupply Chain Policy (IDE.SC-03)85 days overdueOpen →
IDE.SC-04PolicySupply Chain Policy (IDE.SC-04)85 days overdueOpen →
IDE.SC-05PolicySupply Chain Policy (IDE.SC-05)85 days overdueOpen →
IDE.SC-06PolicySupply Chain Policy (IDE.SC-06)85 days overdueOpen →
IDE.SC-07PolicySupply Chain Policy (IDE.SC-07)85 days overdueOpen →
Incident Response Lead4 stale items
RES.IC-05PolicyCrisis Communications Policy (RES.IC-05)85 days overdueOpen →
RES.LL-01PolicyLessons Learned Policy (RES.LL-01)85 days overdueOpen →
RES.LL-02PolicyLessons Learned Policy (RES.LL-02)85 days overdueOpen →
RES.LL-03PolicyLessons Learned Policy (RES.LL-03)85 days overdueOpen →
SOC Manager4 stale items
DET.EA-04PolicyEvent Analysis Policy (DET.EA-04)85 days overdueOpen →
DET.TH-01PolicyThreat Hunting Policy (DET.TH-01)85 days overdueOpen →
DET.TH-02PolicyThreat Hunting Policy (DET.TH-02)85 days overdueOpen →
DET.TH-03PolicyThreat Hunting Policy (DET.TH-03)85 days overdueOpen →
Business Continuity Manager3 stale items
REC.LL-01PolicyRecovery Lessons Policy (REC.LL-01)85 days overdueOpen →
REC.LL-02PolicyRecovery Lessons Policy (REC.LL-02)85 days overdueOpen →
REC.LL-03PolicyRecovery Lessons Policy (REC.LL-03)85 days overdueOpen →
CTO3 stale items
PRO.VM-04PolicyVulnerability Management Policy (PRO.VM-04)85 days overdueOpen →
PRO.VM-05PolicyVulnerability Management Policy (PRO.VM-05)85 days overdueOpen →
PRO.VM-06PolicyVulnerability Management Policy (PRO.VM-06)85 days overdueOpen →

Controls Worklist 341

All Controls — Click any row for evidence detail.

StrongGOV.OC-01ISMS scope is definedGovernCISO4 items
4 of 6 typesMissing: External Audit, Other
PolicyISMS Scope Policy (GOV.OC-01)2026-04-11305 days freshOpen →
ProcedureISMS Scope Procedure (GOV.OC-01)2026-03-12275 days freshOpen →
AttestationFY26 ISMS Scope Attestation2026-02-10245 days freshOpen →
TelemetryISMS Scope Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongGOV.OC-02Internal and external issues relevant to information…GovernCISO4 items
4 of 6 typesMissing: External Audit, Other
PolicyISMS Scope Policy (GOV.OC-02)2025-12-12185 days freshOpen →
ProcedureISMS Scope Procedure (GOV.OC-02)2025-10-13125 days freshOpen →
AttestationFY26 ISMS Scope Attestation2025-08-1465 days freshOpen →
TelemetryISMS Scope Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongGOV.OC-03Interested partiesGovernCISO4 items
4 of 6 typesMissing: External Audit, Other
PolicyISMS Scope Policy (GOV.OC-03)2026-04-11305 days freshOpen →
ProcedureISMS Scope Procedure (GOV.OC-03)2026-03-12275 days freshOpen →
AttestationFY26 ISMS Scope Attestation2026-02-10245 days freshOpen →
TelemetryISMS Scope Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongGOV.OC-04Critical dependencies and mission-critical capabilities are…GovernCISO4 items
4 of 6 typesMissing: External Audit, Other
PolicyISMS Scope Policy (GOV.OC-04)2025-12-12185 days freshOpen →
ProcedureISMS Scope Procedure (GOV.OC-04)2025-10-13125 days freshOpen →
AttestationFY26 ISMS Scope Attestation2025-08-1465 days freshOpen →
TelemetryISMS Scope Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongGOV.LE-01A legal, statutory, regulatory, and contractual…GovernCISO4 items
4 of 6 typesMissing: External Audit, Other
PolicyLeadership Commitment Policy (GOV.LE-01)2026-04-11305 days freshOpen →
ProcedureLeadership Commitment Procedure (GOV.LE-01)2026-03-12275 days freshOpen →
AttestationFY26 Leadership Commitment Attestation2026-02-10245 days freshOpen →
TelemetryLeadership Commitment Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongGOV.LE-02Regulatory engagementGovernCISO4 items
4 of 6 typesMissing: External Audit, Other
PolicyLeadership Commitment Policy (GOV.LE-02)2025-12-12185 days freshOpen →
ProcedureLeadership Commitment Procedure (GOV.LE-02)2025-10-13125 days freshOpen →
AttestationFY26 Leadership Commitment Attestation2025-08-1465 days freshOpen →
TelemetryLeadership Commitment Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongGOV.LE-03Intellectual property rightsGovernCISO4 items
4 of 6 typesMissing: External Audit, Other
PolicyLeadership Commitment Policy (GOV.LE-03)2026-04-11305 days freshOpen →
ProcedureLeadership Commitment Procedure (GOV.LE-03)2026-03-12275 days freshOpen →
AttestationFY26 Leadership Commitment Attestation2026-02-10245 days freshOpen →
TelemetryLeadership Commitment Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongGOV.LE-04Records and information lifecycle obligationsGovernCISO4 items
4 of 6 typesMissing: External Audit, Other
PolicyLeadership Commitment Policy (GOV.LE-04)2025-12-12185 days freshOpen →
ProcedureLeadership Commitment Procedure (GOV.LE-04)2025-10-13125 days freshOpen →
AttestationFY26 Leadership Commitment Attestation2025-08-1465 days freshOpen →
TelemetryLeadership Commitment Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongGOV.RM-01Information security risk management methodology and…GovernCISO4 items
4 of 6 typesMissing: External Audit, Other
PolicyRisk Management Policy (GOV.RM-01)2026-04-11305 days freshOpen →
ProcedureRisk Management Procedure (GOV.RM-01)2026-03-12275 days freshOpen →
AttestationFY26 Risk Management Attestation2026-02-10245 days freshOpen →
TelemetryRisk Management Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongGOV.RM-02Information security risk appetite and risk tolerance are…GovernCISO4 items
4 of 6 typesMissing: External Audit, Other
PolicyRisk Management Policy (GOV.RM-02)2025-12-12185 days freshOpen →
ProcedureRisk Management Procedure (GOV.RM-02)2025-10-13125 days freshOpen →
AttestationFY26 Risk Management Attestation2025-08-1465 days freshOpen →
TelemetryRisk Management Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongGOV.RM-03Information security risks are identifiedGovernCISO4 items
4 of 6 typesMissing: External Audit, Other
PolicyRisk Management Policy (GOV.RM-03)2026-04-11305 days freshOpen →
ProcedureRisk Management Procedure (GOV.RM-03)2026-03-12275 days freshOpen →
AttestationFY26 Risk Management Attestation2026-02-10245 days freshOpen →
TelemetryRisk Management Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongGOV.RM-04Risk treatment optionsGovernCISO4 items
4 of 6 typesMissing: External Audit, Other
PolicyRisk Management Policy (GOV.RM-04)2025-12-12185 days freshOpen →
ProcedureRisk Management Procedure (GOV.RM-04)2025-10-13125 days freshOpen →
AttestationFY26 Risk Management Attestation2025-08-1465 days freshOpen →
TelemetryRisk Management Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongGOV.RM-05Information security risk management is integrated with…GovernCISO4 items
4 of 6 typesMissing: External Audit, Other
PolicyRisk Management Policy (GOV.RM-05)2026-04-11305 days freshOpen →
ProcedureRisk Management Procedure (GOV.RM-05)2026-03-12275 days freshOpen →
AttestationFY26 Risk Management Attestation2026-02-10245 days freshOpen →
TelemetryRisk Management Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongGOV.RR-01Information security leadershipGovernCISO4 items
4 of 6 typesMissing: External Audit, Other
PolicyRoles & Responsibilities Policy (GOV.RR-01)2025-12-12185 days freshOpen →
ProcedureRoles & Responsibilities Procedure (GOV.RR-01)2025-10-13125 days freshOpen →
AttestationFY26 Roles & Responsibilities Attestation2025-08-1465 days freshOpen →
TelemetryRoles & Responsibilities Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongGOV.RR-02Information security roles and responsibilities for Company…GovernCISO4 items
4 of 6 typesMissing: External Audit, Other
PolicyRoles & Responsibilities Policy (GOV.RR-02)2026-04-11305 days freshOpen →
ProcedureRoles & Responsibilities Procedure (GOV.RR-02)2026-03-12275 days freshOpen →
AttestationFY26 Roles & Responsibilities Attestation2026-02-10245 days freshOpen →
TelemetryRoles & Responsibilities Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongGOV.RR-03Segregation of duties for security-sensitive activities is…GovernCISO4 items
4 of 6 typesMissing: External Audit, Other
PolicyRoles & Responsibilities Policy (GOV.RR-03)2025-12-12185 days freshOpen →
ProcedureRoles & Responsibilities Procedure (GOV.RR-03)2025-10-13125 days freshOpen →
AttestationFY26 Roles & Responsibilities Attestation2025-08-1465 days freshOpen →
TelemetryRoles & Responsibilities Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongGOV.RR-04Personnel screening commensurate with role sensitivity is…GovernCISO4 items
4 of 6 typesMissing: External Audit, Other
PolicyRoles & Responsibilities Policy (GOV.RR-04)2026-04-11305 days freshOpen →
ProcedureRoles & Responsibilities Procedure (GOV.RR-04)2026-03-12275 days freshOpen →
AttestationFY26 Roles & Responsibilities Attestation2026-02-10245 days freshOpen →
TelemetryRoles & Responsibilities Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongGOV.RR-05Confidentiality and non-disclosure obligations are…GovernCISO4 items
4 of 6 typesMissing: External Audit, Other
PolicyRoles & Responsibilities Policy (GOV.RR-05)2025-12-12185 days freshOpen →
ProcedureRoles & Responsibilities Procedure (GOV.RR-05)2025-10-13125 days freshOpen →
AttestationFY26 Roles & Responsibilities Attestation2025-08-1465 days freshOpen →
TelemetryRoles & Responsibilities Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongGOV.RR-06Workforce conduct expectations and the disciplinary process…GovernCISO4 items
4 of 6 typesMissing: External Audit, Other
PolicyRoles & Responsibilities Policy (GOV.RR-06)2026-04-11305 days freshOpen →
ProcedureRoles & Responsibilities Procedure (GOV.RR-06)2026-03-12275 days freshOpen →
AttestationFY26 Roles & Responsibilities Attestation2026-02-10245 days freshOpen →
TelemetryRoles & Responsibilities Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongGOV.RR-07Personnel onboardingGovernCISO4 items
4 of 6 typesMissing: External Audit, Other
PolicyRoles & Responsibilities Policy (GOV.RR-07)2025-12-12185 days freshOpen →
ProcedureRoles & Responsibilities Procedure (GOV.RR-07)2025-10-13125 days freshOpen →
AttestationFY26 Roles & Responsibilities Attestation2025-08-1465 days freshOpen →
TelemetryRoles & Responsibilities Monitoring Dashboard2026-06-0828 days to staleOpen →
WeakGOV.RR-08A cross-functional AI governance forum is established with…GovernCISO2 items
1 of 6 typesMissing: Procedure, Attestation, Telemetry, External Audit, Other
Policy(Placeholder) AI Governance Forum Charter — GOV.RR-082026-06-14369 days fresh
Placeholder — replace with the AI governance forum's terms of reference / charter document once defined.
Policy(Placeholder) AI Governance Forum Charter — GOV.RR-082026-06-14369 days fresh
Placeholder — replace with the AI governance forum's terms of reference.
StrongGOV.PO-01Information security policy architectureGovernCISO4 items
4 of 6 typesMissing: External Audit, Other
PolicyPolicy Framework Policy (GOV.PO-01)2026-04-11305 days freshOpen →
ProcedurePolicy Framework Procedure (GOV.PO-01)2026-03-12275 days freshOpen →
AttestationFY26 Policy Framework Attestation2026-02-10245 days freshOpen →
TelemetryPolicy Framework Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongGOV.PO-02Information security policies and supporting documents are…GovernCISO4 items
4 of 6 typesMissing: External Audit, Other
PolicyPolicy Framework Policy (GOV.PO-02)2025-12-12185 days freshOpen →
ProcedurePolicy Framework Procedure (GOV.PO-02)2025-10-13125 days freshOpen →
AttestationFY26 Policy Framework Attestation2025-08-1465 days freshOpen →
TelemetryPolicy Framework Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongGOV.PO-03Information security policies are communicated to personnel…GovernCISO4 items
4 of 6 typesMissing: External Audit, Other
PolicyPolicy Framework Policy (GOV.PO-03)2026-04-11305 days freshOpen →
ProcedurePolicy Framework Procedure (GOV.PO-03)2026-03-12275 days freshOpen →
AttestationFY26 Policy Framework Attestation2026-02-10245 days freshOpen →
TelemetryPolicy Framework Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongGOV.PO-04Exceptions to information security policies are formally…GovernCISO4 items
4 of 6 typesMissing: External Audit, Other
PolicyPolicy Framework Policy (GOV.PO-04)2025-12-12185 days freshOpen →
ProcedurePolicy Framework Procedure (GOV.PO-04)2025-10-13125 days freshOpen →
AttestationFY26 Policy Framework Attestation2025-08-1465 days freshOpen →
TelemetryPolicy Framework Monitoring Dashboard2026-06-0828 days to staleOpen →
AdequateGOV.RE-01Information security resourcing requirementsGovernCISO2 items
2 of 6 typesMissing: Attestation, Telemetry, External Audit, Other
PolicyResourcing Policy (GOV.RE-01)2026-04-11305 days freshOpen →
ProcedureResourcing Procedure (GOV.RE-01)2026-03-12275 days freshOpen →
AdequateGOV.RE-02Competence requirements for information security personnel…GovernCISO2 items
2 of 6 typesMissing: Attestation, Telemetry, External Audit, Other
PolicyResourcing Policy (GOV.RE-02)2026-02-10245 days freshOpen →
ProcedureResourcing Procedure (GOV.RE-02)2025-12-12185 days freshOpen →
AdequateGOV.RE-03External expertiseGovernCISO2 items
2 of 6 typesMissing: Attestation, Telemetry, External Audit, Other
PolicyResourcing Policy (GOV.RE-03)2025-10-13125 days freshOpen →
ProcedureResourcing Procedure (GOV.RE-03)2025-08-1465 days freshOpen →
AdequateGOV.OV-01Information security key performance and key risk…GovernCISO2 items
2 of 6 typesMissing: Attestation, Telemetry, External Audit, Other
PolicyOversight Policy (GOV.OV-01)2026-04-11305 days freshOpen →
ProcedureOversight Procedure (GOV.OV-01)2026-03-12275 days freshOpen →
AdequateGOV.OV-02ISMS performance is evaluated against defined objectivesGovernCISO2 items
2 of 6 typesMissing: Attestation, Telemetry, External Audit, Other
PolicyOversight Policy (GOV.OV-02)2026-02-10245 days freshOpen →
ProcedureOversight Procedure (GOV.OV-02)2025-12-12185 days freshOpen →
AdequateGOV.OV-03Board of Directors and Executive Team are updated on…GovernCISO2 items
2 of 6 typesMissing: Attestation, Telemetry, External Audit, Other
PolicyOversight Policy (GOV.OV-03)2025-10-13125 days freshOpen →
ProcedureOversight Procedure (GOV.OV-03)2025-08-1465 days freshOpen →
AdequateGOV.OV-04Management review of the ISMS is conducted at defined…GovernCISO2 items
2 of 6 typesMissing: Attestation, Telemetry, External Audit, Other
PolicyOversight Policy (GOV.OV-04)2026-04-11305 days freshOpen →
ProcedureOversight Procedure (GOV.OV-04)2026-03-12275 days freshOpen →
AdequateGOV.OV-05Continual improvement of the ISMS is governed through…GovernCISO2 items
2 of 6 typesMissing: Attestation, Telemetry, External Audit, Other
PolicyOversight Policy (GOV.OV-05)2026-02-10245 days freshOpen →
ProcedureOversight Procedure (GOV.OV-05)2025-12-12185 days freshOpen →
WeakGOV.OV-06Per-Control maturity is scored against the Company's…GovernCISO1 item
1 of 6 typesMissing: Procedure, Attestation, Telemetry, External Audit, OtherStale: Policy
PolicyOversight Policy (GOV.OV-06)2025-03-17 stale85 days overdueOpen →
Stale — needs refresh
WeakGOV.AC-01Internal audit programme for the ISMS is established with…GovernCISO1 item
1 of 6 typesMissing: Procedure, Attestation, Telemetry, External Audit, OtherStale: Policy
PolicyAccountability Policy (GOV.AC-01)2025-03-17 stale85 days overdueOpen →
Stale — needs refresh
WeakGOV.AC-02Independent reviews of information security are conducted…GovernCISO1 item
1 of 6 typesMissing: Procedure, Attestation, Telemetry, External Audit, OtherStale: Policy
PolicyAccountability Policy (GOV.AC-02)2025-03-17 stale85 days overdueOpen →
Stale — needs refresh
WeakGOV.AC-03External audits and certification assessmentsGovernCISO1 item
1 of 6 typesMissing: Procedure, Attestation, Telemetry, External Audit, OtherStale: Policy
PolicyAccountability Policy (GOV.AC-03)2025-03-17 stale85 days overdueOpen →
Stale — needs refresh
WeakGOV.AC-04Audit findings, observations, and recommendations are…GovernCISO1 item
1 of 6 typesMissing: Procedure, Attestation, Telemetry, External Audit, OtherStale: Policy
PolicyAccountability Policy (GOV.AC-04)2025-03-17 stale85 days overdueOpen →
Stale — needs refresh
StrongIDE.AM-01Asset management policyIdentifyCIO4 items
4 of 6 typesMissing: External Audit, Other
PolicyAsset Management Policy (IDE.AM-01)2025-10-13125 days freshOpen →
ProcedureAsset Management Procedure (IDE.AM-01)2025-08-1465 days freshOpen →
AttestationFY26 Asset Management Attestation2026-04-11305 days freshOpen →
TelemetryAsset Management Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongIDE.AM-02Assets are classified using the Company's classification…IdentifyCIO4 items
4 of 6 typesMissing: External Audit, Other
PolicyAsset Management Policy (IDE.AM-02)2026-03-12275 days freshOpen →
ProcedureAsset Management Procedure (IDE.AM-02)2026-02-10245 days freshOpen →
AttestationFY26 Asset Management Attestation2025-12-12185 days freshOpen →
TelemetryAsset Management Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongIDE.AM-03Service assets — including domain management, cloud…IdentifyCIO4 items
4 of 6 typesMissing: External Audit, Other
PolicyAsset Management Policy (IDE.AM-03)2025-10-13125 days freshOpen →
ProcedureAsset Management Procedure (IDE.AM-03)2025-08-1465 days freshOpen →
AttestationFY26 Asset Management Attestation2026-04-11305 days freshOpen →
TelemetryAsset Management Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongIDE.AM-04Application assetsIdentifyCIO4 items
4 of 6 typesMissing: External Audit, Other
PolicyAsset Management Policy (IDE.AM-04)2026-03-12275 days freshOpen →
ProcedureAsset Management Procedure (IDE.AM-04)2026-02-10245 days freshOpen →
AttestationFY26 Asset Management Attestation2025-12-12185 days freshOpen →
TelemetryAsset Management Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongIDE.AM-05Network assets — including network components, segments…IdentifyCIO4 items
4 of 6 typesMissing: External Audit, Other
PolicyAsset Management Policy (IDE.AM-05)2025-10-13125 days freshOpen →
ProcedureAsset Management Procedure (IDE.AM-05)2025-08-1465 days freshOpen →
AttestationFY26 Asset Management Attestation2026-04-11305 days freshOpen →
TelemetryAsset Management Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongIDE.AM-06Endpoint assets — including company-managed devices — are…IdentifyCIO4 items
4 of 6 typesMissing: External Audit, Other
PolicyAsset Management Policy (IDE.AM-06)2026-03-12275 days freshOpen →
ProcedureAsset Management Procedure (IDE.AM-06)2026-02-10245 days freshOpen →
AttestationFY26 Asset Management Attestation2025-12-12185 days freshOpen →
TelemetryAsset Management Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongIDE.AM-07Asset integrationsIdentifyCIO4 items
4 of 6 typesMissing: External Audit, Other
PolicyAsset Management Policy (IDE.AM-07)2025-10-13125 days freshOpen →
ProcedureAsset Management Procedure (IDE.AM-07)2025-08-1465 days freshOpen →
AttestationFY26 Asset Management Attestation2026-04-11305 days freshOpen →
TelemetryAsset Management Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongIDE.AM-08Assets are managed throughout their lifecycleIdentifyCIO4 items
4 of 6 typesMissing: External Audit, Other
PolicyAsset Management Policy (IDE.AM-08)2026-03-12275 days freshOpen →
ProcedureAsset Management Procedure (IDE.AM-08)2026-02-10245 days freshOpen →
AttestationFY26 Asset Management Attestation2025-12-12185 days freshOpen →
TelemetryAsset Management Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongIDE.DI-01Data inventory and records of processing policyIdentifyDPO4 items
4 of 6 typesMissing: External Audit, Other
PolicyData Inventory Policy (IDE.DI-01)2025-10-13125 days freshOpen →
ProcedureData Inventory Procedure (IDE.DI-01)2025-08-1465 days freshOpen →
AttestationFY26 Data Inventory Attestation2026-04-11305 days freshOpen →
TelemetryData Inventory Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongIDE.DI-02Data assets are inventoried by categoryIdentifyDPO4 items
4 of 6 typesMissing: External Audit, Other
PolicyData Inventory Policy (IDE.DI-02)2026-03-12275 days freshOpen →
ProcedureData Inventory Procedure (IDE.DI-02)2026-02-10245 days freshOpen →
AttestationFY26 Data Inventory Attestation2025-12-12185 days freshOpen →
TelemetryData Inventory Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongIDE.DI-03Personal data and special-category data are identifiedIdentifyDPO4 items
4 of 6 typesMissing: External Audit, Other
PolicyData Inventory Policy (IDE.DI-03)2025-10-13125 days freshOpen →
ProcedureData Inventory Procedure (IDE.DI-03)2025-08-1465 days freshOpen →
AttestationFY26 Data Inventory Attestation2026-04-11305 days freshOpen →
TelemetryData Inventory Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongIDE.DI-04Records of processing activitiesIdentifyDPO4 items
4 of 6 typesMissing: External Audit, Other
PolicyData Inventory Policy (IDE.DI-04)2026-03-12275 days freshOpen →
ProcedureData Inventory Procedure (IDE.DI-04)2026-02-10245 days freshOpen →
AttestationFY26 Data Inventory Attestation2025-12-12185 days freshOpen →
TelemetryData Inventory Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongIDE.DI-05Data flows across the asset estateIdentifyDPO4 items
4 of 6 typesMissing: External Audit, Other
PolicyData Inventory Policy (IDE.DI-05)2025-10-13125 days freshOpen →
ProcedureData Inventory Procedure (IDE.DI-05)2025-08-1465 days freshOpen →
AttestationFY26 Data Inventory Attestation2026-04-11305 days freshOpen →
TelemetryData Inventory Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongIDE.DI-06Data discovery activities are performed to detect…IdentifyDPO4 items
4 of 6 typesMissing: External Audit, Other
PolicyData Inventory Policy (IDE.DI-06)2026-03-12275 days freshOpen →
ProcedureData Inventory Procedure (IDE.DI-06)2026-02-10245 days freshOpen →
AttestationFY26 Data Inventory Attestation2025-12-12185 days freshOpen →
TelemetryData Inventory Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongIDE.BI-01Business impact analysis policyIdentifyDPO4 items
4 of 6 typesMissing: External Audit, Other
PolicyBusiness Information Policy (IDE.BI-01)2025-10-13125 days freshOpen →
ProcedureBusiness Information Procedure (IDE.BI-01)2025-08-1465 days freshOpen →
AttestationFY26 Business Information Attestation2026-04-11305 days freshOpen →
TelemetryBusiness Information Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongIDE.BI-02Critical business functions and the assetsIdentifyDPO4 items
4 of 6 typesMissing: External Audit, Other
PolicyBusiness Information Policy (IDE.BI-02)2026-03-12275 days freshOpen →
ProcedureBusiness Information Procedure (IDE.BI-02)2026-02-10245 days freshOpen →
AttestationFY26 Business Information Attestation2025-12-12185 days freshOpen →
TelemetryBusiness Information Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongIDE.BI-03Crown-jewel assetsIdentifyDPO4 items
4 of 6 typesMissing: External Audit, Other
PolicyBusiness Information Policy (IDE.BI-03)2025-10-13125 days freshOpen →
ProcedureBusiness Information Procedure (IDE.BI-03)2025-08-1465 days freshOpen →
AttestationFY26 Business Information Attestation2026-04-11305 days freshOpen →
TelemetryBusiness Information Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongIDE.BI-04Business impact tolerancesIdentifyDPO4 items
4 of 6 typesMissing: External Audit, Other
PolicyBusiness Information Policy (IDE.BI-04)2026-03-12275 days freshOpen →
ProcedureBusiness Information Procedure (IDE.BI-04)2026-02-10245 days freshOpen →
AttestationFY26 Business Information Attestation2025-12-12185 days freshOpen →
TelemetryBusiness Information Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongIDE.BI-05Business impact analysis outputs inform protection…IdentifyDPO4 items
4 of 6 typesMissing: External Audit, Other
PolicyBusiness Information Policy (IDE.BI-05)2025-10-13125 days freshOpen →
ProcedureBusiness Information Procedure (IDE.BI-05)2025-08-1465 days freshOpen →
AttestationFY26 Business Information Attestation2026-04-11305 days freshOpen →
TelemetryBusiness Information Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongIDE.ES-01External attack surface management policyIdentifyVendor Risk Manager4 items
4 of 6 typesMissing: External Audit, Other
PolicyExternal Stakeholders Policy (IDE.ES-01)2026-03-12275 days freshOpen →
ProcedureExternal Stakeholders Procedure (IDE.ES-01)2026-02-10245 days freshOpen →
AttestationFY26 External Stakeholders Attestation2025-12-12185 days freshOpen →
TelemetryExternal Stakeholders Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongIDE.ES-02Internet-exposed assetsIdentifyVendor Risk Manager4 items
4 of 6 typesMissing: External Audit, Other
PolicyExternal Stakeholders Policy (IDE.ES-02)2025-10-13125 days freshOpen →
ProcedureExternal Stakeholders Procedure (IDE.ES-02)2025-08-1465 days freshOpen →
AttestationFY26 External Stakeholders Attestation2026-04-11305 days freshOpen →
TelemetryExternal Stakeholders Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongIDE.ES-03Shadow IT and unmanaged assets are detected and reconciled…IdentifyVendor Risk Manager4 items
4 of 6 typesMissing: External Audit, Other
PolicyExternal Stakeholders Policy (IDE.ES-03)2026-03-12275 days freshOpen →
ProcedureExternal Stakeholders Procedure (IDE.ES-03)2026-02-10245 days freshOpen →
AttestationFY26 External Stakeholders Attestation2025-12-12185 days freshOpen →
TelemetryExternal Stakeholders Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongIDE.ES-04Brand-related external exposureIdentifyVendor Risk Manager4 items
4 of 6 typesMissing: External Audit, Other
PolicyExternal Stakeholders Policy (IDE.ES-04)2025-10-13125 days freshOpen →
ProcedureExternal Stakeholders Procedure (IDE.ES-04)2025-08-1465 days freshOpen →
AttestationFY26 External Stakeholders Attestation2026-04-11305 days freshOpen →
TelemetryExternal Stakeholders Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongIDE.ES-05External attack surface findings are prioritisedIdentifyVendor Risk Manager4 items
4 of 6 typesMissing: External Audit, Other
PolicyExternal Stakeholders Policy (IDE.ES-05)2026-03-12275 days freshOpen →
ProcedureExternal Stakeholders Procedure (IDE.ES-05)2026-02-10245 days freshOpen →
AttestationFY26 External Stakeholders Attestation2025-12-12185 days freshOpen →
TelemetryExternal Stakeholders Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongIDE.RA-01The information security risk assessment programmeIdentifyCISO4 items
4 of 6 typesMissing: External Audit, Other
PolicyRisk Assessment Policy (IDE.RA-01)2025-10-13125 days freshOpen →
ProcedureRisk Assessment Procedure (IDE.RA-01)2025-08-1465 days freshOpen →
AttestationFY26 Risk Assessment Attestation2026-04-11305 days freshOpen →
TelemetryRisk Assessment Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongIDE.RA-02Threat inputs from IDE.TMIdentifyCISO4 items
4 of 6 typesMissing: External Audit, Other
PolicyRisk Assessment Policy (IDE.RA-02)2026-03-12275 days freshOpen →
ProcedureRisk Assessment Procedure (IDE.RA-02)2026-02-10245 days freshOpen →
AttestationFY26 Risk Assessment Attestation2025-12-12185 days freshOpen →
TelemetryRisk Assessment Monitoring Dashboard2026-06-0828 days to staleOpen →
AdequateIDE.RA-03Information security risks are analysed for likelihood and…IdentifyCISO2 items
2 of 6 typesMissing: Attestation, Telemetry, External Audit, Other
PolicyRisk Assessment Policy (IDE.RA-03)2025-10-13125 days freshOpen →
ProcedureRisk Assessment Procedure (IDE.RA-03)2025-08-1465 days freshOpen →
AdequateIDE.RA-04Project-level, change-level, and onboarding-level risk…IdentifyCISO2 items
2 of 6 typesMissing: Attestation, Telemetry, External Audit, Other
PolicyRisk Assessment Policy (IDE.RA-04)2026-04-11305 days freshOpen →
ProcedureRisk Assessment Procedure (IDE.RA-04)2026-03-12275 days freshOpen →
AdequateIDE.RA-05Risk assessment outputs are recordedIdentifyCISO2 items
2 of 6 typesMissing: Attestation, Telemetry, External Audit, Other
PolicyRisk Assessment Policy (IDE.RA-05)2026-02-10245 days freshOpen →
ProcedureRisk Assessment Procedure (IDE.RA-05)2025-12-12185 days freshOpen →
AdequateIDE.TM-01Threat management policyIdentifySOC Manager2 items
2 of 6 typesMissing: Attestation, Telemetry, External Audit, Other
PolicyThreat Management Policy (IDE.TM-01)2025-10-13125 days freshOpen →
ProcedureThreat Management Procedure (IDE.TM-01)2025-08-1465 days freshOpen →
AdequateIDE.TM-02External and internal threat intelligence is collected from…IdentifySOC Manager2 items
2 of 6 typesMissing: Attestation, Telemetry, External Audit, Other
PolicyThreat Management Policy (IDE.TM-02)2026-04-11305 days freshOpen →
ProcedureThreat Management Procedure (IDE.TM-02)2026-03-12275 days freshOpen →
AdequateIDE.TM-03The threat landscape and threat actor profile relevant to…IdentifySOC Manager2 items
2 of 6 typesMissing: Attestation, Telemetry, External Audit, Other
PolicyThreat Management Policy (IDE.TM-03)2026-02-10245 days freshOpen →
ProcedureThreat Management Procedure (IDE.TM-03)2025-12-12185 days freshOpen →
AdequateIDE.TM-04AI-specific threat intelligence sourcesIdentifySOC Manager2 items
2 of 6 typesMissing: Attestation, Telemetry, External Audit, Other
PolicyThreat Management Policy (IDE.TM-04)2025-10-13125 days freshOpen →
ProcedureThreat Management Procedure (IDE.TM-04)2025-08-1465 days freshOpen →
AdequateIDE.TM-05Threat intelligence outputs are disseminated to risk…IdentifySOC Manager2 items
2 of 6 typesMissing: Attestation, Telemetry, External Audit, Other
PolicyThreat Management Policy (IDE.TM-05)2026-04-11305 days freshOpen →
ProcedureThreat Management Procedure (IDE.TM-05)2026-03-12275 days freshOpen →
AdequateIDE.SC-01Supply chain risk management policyIdentifyVendor Risk Manager2 items
2 of 6 typesMissing: Attestation, Telemetry, External Audit, Other
PolicySupply Chain Policy (IDE.SC-01)2026-02-10245 days freshOpen →
ProcedureSupply Chain Procedure (IDE.SC-01)2025-12-12185 days freshOpen →
WeakIDE.SC-02Suppliers and other third parties are inventoriedIdentifyVendor Risk Manager1 item
1 of 6 typesMissing: Procedure, Attestation, Telemetry, External Audit, OtherStale: Policy
PolicySupply Chain Policy (IDE.SC-02)2025-03-17 stale85 days overdueOpen →
Stale — needs refresh
WeakIDE.SC-03Pre-engagement supplier due diligenceIdentifyVendor Risk Manager1 item
1 of 6 typesMissing: Procedure, Attestation, Telemetry, External Audit, OtherStale: Policy
PolicySupply Chain Policy (IDE.SC-03)2025-03-17 stale85 days overdueOpen →
Stale — needs refresh
WeakIDE.SC-04Supplier contracts and onboarding establish information…IdentifyVendor Risk Manager1 item
1 of 6 typesMissing: Procedure, Attestation, Telemetry, External Audit, OtherStale: Policy
PolicySupply Chain Policy (IDE.SC-04)2025-03-17 stale85 days overdueOpen →
Stale — needs refresh
WeakIDE.SC-05Supplier security posture is monitored throughout the…IdentifyVendor Risk Manager1 item
1 of 6 typesMissing: Procedure, Attestation, Telemetry, External Audit, OtherStale: Policy
PolicySupply Chain Policy (IDE.SC-05)2025-03-17 stale85 days overdueOpen →
Stale — needs refresh
WeakIDE.SC-06Supplier termination and offboarding are governed by…IdentifyVendor Risk Manager1 item
1 of 6 typesMissing: Procedure, Attestation, Telemetry, External Audit, OtherStale: Policy
PolicySupply Chain Policy (IDE.SC-06)2025-03-17 stale85 days overdueOpen →
Stale — needs refresh
WeakIDE.SC-07Supply chain risk management outcomes inform improvement of…IdentifyVendor Risk Manager1 item
1 of 6 typesMissing: Procedure, Attestation, Telemetry, External Audit, OtherStale: Policy
PolicySupply Chain Policy (IDE.SC-07)2025-03-17 stale85 days overdueOpen →
Stale — needs refresh
StrongPRO.AA-01Identity and access management policyProtectIdentity & Access Manager4 items
4 of 6 typesMissing: External Audit, Other
PolicyAuth & Access Policy (PRO.AA-01)2025-10-13125 days freshOpen →
ProcedureAuth & Access Procedure (PRO.AA-01)2025-08-1465 days freshOpen →
AttestationFY26 Auth & Access Attestation2026-04-11305 days freshOpen →
TelemetryAuth & Access Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongPRO.AA-02Identities are managed throughout their lifecycleProtectIdentity & Access Manager4 items
4 of 6 typesMissing: External Audit, Other
PolicyAuth & Access Policy (PRO.AA-02)2026-03-12275 days freshOpen →
ProcedureAuth & Access Procedure (PRO.AA-02)2026-02-10245 days freshOpen →
AttestationFY26 Auth & Access Attestation2025-12-12185 days freshOpen →
TelemetryAuth & Access Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongPRO.AA-03Authentication mechanisms are commensurate with sensitivityProtectIdentity & Access Manager4 items
4 of 6 typesMissing: External Audit, Other
PolicyAuth & Access Policy (PRO.AA-03)2025-10-13125 days freshOpen →
ProcedureAuth & Access Procedure (PRO.AA-03)2025-08-1465 days freshOpen →
AttestationFY26 Auth & Access Attestation2026-04-11305 days freshOpen →
TelemetryAuth & Access Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongPRO.AA-04Access is granted on the principles of least privilege and…ProtectIdentity & Access Manager4 items
4 of 6 typesMissing: External Audit, Other
PolicyAuth & Access Policy (PRO.AA-04)2026-03-12275 days freshOpen →
ProcedureAuth & Access Procedure (PRO.AA-04)2026-02-10245 days freshOpen →
AttestationFY26 Auth & Access Attestation2025-12-12185 days freshOpen →
TelemetryAuth & Access Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongPRO.AA-05Privileged access is governed under additional safeguardsProtectIdentity & Access Manager4 items
4 of 6 typesMissing: External Audit, Other
PolicyAuth & Access Policy (PRO.AA-05)2025-10-13125 days freshOpen →
ProcedureAuth & Access Procedure (PRO.AA-05)2025-08-1465 days freshOpen →
AttestationFY26 Auth & Access Attestation2026-04-11305 days freshOpen →
TelemetryAuth & Access Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongPRO.AA-06Federated identityProtectIdentity & Access Manager4 items
4 of 6 typesMissing: External Audit, Other
PolicyAuth & Access Policy (PRO.AA-06)2026-03-12275 days freshOpen →
ProcedureAuth & Access Procedure (PRO.AA-06)2026-02-10245 days freshOpen →
AttestationFY26 Auth & Access Attestation2025-12-12185 days freshOpen →
TelemetryAuth & Access Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongPRO.AA-07Authentication credentialsProtectIdentity & Access Manager4 items
4 of 6 typesMissing: External Audit, Other
PolicyAuth & Access Policy (PRO.AA-07)2025-10-13125 days freshOpen →
ProcedureAuth & Access Procedure (PRO.AA-07)2025-08-1465 days freshOpen →
AttestationFY26 Auth & Access Attestation2026-04-11305 days freshOpen →
TelemetryAuth & Access Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongPRO.DS-01Data security policyProtectDPO4 items
4 of 6 typesMissing: External Audit, Other
PolicyData Security Policy (PRO.DS-01)2026-03-12275 days freshOpen →
ProcedureData Security Procedure (PRO.DS-01)2026-02-10245 days freshOpen →
AttestationFY26 Data Security Attestation2025-12-12185 days freshOpen →
TelemetryData Security Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongPRO.DS-02Data handling requirements per classificationProtectDPO4 items
4 of 6 typesMissing: External Audit, Other
PolicyData Security Policy (PRO.DS-02)2025-10-13125 days freshOpen →
ProcedureData Security Procedure (PRO.DS-02)2025-08-1465 days freshOpen →
AttestationFY26 Data Security Attestation2026-04-11305 days freshOpen →
TelemetryData Security Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongPRO.DS-03Data at rest is protected through encryption proportionate…ProtectDPO4 items
4 of 6 typesMissing: External Audit, Other
PolicyData Security Policy (PRO.DS-03)2026-03-12275 days freshOpen →
ProcedureData Security Procedure (PRO.DS-03)2026-02-10245 days freshOpen →
AttestationFY26 Data Security Attestation2025-12-12185 days freshOpen →
TelemetryData Security Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongPRO.DS-04Data in transit is protected through encryption…ProtectDPO4 items
4 of 6 typesMissing: External Audit, Other
PolicyData Security Policy (PRO.DS-04)2025-10-13125 days freshOpen →
ProcedureData Security Procedure (PRO.DS-04)2025-08-1465 days freshOpen →
AttestationFY26 Data Security Attestation2026-04-11305 days freshOpen →
TelemetryData Security Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongPRO.DS-05Data leakage prevention is applied across endpointsProtectDPO4 items
4 of 6 typesMissing: External Audit, Other
PolicyData Security Policy (PRO.DS-05)2026-03-12275 days freshOpen →
ProcedureData Security Procedure (PRO.DS-05)2026-02-10245 days freshOpen →
AttestationFY26 Data Security Attestation2025-12-12185 days freshOpen →
TelemetryData Security Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongPRO.DS-06Data masking, pseudonymisation, and tokenisation are…ProtectDPO4 items
4 of 6 typesMissing: External Audit, Other
PolicyData Security Policy (PRO.DS-06)2025-10-13125 days freshOpen →
ProcedureData Security Procedure (PRO.DS-06)2025-08-1465 days freshOpen →
AttestationFY26 Data Security Attestation2026-04-11305 days freshOpen →
TelemetryData Security Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongPRO.DS-07Data retention, archival, and lawful disposal are governed…ProtectDPO4 items
4 of 6 typesMissing: External Audit, Other
PolicyData Security Policy (PRO.DS-07)2026-03-12275 days freshOpen →
ProcedureData Security Procedure (PRO.DS-07)2026-02-10245 days freshOpen →
AttestationFY26 Data Security Attestation2025-12-12185 days freshOpen →
TelemetryData Security Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongPRO.DS-08Data backup is performedProtectDPO4 items
4 of 6 typesMissing: External Audit, Other
PolicyData Security Policy (PRO.DS-08)2025-10-13125 days freshOpen →
ProcedureData Security Procedure (PRO.DS-08)2025-08-1465 days freshOpen →
AttestationFY26 Data Security Attestation2026-04-11305 days freshOpen →
TelemetryData Security Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongPRO.CR-01Cryptography policyProtectCTO4 items
4 of 6 typesMissing: External Audit, Other
PolicyCryptography Policy (PRO.CR-01)2026-03-12275 days freshOpen →
ProcedureCryptography Procedure (PRO.CR-01)2026-02-10245 days freshOpen →
AttestationFY26 Cryptography Attestation2025-12-12185 days freshOpen →
TelemetryCryptography Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongPRO.CR-02Cryptographic algorithmsProtectCTO4 items
4 of 6 typesMissing: External Audit, Other
PolicyCryptography Policy (PRO.CR-02)2025-10-13125 days freshOpen →
ProcedureCryptography Procedure (PRO.CR-02)2025-08-1465 days freshOpen →
AttestationFY26 Cryptography Attestation2026-04-11305 days freshOpen →
TelemetryCryptography Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongPRO.CR-03Key management — generation, storage, distribution…ProtectCTO4 items
4 of 6 typesMissing: External Audit, Other
PolicyCryptography Policy (PRO.CR-03)2026-03-12275 days freshOpen →
ProcedureCryptography Procedure (PRO.CR-03)2026-02-10245 days freshOpen →
AttestationFY26 Cryptography Attestation2025-12-12185 days freshOpen →
TelemetryCryptography Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongPRO.CR-04Public key infrastructure and digital certificates are…ProtectCTO4 items
4 of 6 typesMissing: External Audit, Other
PolicyCryptography Policy (PRO.CR-04)2025-10-13125 days freshOpen →
ProcedureCryptography Procedure (PRO.CR-04)2025-08-1465 days freshOpen →
AttestationFY26 Cryptography Attestation2026-04-11305 days freshOpen →
TelemetryCryptography Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongPRO.CR-05Cryptographic agility and post-quantum readiness are…ProtectCTO4 items
4 of 6 typesMissing: External Audit, Other
PolicyCryptography Policy (PRO.CR-05)2026-03-12275 days freshOpen →
ProcedureCryptography Procedure (PRO.CR-05)2026-02-10245 days freshOpen →
AttestationFY26 Cryptography Attestation2025-12-12185 days freshOpen →
TelemetryCryptography Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongPRO.PS-01Platform and configuration security policyProtectCIO4 items
4 of 6 typesMissing: External Audit, Other
PolicyPhysical Security Policy (PRO.PS-01)2025-10-13125 days freshOpen →
ProcedurePhysical Security Procedure (PRO.PS-01)2025-08-1465 days freshOpen →
AttestationFY26 Physical Security Attestation2026-04-11305 days freshOpen →
TelemetryPhysical Security Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongPRO.PS-02Operating system and platform configurations are hardened…ProtectCIO4 items
4 of 6 typesMissing: External Audit, Other
PolicyPhysical Security Policy (PRO.PS-02)2026-03-12275 days freshOpen →
ProcedurePhysical Security Procedure (PRO.PS-02)2026-02-10245 days freshOpen →
AttestationFY26 Physical Security Attestation2025-12-12185 days freshOpen →
TelemetryPhysical Security Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongPRO.PS-03Cloud platform and SaaS configurations are governed under…ProtectCIO4 items
4 of 6 typesMissing: External Audit, Other
PolicyPhysical Security Policy (PRO.PS-03)2025-10-13125 days freshOpen →
ProcedurePhysical Security Procedure (PRO.PS-03)2025-08-1465 days freshOpen →
AttestationFY26 Physical Security Attestation2026-04-11305 days freshOpen →
TelemetryPhysical Security Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongPRO.PS-04Software installationProtectCIO4 items
4 of 6 typesMissing: External Audit, Other
PolicyPhysical Security Policy (PRO.PS-04)2026-03-12275 days freshOpen →
ProcedurePhysical Security Procedure (PRO.PS-04)2026-02-10245 days freshOpen →
AttestationFY26 Physical Security Attestation2025-12-12185 days freshOpen →
TelemetryPhysical Security Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongPRO.PS-05Configuration changes to platforms and infrastructure are…ProtectCIO4 items
4 of 6 typesMissing: External Audit, Other
PolicyPhysical Security Policy (PRO.PS-05)2025-10-13125 days freshOpen →
ProcedurePhysical Security Procedure (PRO.PS-05)2025-08-1465 days freshOpen →
AttestationFY26 Physical Security Attestation2026-04-11305 days freshOpen →
TelemetryPhysical Security Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongPRO.PS-06Anti-malware and platform-level threat protection are…ProtectCIO4 items
4 of 6 typesMissing: External Audit, Other
PolicyPhysical Security Policy (PRO.PS-06)2026-03-12275 days freshOpen →
ProcedurePhysical Security Procedure (PRO.PS-06)2026-02-10245 days freshOpen →
AttestationFY26 Physical Security Attestation2025-12-12185 days freshOpen →
TelemetryPhysical Security Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongPRO.NS-01Network security policyProtectCTO4 items
4 of 6 typesMissing: External Audit, Other
PolicyNetwork Security Policy (PRO.NS-01)2025-10-13125 days freshOpen →
ProcedureNetwork Security Procedure (PRO.NS-01)2025-08-1465 days freshOpen →
AttestationFY26 Network Security Attestation2026-04-11305 days freshOpen →
TelemetryNetwork Security Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongPRO.NS-02Network segmentation isolates environmentsProtectCTO4 items
4 of 6 typesMissing: External Audit, Other
PolicyNetwork Security Policy (PRO.NS-02)2026-03-12275 days freshOpen →
ProcedureNetwork Security Procedure (PRO.NS-02)2026-02-10245 days freshOpen →
AttestationFY26 Network Security Attestation2025-12-12185 days freshOpen →
TelemetryNetwork Security Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongPRO.NS-03Perimeter protectionProtectCTO4 items
4 of 6 typesMissing: External Audit, Other
PolicyNetwork Security Policy (PRO.NS-03)2025-10-13125 days freshOpen →
ProcedureNetwork Security Procedure (PRO.NS-03)2025-08-1465 days freshOpen →
AttestationFY26 Network Security Attestation2026-04-11305 days freshOpen →
TelemetryNetwork Security Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongPRO.NS-04Domain Name SystemProtectCTO4 items
4 of 6 typesMissing: External Audit, Other
PolicyNetwork Security Policy (PRO.NS-04)2026-03-12275 days freshOpen →
ProcedureNetwork Security Procedure (PRO.NS-04)2026-02-10245 days freshOpen →
AttestationFY26 Network Security Attestation2025-12-12185 days freshOpen →
TelemetryNetwork Security Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongPRO.NS-05Remote access and VPN are governed under defined standardsProtectCTO4 items
4 of 6 typesMissing: External Audit, Other
PolicyNetwork Security Policy (PRO.NS-05)2025-10-13125 days freshOpen →
ProcedureNetwork Security Procedure (PRO.NS-05)2025-08-1465 days freshOpen →
AttestationFY26 Network Security Attestation2026-04-11305 days freshOpen →
TelemetryNetwork Security Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongPRO.EM-01Email and messaging security policyProtectCIO4 items
4 of 6 typesMissing: External Audit, Other
PolicyEmail Security Policy (PRO.EM-01)2026-03-12275 days freshOpen →
ProcedureEmail Security Procedure (PRO.EM-01)2026-02-10245 days freshOpen →
AttestationFY26 Email Security Attestation2025-12-12185 days freshOpen →
TelemetryEmail Security Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongPRO.EM-02Email security serviceProtectCIO4 items
4 of 6 typesMissing: External Audit, Other
PolicyEmail Security Policy (PRO.EM-02)2025-10-13125 days freshOpen →
ProcedureEmail Security Procedure (PRO.EM-02)2025-08-1465 days freshOpen →
AttestationFY26 Email Security Attestation2026-04-11305 days freshOpen →
TelemetryEmail Security Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongPRO.EM-03Email protocol-level safeguardsProtectCIO4 items
4 of 6 typesMissing: External Audit, Other
PolicyEmail Security Policy (PRO.EM-03)2026-03-12275 days freshOpen →
ProcedureEmail Security Procedure (PRO.EM-03)2026-02-10245 days freshOpen →
AttestationFY26 Email Security Attestation2025-12-12185 days freshOpen →
TelemetryEmail Security Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongPRO.EM-04Messaging and collaboration platform securityProtectCIO4 items
4 of 6 typesMissing: External Audit, Other
PolicyEmail Security Policy (PRO.EM-04)2025-10-13125 days freshOpen →
ProcedureEmail Security Procedure (PRO.EM-04)2025-08-1465 days freshOpen →
AttestationFY26 Email Security Attestation2026-04-11305 days freshOpen →
TelemetryEmail Security Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongPRO.EM-05Impersonation, lookalike-domain, and brand-related email…ProtectCIO4 items
4 of 6 typesMissing: External Audit, Other
PolicyEmail Security Policy (PRO.EM-05)2026-03-12275 days freshOpen →
ProcedureEmail Security Procedure (PRO.EM-05)2026-02-10245 days freshOpen →
AttestationFY26 Email Security Attestation2025-12-12185 days freshOpen →
TelemetryEmail Security Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongPRO.EP-01Endpoint security policyProtectCIO4 items
4 of 6 typesMissing: External Audit, Other
PolicyEndpoint Protection Policy (PRO.EP-01)2025-10-13125 days freshOpen →
ProcedureEndpoint Protection Procedure (PRO.EP-01)2025-08-1465 days freshOpen →
AttestationFY26 Endpoint Protection Attestation2026-04-11305 days freshOpen →
TelemetryEndpoint Protection Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongPRO.EP-02Endpoint protectionProtectCIO4 items
4 of 6 typesMissing: External Audit, Other
PolicyEndpoint Protection Policy (PRO.EP-02)2026-03-12275 days freshOpen →
ProcedureEndpoint Protection Procedure (PRO.EP-02)2026-02-10245 days freshOpen →
AttestationFY26 Endpoint Protection Attestation2025-12-12185 days freshOpen →
TelemetryEndpoint Protection Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongPRO.EP-03Mobile device management is applied to company-managed and…ProtectCIO4 items
4 of 6 typesMissing: External Audit, Other
PolicyEndpoint Protection Policy (PRO.EP-03)2025-10-13125 days freshOpen →
ProcedureEndpoint Protection Procedure (PRO.EP-03)2025-08-1465 days freshOpen →
AttestationFY26 Endpoint Protection Attestation2026-04-11305 days freshOpen →
TelemetryEndpoint Protection Monitoring Dashboard2026-05-2615 days to staleOpen →
AdequatePRO.EP-04Endpoint encryption is applied to in-scope devices…ProtectCIO2 items
2 of 6 typesMissing: Attestation, Telemetry, External Audit, Other
PolicyEndpoint Protection Policy (PRO.EP-04)2026-03-12275 days freshOpen →
ProcedureEndpoint Protection Procedure (PRO.EP-04)2026-02-10245 days freshOpen →
AdequatePRO.EP-05Endpoint lifecycleProtectCIO2 items
2 of 6 typesMissing: Attestation, Telemetry, External Audit, Other
PolicyEndpoint Protection Policy (PRO.EP-05)2025-12-12185 days freshOpen →
ProcedureEndpoint Protection Procedure (PRO.EP-05)2025-10-13125 days freshOpen →
AdequatePRO.IR-01Physical and environmental protection policyProtectIdentity & Access Manager2 items
2 of 6 typesMissing: Attestation, Telemetry, External Audit, Other
PolicyIdentity Lifecycle Policy (PRO.IR-01)2025-08-1465 days freshOpen →
ProcedureIdentity Lifecycle Procedure (PRO.IR-01)2026-04-11305 days freshOpen →
AdequatePRO.IR-02Physical access to facilitiesProtectIdentity & Access Manager2 items
2 of 6 typesMissing: Attestation, Telemetry, External Audit, Other
PolicyIdentity Lifecycle Policy (PRO.IR-02)2026-03-12275 days freshOpen →
ProcedureIdentity Lifecycle Procedure (PRO.IR-02)2026-02-10245 days freshOpen →
AdequatePRO.IR-03Environmental threatsProtectIdentity & Access Manager2 items
2 of 6 typesMissing: Attestation, Telemetry, External Audit, Other
PolicyIdentity Lifecycle Policy (PRO.IR-03)2025-12-12185 days freshOpen →
ProcedureIdentity Lifecycle Procedure (PRO.IR-03)2025-10-13125 days freshOpen →
AdequatePRO.IR-04Equipment siting, maintenance, and supporting utilities are…ProtectIdentity & Access Manager2 items
2 of 6 typesMissing: Attestation, Telemetry, External Audit, Other
PolicyIdentity Lifecycle Policy (PRO.IR-04)2025-08-1465 days freshOpen →
ProcedureIdentity Lifecycle Procedure (PRO.IR-04)2026-04-11305 days freshOpen →
AdequatePRO.IR-05Remote working and offsite use of Company assets are…ProtectIdentity & Access Manager2 items
2 of 6 typesMissing: Attestation, Telemetry, External Audit, Other
PolicyIdentity Lifecycle Policy (PRO.IR-05)2026-03-12275 days freshOpen →
ProcedureIdentity Lifecycle Procedure (PRO.IR-05)2026-02-10245 days freshOpen →
AdequatePRO.IR-06Clear desk, clear screen, and storage media handling are…ProtectIdentity & Access Manager2 items
2 of 6 typesMissing: Attestation, Telemetry, External Audit, Other
PolicyIdentity Lifecycle Policy (PRO.IR-06)2025-12-12185 days freshOpen →
ProcedureIdentity Lifecycle Procedure (PRO.IR-06)2025-10-13125 days freshOpen →
AdequatePRO.IR-07Infrastructure capacity and resource adequacy are monitoredProtectIdentity & Access Manager2 items
2 of 6 typesMissing: Attestation, Telemetry, External Audit, Other
PolicyIdentity Lifecycle Policy (PRO.IR-07)2025-08-1465 days freshOpen →
ProcedureIdentity Lifecycle Procedure (PRO.IR-07)2026-04-11305 days freshOpen →
AdequatePRO.IR-08Resilience mechanismsProtectIdentity & Access Manager2 items
2 of 6 typesMissing: Attestation, Telemetry, External Audit, Other
PolicyIdentity Lifecycle Policy (PRO.IR-08)2026-03-12275 days freshOpen →
ProcedureIdentity Lifecycle Procedure (PRO.IR-08)2026-02-10245 days freshOpen →
AdequatePRO.VM-01Vulnerability management policyProtectCTO2 items
2 of 6 typesMissing: Attestation, Telemetry, External Audit, Other
PolicyVulnerability Management Policy (PRO.VM-01)2025-12-12185 days freshOpen →
ProcedureVulnerability Management Procedure (PRO.VM-01)2025-10-13125 days freshOpen →
AdequatePRO.VM-02Vulnerability discoveryProtectCTO2 items
2 of 6 typesMissing: Attestation, Telemetry, External Audit, Other
PolicyVulnerability Management Policy (PRO.VM-02)2025-08-1465 days freshOpen →
ProcedureVulnerability Management Procedure (PRO.VM-02)2026-04-11305 days freshOpen →
AdequatePRO.VM-03Vulnerabilities are prioritised based on severityProtectCTO2 items
2 of 6 typesMissing: Attestation, Telemetry, External Audit, Other
PolicyVulnerability Management Policy (PRO.VM-03)2026-03-12275 days freshOpen →
ProcedureVulnerability Management Procedure (PRO.VM-03)2026-02-10245 days freshOpen →
WeakPRO.VM-04Vulnerabilities are remediated through patchingProtectCTO1 item
1 of 6 typesMissing: Procedure, Attestation, Telemetry, External Audit, OtherStale: Policy
PolicyVulnerability Management Policy (PRO.VM-04)2025-03-17 stale85 days overdueOpen →
Stale — needs refresh
WeakPRO.VM-05Vulnerability exceptions are formally requestedProtectCTO1 item
1 of 6 typesMissing: Procedure, Attestation, Telemetry, External Audit, OtherStale: Policy
PolicyVulnerability Management Policy (PRO.VM-05)2025-03-17 stale85 days overdueOpen →
Stale — needs refresh
WeakPRO.VM-06Coordinated vulnerability disclosure and external…ProtectCTO1 item
1 of 6 typesMissing: Procedure, Attestation, Telemetry, External Audit, OtherStale: Policy
PolicyVulnerability Management Policy (PRO.VM-06)2025-03-17 stale85 days overdueOpen →
Stale — needs refresh
WeakPRO.TA-01Training and awareness policyProtectCISO1 item
1 of 6 typesMissing: Procedure, Attestation, Telemetry, External Audit, OtherStale: Policy
PolicySecurity Training Policy (PRO.TA-01)2025-03-17 stale85 days overdueOpen →
Stale — needs refresh
WeakPRO.TA-02General information security training is provided to all…ProtectCISO1 item
1 of 6 typesMissing: Procedure, Attestation, Telemetry, External Audit, OtherStale: Policy
PolicySecurity Training Policy (PRO.TA-02)2025-03-17 stale85 days overdueOpen →
Stale — needs refresh
WeakPRO.TA-03Role-specific information security training is provided to…ProtectCISO1 item
1 of 6 typesMissing: Procedure, Attestation, Telemetry, External Audit, OtherStale: Policy
PolicySecurity Training Policy (PRO.TA-03)2025-03-17 stale85 days overdueOpen →
Stale — needs refresh
WeakPRO.TA-04Phishing and social engineering simulation programmes are…ProtectCISO1 item
1 of 6 typesMissing: Procedure, Attestation, Telemetry, External Audit, OtherStale: Policy
PolicySecurity Training Policy (PRO.TA-04)2025-03-17 stale85 days overdueOpen →
Stale — needs refresh
WeakPRO.TA-05Security champion networks are established across functions…ProtectCISO1 item
1 of 6 typesMissing: Procedure, Attestation, Telemetry, External Audit, OtherStale: Policy
PolicySecurity Training Policy (PRO.TA-05)2025-03-17 stale85 days overdueOpen →
Stale — needs refresh
WeakPRO.TA-06Training effectiveness is measuredProtectCISO1 item
1 of 6 typesMissing: Procedure, Attestation, Telemetry, External Audit, OtherStale: Policy
PolicySecurity Training Policy (PRO.TA-06)2025-03-17 stale85 days overdueOpen →
Stale — needs refresh
StrongDET.GV-01Detection and monitoring policyDetectCISO4 items
4 of 6 typesMissing: External Audit, Other
PolicyDetect Governance Policy (DET.GV-01)2025-12-12185 days freshOpen →
ProcedureDetect Governance Procedure (DET.GV-01)2025-10-13125 days freshOpen →
AttestationFY26 Detect Governance Attestation2025-08-1465 days freshOpen →
TelemetryDetect Governance Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongDET.GV-02Detection capabilityDetectCISO4 items
4 of 6 typesMissing: External Audit, Other
PolicyDetect Governance Policy (DET.GV-02)2026-04-11305 days freshOpen →
ProcedureDetect Governance Procedure (DET.GV-02)2026-03-12275 days freshOpen →
AttestationFY26 Detect Governance Attestation2026-02-10245 days freshOpen →
TelemetryDetect Governance Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongDET.GV-03Detection coverage is mapped against MITRE ATT&CK…DetectCISO4 items
4 of 6 typesMissing: External Audit, Other
PolicyDetect Governance Policy (DET.GV-03)2025-12-12185 days freshOpen →
ProcedureDetect Governance Procedure (DET.GV-03)2025-10-13125 days freshOpen →
AttestationFY26 Detect Governance Attestation2025-08-1465 days freshOpen →
TelemetryDetect Governance Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongDET.GV-04Detection effectivenessDetectCISO4 items
4 of 6 typesMissing: External Audit, Other
PolicyDetect Governance Policy (DET.GV-04)2026-04-11305 days freshOpen →
ProcedureDetect Governance Procedure (DET.GV-04)2026-03-12275 days freshOpen →
AttestationFY26 Detect Governance Attestation2026-02-10245 days freshOpen →
TelemetryDetect Governance Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongDET.LM-01Logging policy, scope, and standards are documented…DetectSOC Manager4 items
4 of 6 typesMissing: External Audit, Other
PolicyLog Management Policy (DET.LM-01)2025-12-12185 days freshOpen →
ProcedureLog Management Procedure (DET.LM-01)2025-10-13125 days freshOpen →
AttestationFY26 Log Management Attestation2025-08-1465 days freshOpen →
TelemetryLog Management Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongDET.LM-02Logs are generated across in-scope assets covering…DetectSOC Manager4 items
4 of 6 typesMissing: External Audit, Other
PolicyLog Management Policy (DET.LM-02)2026-04-11305 days freshOpen →
ProcedureLog Management Procedure (DET.LM-02)2026-03-12275 days freshOpen →
AttestationFY26 Log Management Attestation2026-02-10245 days freshOpen →
TelemetryLog Management Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongDET.LM-03Logs are aggregated to a central platform with sufficient…DetectSOC Manager4 items
4 of 6 typesMissing: External Audit, Other
PolicyLog Management Policy (DET.LM-03)2025-12-12185 days freshOpen →
ProcedureLog Management Procedure (DET.LM-03)2025-10-13125 days freshOpen →
AttestationFY26 Log Management Attestation2025-08-1465 days freshOpen →
TelemetryLog Management Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongDET.LM-04Log integrity is protectedDetectSOC Manager4 items
4 of 6 typesMissing: External Audit, Other
PolicyLog Management Policy (DET.LM-04)2026-04-11305 days freshOpen →
ProcedureLog Management Procedure (DET.LM-04)2026-03-12275 days freshOpen →
AttestationFY26 Log Management Attestation2026-02-10245 days freshOpen →
TelemetryLog Management Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongDET.LM-05Sensitive data accessDetectSOC Manager4 items
4 of 6 typesMissing: External Audit, Other
PolicyLog Management Policy (DET.LM-05)2025-12-12185 days freshOpen →
ProcedureLog Management Procedure (DET.LM-05)2025-10-13125 days freshOpen →
AttestationFY26 Log Management Attestation2025-08-1465 days freshOpen →
TelemetryLog Management Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongDET.CM-01Monitoring scope, signal sources, and tooling are defined…DetectSOC Manager4 items
4 of 6 typesMissing: External Audit, Other
PolicyContinuous Monitoring Policy (DET.CM-01)2026-04-11305 days freshOpen →
ProcedureContinuous Monitoring Procedure (DET.CM-01)2026-03-12275 days freshOpen →
AttestationFY26 Continuous Monitoring Attestation2026-02-10245 days freshOpen →
TelemetryContinuous Monitoring Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongDET.CM-02Endpoint and identity monitoring captures EDRDetectSOC Manager4 items
4 of 6 typesMissing: External Audit, Other
PolicyContinuous Monitoring Policy (DET.CM-02)2025-12-12185 days freshOpen →
ProcedureContinuous Monitoring Procedure (DET.CM-02)2025-10-13125 days freshOpen →
AttestationFY26 Continuous Monitoring Attestation2025-08-1465 days freshOpen →
TelemetryContinuous Monitoring Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongDET.CM-03Network and cloud workload monitoring captures perimeterDetectSOC Manager4 items
4 of 6 typesMissing: External Audit, Other
PolicyContinuous Monitoring Policy (DET.CM-03)2026-04-11305 days freshOpen →
ProcedureContinuous Monitoring Procedure (DET.CM-03)2026-03-12275 days freshOpen →
AttestationFY26 Continuous Monitoring Attestation2026-02-10245 days freshOpen →
TelemetryContinuous Monitoring Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongDET.CM-04Data, application, and messaging monitoring captures DLP…DetectSOC Manager4 items
4 of 6 typesMissing: External Audit, Other
PolicyContinuous Monitoring Policy (DET.CM-04)2025-12-12185 days freshOpen →
ProcedureContinuous Monitoring Procedure (DET.CM-04)2025-10-13125 days freshOpen →
AttestationFY26 Continuous Monitoring Attestation2025-08-1465 days freshOpen →
TelemetryContinuous Monitoring Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongDET.CM-05Physical and environmental monitoring captures facility…DetectSOC Manager4 items
4 of 6 typesMissing: External Audit, Other
PolicyContinuous Monitoring Policy (DET.CM-05)2026-04-11305 days freshOpen →
ProcedureContinuous Monitoring Procedure (DET.CM-05)2026-03-12275 days freshOpen →
AttestationFY26 Continuous Monitoring Attestation2026-02-10245 days freshOpen →
TelemetryContinuous Monitoring Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongDET.CM-06Insider threat and user behaviour analytics monitor for…DetectSOC Manager4 items
4 of 6 typesMissing: External Audit, Other
PolicyContinuous Monitoring Policy (DET.CM-06)2025-12-12185 days freshOpen →
ProcedureContinuous Monitoring Procedure (DET.CM-06)2025-10-13125 days freshOpen →
AttestationFY26 Continuous Monitoring Attestation2025-08-1465 days freshOpen →
TelemetryContinuous Monitoring Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongDET.DE-01Detection content lifecycleDetectSOC Manager4 items
4 of 6 typesMissing: External Audit, Other
PolicyDetection Engineering Policy (DET.DE-01)2026-04-11305 days freshOpen →
ProcedureDetection Engineering Procedure (DET.DE-01)2026-03-12275 days freshOpen →
AttestationFY26 Detection Engineering Attestation2026-02-10245 days freshOpen →
TelemetryDetection Engineering Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongDET.DE-02Detection content is informed by threat intelligence per…DetectSOC Manager4 items
4 of 6 typesMissing: External Audit, Other
PolicyDetection Engineering Policy (DET.DE-02)2025-12-12185 days freshOpen →
ProcedureDetection Engineering Procedure (DET.DE-02)2025-10-13125 days freshOpen →
AttestationFY26 Detection Engineering Attestation2025-08-1465 days freshOpen →
TelemetryDetection Engineering Monitoring Dashboard2026-06-0828 days to staleOpen →
AdequateDET.DE-03Detection content is version-controlledDetectSOC Manager2 items
2 of 6 typesMissing: Attestation, Telemetry, External Audit, Other
PolicyDetection Engineering Policy (DET.DE-03)2026-04-11305 days freshOpen →
ProcedureDetection Engineering Procedure (DET.DE-03)2026-03-12275 days freshOpen →
AdequateDET.DE-04Detection content effectivenessDetectSOC Manager2 items
2 of 6 typesMissing: Attestation, Telemetry, External Audit, Other
PolicyDetection Engineering Policy (DET.DE-04)2026-02-10245 days freshOpen →
ProcedureDetection Engineering Procedure (DET.DE-04)2025-12-12185 days freshOpen →
AdequateDET.EA-01Alert triage processesDetectSOC Manager2 items
2 of 6 typesMissing: Attestation, Telemetry, External Audit, Other
PolicyEvent Analysis Policy (DET.EA-01)2025-10-13125 days freshOpen →
ProcedureEvent Analysis Procedure (DET.EA-01)2025-08-1465 days freshOpen →
AdequateDET.EA-02Alerts are correlated across signal sources to identify…DetectSOC Manager2 items
2 of 6 typesMissing: Attestation, Telemetry, External Audit, Other
PolicyEvent Analysis Policy (DET.EA-02)2026-04-11305 days freshOpen →
ProcedureEvent Analysis Procedure (DET.EA-02)2026-03-12275 days freshOpen →
AdequateDET.EA-03Investigation procedures define evidence handlingDetectSOC Manager2 items
2 of 6 typesMissing: Attestation, Telemetry, External Audit, Other
PolicyEvent Analysis Policy (DET.EA-03)2026-02-10245 days freshOpen →
ProcedureEvent Analysis Procedure (DET.EA-03)2025-12-12185 days freshOpen →
WeakDET.EA-04Confirmed incidents are escalated to incident response per…DetectSOC Manager1 item
1 of 6 typesMissing: Procedure, Attestation, Telemetry, External Audit, OtherStale: Policy
PolicyEvent Analysis Policy (DET.EA-04)2025-03-17 stale85 days overdueOpen →
Stale — needs refresh
WeakDET.TH-01Threat hunting programmeDetectSOC Manager1 item
1 of 6 typesMissing: Procedure, Attestation, Telemetry, External Audit, OtherStale: Policy
PolicyThreat Hunting Policy (DET.TH-01)2025-03-17 stale85 days overdueOpen →
Stale — needs refresh
WeakDET.TH-02Hunts are informed by threat intelligence per IDE.TMDetectSOC Manager1 item
1 of 6 typesMissing: Procedure, Attestation, Telemetry, External Audit, OtherStale: Policy
PolicyThreat Hunting Policy (DET.TH-02)2025-03-17 stale85 days overdueOpen →
Stale — needs refresh
WeakDET.TH-03Hunt outcomes — confirmed threats, new detection content…DetectSOC Manager1 item
1 of 6 typesMissing: Procedure, Attestation, Telemetry, External Audit, OtherStale: Policy
PolicyThreat Hunting Policy (DET.TH-03)2025-03-17 stale85 days overdueOpen →
Stale — needs refresh
StrongRES.GV-01Information Security incident response policyRespondCISO4 items
4 of 6 typesMissing: External Audit, Other
PolicyRespond Governance Policy (RES.GV-01)2025-10-13125 days freshOpen →
ProcedureRespond Governance Procedure (RES.GV-01)2025-08-1465 days freshOpen →
AttestationFY26 Respond Governance Attestation2026-04-11305 days freshOpen →
TelemetryRespond Governance Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongRES.GV-02Incident response capabilityRespondCISO4 items
4 of 6 typesMissing: External Audit, Other
PolicyRespond Governance Policy (RES.GV-02)2026-03-12275 days freshOpen →
ProcedureRespond Governance Procedure (RES.GV-02)2026-02-10245 days freshOpen →
AttestationFY26 Respond Governance Attestation2025-12-12185 days freshOpen →
TelemetryRespond Governance Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongRES.GV-03Stakeholder engagement frameworkRespondCISO4 items
4 of 6 typesMissing: External Audit, Other
PolicyRespond Governance Policy (RES.GV-03)2025-10-13125 days freshOpen →
ProcedureRespond Governance Procedure (RES.GV-03)2025-08-1465 days freshOpen →
AttestationFY26 Respond Governance Attestation2026-04-11305 days freshOpen →
TelemetryRespond Governance Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongRES.PR-01Incident response plans and playbooksRespondIncident Response Lead4 items
4 of 6 typesMissing: External Audit, Other
PolicyResponse Preparation Policy (RES.PR-01)2026-03-12275 days freshOpen →
ProcedureResponse Preparation Procedure (RES.PR-01)2026-02-10245 days freshOpen →
AttestationFY26 Response Preparation Attestation2025-12-12185 days freshOpen →
TelemetryResponse Preparation Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongRES.PR-02Response tooling — forensic acquisition, investigation…RespondIncident Response Lead4 items
4 of 6 typesMissing: External Audit, Other
PolicyResponse Preparation Policy (RES.PR-02)2025-10-13125 days freshOpen →
ProcedureResponse Preparation Procedure (RES.PR-02)2025-08-1465 days freshOpen →
AttestationFY26 Response Preparation Attestation2026-04-11305 days freshOpen →
TelemetryResponse Preparation Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongRES.PR-03Personnel competence for response roles is established and…RespondIncident Response Lead4 items
4 of 6 typesMissing: External Audit, Other
PolicyResponse Preparation Policy (RES.PR-03)2026-03-12275 days freshOpen →
ProcedureResponse Preparation Procedure (RES.PR-03)2026-02-10245 days freshOpen →
AttestationFY26 Response Preparation Attestation2025-12-12185 days freshOpen →
TelemetryResponse Preparation Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongRES.PR-04Exercises — tabletop, technical, full simulation — are…RespondIncident Response Lead4 items
4 of 6 typesMissing: External Audit, Other
PolicyResponse Preparation Policy (RES.PR-04)2025-10-13125 days freshOpen →
ProcedureResponse Preparation Procedure (RES.PR-04)2025-08-1465 days freshOpen →
AttestationFY26 Response Preparation Attestation2026-04-11305 days freshOpen →
TelemetryResponse Preparation Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongRES.PR-05External relationshipsRespondIncident Response Lead4 items
4 of 6 typesMissing: External Audit, Other
PolicyResponse Preparation Policy (RES.PR-05)2026-03-12275 days freshOpen →
ProcedureResponse Preparation Procedure (RES.PR-05)2026-02-10245 days freshOpen →
AttestationFY26 Response Preparation Attestation2025-12-12185 days freshOpen →
TelemetryResponse Preparation Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongRES.IR-01Incidents are declaredRespondIncident Response Lead4 items
4 of 6 typesMissing: External Audit, Other
PolicyIncident Response Policy (RES.IR-01)2025-10-13125 days freshOpen →
ProcedureIncident Response Procedure (RES.IR-01)2025-08-1465 days freshOpen →
AttestationFY26 Incident Response Attestation2026-04-11305 days freshOpen →
TelemetryIncident Response Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongRES.IR-02Incident leadership and cross-functional coordination are…RespondIncident Response Lead4 items
4 of 6 typesMissing: External Audit, Other
PolicyIncident Response Policy (RES.IR-02)2026-03-12275 days freshOpen →
ProcedureIncident Response Procedure (RES.IR-02)2026-02-10245 days freshOpen →
AttestationFY26 Incident Response Attestation2025-12-12185 days freshOpen →
TelemetryIncident Response Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongRES.IR-03Containment actions are executed to limit incident impact…RespondIncident Response Lead4 items
4 of 6 typesMissing: External Audit, Other
PolicyIncident Response Policy (RES.IR-03)2025-10-13125 days freshOpen →
ProcedureIncident Response Procedure (RES.IR-03)2025-08-1465 days freshOpen →
AttestationFY26 Incident Response Attestation2026-04-11305 days freshOpen →
TelemetryIncident Response Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongRES.IR-04Eradication actions remove the threat presence and restore…RespondIncident Response Lead4 items
4 of 6 typesMissing: External Audit, Other
PolicyIncident Response Policy (RES.IR-04)2026-03-12275 days freshOpen →
ProcedureIncident Response Procedure (RES.IR-04)2026-02-10245 days freshOpen →
AttestationFY26 Incident Response Attestation2025-12-12185 days freshOpen →
TelemetryIncident Response Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongRES.IR-05Recovery coordination with REC ensures restoration of…RespondIncident Response Lead4 items
4 of 6 typesMissing: External Audit, Other
PolicyIncident Response Policy (RES.IR-05)2025-10-13125 days freshOpen →
ProcedureIncident Response Procedure (RES.IR-05)2025-08-1465 days freshOpen →
AttestationFY26 Incident Response Attestation2026-04-11305 days freshOpen →
TelemetryIncident Response Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongRES.IR-06Specialty incident classesRespondIncident Response Lead4 items
4 of 6 typesMissing: External Audit, Other
PolicyIncident Response Policy (RES.IR-06)2026-03-12275 days freshOpen →
ProcedureIncident Response Procedure (RES.IR-06)2026-02-10245 days freshOpen →
AttestationFY26 Incident Response Attestation2025-12-12185 days freshOpen →
TelemetryIncident Response Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongRES.AN-01Forensic analysis and evidence handling are performed under…RespondIncident Response Lead4 items
4 of 6 typesMissing: External Audit, Other
PolicyIncident Analysis Policy (RES.AN-01)2025-10-13125 days freshOpen →
ProcedureIncident Analysis Procedure (RES.AN-01)2025-08-1465 days freshOpen →
AttestationFY26 Incident Analysis Attestation2026-04-11305 days freshOpen →
TelemetryIncident Analysis Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongRES.AN-02Incident scope, impact, and affected assets are determined…RespondIncident Response Lead4 items
4 of 6 typesMissing: External Audit, Other
PolicyIncident Analysis Policy (RES.AN-02)2026-03-12275 days freshOpen →
ProcedureIncident Analysis Procedure (RES.AN-02)2026-02-10245 days freshOpen →
AttestationFY26 Incident Analysis Attestation2025-12-12185 days freshOpen →
TelemetryIncident Analysis Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongRES.AN-03Root cause is identified and documented for material…RespondIncident Response Lead4 items
4 of 6 typesMissing: External Audit, Other
PolicyIncident Analysis Policy (RES.AN-03)2025-10-13125 days freshOpen →
ProcedureIncident Analysis Procedure (RES.AN-03)2025-08-1465 days freshOpen →
AttestationFY26 Incident Analysis Attestation2026-04-11305 days freshOpen →
TelemetryIncident Analysis Monitoring Dashboard2026-05-2615 days to staleOpen →
AdequateRES.AN-04Threat actor attribution is assessed where evidence…RespondIncident Response Lead2 items
2 of 6 typesMissing: Attestation, Telemetry, External Audit, Other
PolicyIncident Analysis Policy (RES.AN-04)2026-03-12275 days freshOpen →
ProcedureIncident Analysis Procedure (RES.AN-04)2026-02-10245 days freshOpen →
AdequateRES.IC-01Internal communicationRespondIncident Response Lead2 items
2 of 6 typesMissing: Attestation, Telemetry, External Audit, Other
PolicyCrisis Communications Policy (RES.IC-01)2025-12-12185 days freshOpen →
ProcedureCrisis Communications Procedure (RES.IC-01)2025-10-13125 days freshOpen →
AdequateRES.IC-02Regulatory notificationsRespondIncident Response Lead2 items
2 of 6 typesMissing: Attestation, Telemetry, External Audit, Other
PolicyCrisis Communications Policy (RES.IC-02)2025-08-1465 days freshOpen →
ProcedureCrisis Communications Procedure (RES.IC-02)2026-04-11305 days freshOpen →
AdequateRES.IC-03Customer notification and engagement are conducted where…RespondIncident Response Lead2 items
2 of 6 typesMissing: Attestation, Telemetry, External Audit, Other
PolicyCrisis Communications Policy (RES.IC-03)2026-03-12275 days freshOpen →
ProcedureCrisis Communications Procedure (RES.IC-03)2026-02-10245 days freshOpen →
AdequateRES.IC-04Supplier and third-party coordination is conducted where…RespondIncident Response Lead2 items
2 of 6 typesMissing: Attestation, Telemetry, External Audit, Other
PolicyCrisis Communications Policy (RES.IC-04)2025-12-12185 days freshOpen →
ProcedureCrisis Communications Procedure (RES.IC-04)2025-10-13125 days freshOpen →
WeakRES.IC-05Public communicationRespondIncident Response Lead1 item
1 of 6 typesMissing: Procedure, Attestation, Telemetry, External Audit, OtherStale: Policy
PolicyCrisis Communications Policy (RES.IC-05)2025-03-17 stale85 days overdueOpen →
Stale — needs refresh
WeakRES.LL-01Post-incident reviews are conducted for material incidents…RespondIncident Response Lead1 item
1 of 6 typesMissing: Procedure, Attestation, Telemetry, External Audit, OtherStale: Policy
PolicyLessons Learned Policy (RES.LL-01)2025-03-17 stale85 days overdueOpen →
Stale — needs refresh
WeakRES.LL-02Programme-level effectivenessRespondIncident Response Lead1 item
1 of 6 typesMissing: Procedure, Attestation, Telemetry, External Audit, OtherStale: Policy
PolicyLessons Learned Policy (RES.LL-02)2025-03-17 stale85 days overdueOpen →
Stale — needs refresh
WeakRES.LL-03Improvement actions are tracked to closure and feed…RespondIncident Response Lead1 item
1 of 6 typesMissing: Procedure, Attestation, Telemetry, External Audit, OtherStale: Policy
PolicyLessons Learned Policy (RES.LL-03)2025-03-17 stale85 days overdueOpen →
Stale — needs refresh
StrongREC.GV-01Recovery policy, procedures, and roles are documented…RecoverCISO4 items
4 of 6 typesMissing: External Audit, Other
PolicyRecover Governance Policy (REC.GV-01)2025-08-1465 days freshOpen →
ProcedureRecover Governance Procedure (REC.GV-01)2026-04-11305 days freshOpen →
AttestationFY26 Recover Governance Attestation2026-03-12275 days freshOpen →
TelemetryRecover Governance Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongREC.GV-02Recovery capabilityRecoverCISO4 items
4 of 6 typesMissing: External Audit, Other
PolicyRecover Governance Policy (REC.GV-02)2026-02-10245 days freshOpen →
ProcedureRecover Governance Procedure (REC.GV-02)2025-12-12185 days freshOpen →
AttestationFY26 Recover Governance Attestation2025-10-13125 days freshOpen →
TelemetryRecover Governance Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongREC.GV-03Stakeholder engagement frameworkRecoverCISO4 items
4 of 6 typesMissing: External Audit, Other
PolicyRecover Governance Policy (REC.GV-03)2025-08-1465 days freshOpen →
ProcedureRecover Governance Procedure (REC.GV-03)2026-04-11305 days freshOpen →
AttestationFY26 Recover Governance Attestation2026-03-12275 days freshOpen →
TelemetryRecover Governance Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongREC.RP-01Recovery strategies and plansRecoverBusiness Continuity Manager4 items
4 of 6 typesMissing: External Audit, Other
PolicyRecovery Plans Policy (REC.RP-01)2026-02-10245 days freshOpen →
ProcedureRecovery Plans Procedure (REC.RP-01)2025-12-12185 days freshOpen →
AttestationFY26 Recovery Plans Attestation2025-10-13125 days freshOpen →
TelemetryRecovery Plans Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongREC.RP-02Recovery tooling and infrastructureRecoverBusiness Continuity Manager4 items
4 of 6 typesMissing: External Audit, Other
PolicyRecovery Plans Policy (REC.RP-02)2025-08-1465 days freshOpen →
ProcedureRecovery Plans Procedure (REC.RP-02)2026-04-11305 days freshOpen →
AttestationFY26 Recovery Plans Attestation2026-03-12275 days freshOpen →
TelemetryRecovery Plans Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongREC.RP-03Personnel competence for recovery roles is established and…RecoverBusiness Continuity Manager4 items
4 of 6 typesMissing: External Audit, Other
PolicyRecovery Plans Policy (REC.RP-03)2026-02-10245 days freshOpen →
ProcedureRecovery Plans Procedure (REC.RP-03)2025-12-12185 days freshOpen →
AttestationFY26 Recovery Plans Attestation2025-10-13125 days freshOpen →
TelemetryRecovery Plans Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongREC.RP-04Recovery exercisesRecoverBusiness Continuity Manager4 items
4 of 6 typesMissing: External Audit, Other
PolicyRecovery Plans Policy (REC.RP-04)2025-08-1465 days freshOpen →
ProcedureRecovery Plans Procedure (REC.RP-04)2026-04-11305 days freshOpen →
AttestationFY26 Recovery Plans Attestation2026-03-12275 days freshOpen →
TelemetryRecovery Plans Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongREC.RP-05External relationshipsRecoverBusiness Continuity Manager4 items
4 of 6 typesMissing: External Audit, Other
PolicyRecovery Plans Policy (REC.RP-05)2026-02-10245 days freshOpen →
ProcedureRecovery Plans Procedure (REC.RP-05)2025-12-12185 days freshOpen →
AttestationFY26 Recovery Plans Attestation2025-10-13125 days freshOpen →
TelemetryRecovery Plans Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongREC.RO-01Recovery is initiated under defined criteria with…RecoverBusiness Continuity Manager4 items
4 of 6 typesMissing: External Audit, Other
PolicyRecovery Operations Policy (REC.RO-01)2025-08-1465 days freshOpen →
ProcedureRecovery Operations Procedure (REC.RO-01)2026-04-11305 days freshOpen →
AttestationFY26 Recovery Operations Attestation2026-03-12275 days freshOpen →
TelemetryRecovery Operations Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongREC.RO-02Recovery leadership and cross-functional coordination are…RecoverBusiness Continuity Manager4 items
4 of 6 typesMissing: External Audit, Other
PolicyRecovery Operations Policy (REC.RO-02)2026-02-10245 days freshOpen →
ProcedureRecovery Operations Procedure (REC.RO-02)2025-12-12185 days freshOpen →
AttestationFY26 Recovery Operations Attestation2025-10-13125 days freshOpen →
TelemetryRecovery Operations Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongREC.RO-03System, data, and service restoration are executed under…RecoverBusiness Continuity Manager4 items
4 of 6 typesMissing: External Audit, Other
PolicyRecovery Operations Policy (REC.RO-03)2025-08-1465 days freshOpen →
ProcedureRecovery Operations Procedure (REC.RO-03)2026-04-11305 days freshOpen →
AttestationFY26 Recovery Operations Attestation2026-03-12275 days freshOpen →
TelemetryRecovery Operations Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongREC.RO-04Specialty recovery scenariosRecoverBusiness Continuity Manager4 items
4 of 6 typesMissing: External Audit, Other
PolicyRecovery Operations Policy (REC.RO-04)2026-02-10245 days freshOpen →
ProcedureRecovery Operations Procedure (REC.RO-04)2025-12-12185 days freshOpen →
AttestationFY26 Recovery Operations Attestation2025-10-13125 days freshOpen →
TelemetryRecovery Operations Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongREC.RV-01Pre-recovery validationRecoverBusiness Continuity Manager4 items
4 of 6 typesMissing: External Audit, Other
PolicyRecovery Validation Policy (REC.RV-01)2025-08-1465 days freshOpen →
ProcedureRecovery Validation Procedure (REC.RV-01)2026-04-11305 days freshOpen →
AttestationFY26 Recovery Validation Attestation2026-03-12275 days freshOpen →
TelemetryRecovery Validation Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongREC.RV-02Post-restoration integrity verificationRecoverBusiness Continuity Manager4 items
4 of 6 typesMissing: External Audit, Other
PolicyRecovery Validation Policy (REC.RV-02)2026-02-10245 days freshOpen →
ProcedureRecovery Validation Procedure (REC.RV-02)2025-12-12185 days freshOpen →
AttestationFY26 Recovery Validation Attestation2025-10-13125 days freshOpen →
TelemetryRecovery Validation Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongREC.RV-03Heightened post-recovery monitoring is maintained for a…RecoverBusiness Continuity Manager4 items
4 of 6 typesMissing: External Audit, Other
PolicyRecovery Validation Policy (REC.RV-03)2025-08-1465 days freshOpen →
ProcedureRecovery Validation Procedure (REC.RV-03)2026-04-11305 days freshOpen →
AttestationFY26 Recovery Validation Attestation2026-03-12275 days freshOpen →
TelemetryRecovery Validation Monitoring Dashboard2026-06-0828 days to staleOpen →
AdequateREC.RC-01Internal communicationRecoverBusiness Continuity Manager2 items
2 of 6 typesMissing: Attestation, Telemetry, External Audit, Other
PolicyRecovery Comms Policy (REC.RC-01)2026-02-10245 days freshOpen →
ProcedureRecovery Comms Procedure (REC.RC-01)2025-12-12185 days freshOpen →
AdequateREC.RC-02Regulatory communications during recoveryRecoverBusiness Continuity Manager2 items
2 of 6 typesMissing: Attestation, Telemetry, External Audit, Other
PolicyRecovery Comms Policy (REC.RC-02)2025-10-13125 days freshOpen →
ProcedureRecovery Comms Procedure (REC.RC-02)2025-08-1465 days freshOpen →
AdequateREC.RC-03Customer communication and service-restoration updates are…RecoverBusiness Continuity Manager2 items
2 of 6 typesMissing: Attestation, Telemetry, External Audit, Other
PolicyRecovery Comms Policy (REC.RC-03)2026-04-11305 days freshOpen →
ProcedureRecovery Comms Procedure (REC.RC-03)2026-03-12275 days freshOpen →
AdequateREC.RC-04Supplier and third-party coordination during recovery is…RecoverBusiness Continuity Manager2 items
2 of 6 typesMissing: Attestation, Telemetry, External Audit, Other
PolicyRecovery Comms Policy (REC.RC-04)2026-02-10245 days freshOpen →
ProcedureRecovery Comms Procedure (REC.RC-04)2025-12-12185 days freshOpen →
AdequateREC.RC-05Public communication and external messaging during recovery…RecoverBusiness Continuity Manager2 items
2 of 6 typesMissing: Attestation, Telemetry, External Audit, Other
PolicyRecovery Comms Policy (REC.RC-05)2025-10-13125 days freshOpen →
ProcedureRecovery Comms Procedure (REC.RC-05)2025-08-1465 days freshOpen →
WeakREC.LL-01Post-recovery reviews are conducted for material recoveries…RecoverBusiness Continuity Manager1 item
1 of 6 typesMissing: Procedure, Attestation, Telemetry, External Audit, OtherStale: Policy
PolicyRecovery Lessons Policy (REC.LL-01)2025-03-17 stale85 days overdueOpen →
Stale — needs refresh
WeakREC.LL-02Programme-level effectivenessRecoverBusiness Continuity Manager1 item
1 of 6 typesMissing: Procedure, Attestation, Telemetry, External Audit, OtherStale: Policy
PolicyRecovery Lessons Policy (REC.LL-02)2025-03-17 stale85 days overdueOpen →
Stale — needs refresh
WeakREC.LL-03Improvement actions are tracked to closure and feed…RecoverBusiness Continuity Manager1 item
1 of 6 typesMissing: Procedure, Attestation, Telemetry, External Audit, OtherStale: Policy
PolicyRecovery Lessons Policy (REC.LL-03)2025-03-17 stale85 days overdueOpen →
Stale — needs refresh
StrongAPS.GV-01AppSec policies are documentedAppSecCISO4 items
4 of 6 typesMissing: External Audit, Other
PolicyAppSec Governance Policy (APS.GV-01)2026-04-11305 days freshOpen →
ProcedureAppSec Governance Procedure (APS.GV-01)2026-03-12275 days freshOpen →
AttestationFY26 AppSec Governance Attestation2026-02-10245 days freshOpen →
TelemetryAppSec Governance Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongAPS.GV-02AppSec procedures are documentedAppSecCISO4 items
4 of 6 typesMissing: External Audit, Other
PolicyAppSec Governance Policy (APS.GV-02)2025-12-12185 days freshOpen →
ProcedureAppSec Governance Procedure (APS.GV-02)2025-10-13125 days freshOpen →
AttestationFY26 AppSec Governance Attestation2025-08-1465 days freshOpen →
TelemetryAppSec Governance Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongAPS.GV-03Secure Software Development Lifecycle (SDLC) standards are…AppSecCISO4 items
4 of 6 typesMissing: External Audit, Other
PolicyAppSec Governance Policy (APS.GV-03)2026-04-11305 days freshOpen →
ProcedureAppSec Governance Procedure (APS.GV-03)2026-03-12275 days freshOpen →
AttestationFY26 AppSec Governance Attestation2026-02-10245 days freshOpen →
TelemetryAppSec Governance Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongAPS.GV-04AppSec compliance with policiesAppSecCISO4 items
4 of 6 typesMissing: External Audit, Other
PolicyAppSec Governance Policy (APS.GV-04)2025-12-12185 days freshOpen →
ProcedureAppSec Governance Procedure (APS.GV-04)2025-10-13125 days freshOpen →
AttestationFY26 AppSec Governance Attestation2025-08-1465 days freshOpen →
TelemetryAppSec Governance Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongAPS.AM-01Applications are inventoried and classifiedAppSecAppSec Lead4 items
4 of 6 typesMissing: External Audit, Other
PolicyAppSec Asset Mgmt Policy (APS.AM-01)2026-04-11305 days freshOpen →
ProcedureAppSec Asset Mgmt Procedure (APS.AM-01)2026-03-12275 days freshOpen →
AttestationFY26 AppSec Asset Mgmt Attestation2026-02-10245 days freshOpen →
TelemetryAppSec Asset Mgmt Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongAPS.AM-02Source code repositories are inventoriedAppSecAppSec Lead4 items
4 of 6 typesMissing: External Audit, Other
PolicyAppSec Asset Mgmt Policy (APS.AM-02)2025-12-12185 days freshOpen →
ProcedureAppSec Asset Mgmt Procedure (APS.AM-02)2025-10-13125 days freshOpen →
AttestationFY26 AppSec Asset Mgmt Attestation2025-08-1465 days freshOpen →
TelemetryAppSec Asset Mgmt Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongAPS.AM-03Secrets are inventoriedAppSecAppSec Lead4 items
4 of 6 typesMissing: External Audit, Other
PolicyAppSec Asset Mgmt Policy (APS.AM-03)2026-04-11305 days freshOpen →
ProcedureAppSec Asset Mgmt Procedure (APS.AM-03)2026-03-12275 days freshOpen →
AttestationFY26 AppSec Asset Mgmt Attestation2026-02-10245 days freshOpen →
TelemetryAppSec Asset Mgmt Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongAPS.AM-04Application data flows and integrations are documentedAppSecAppSec Lead4 items
4 of 6 typesMissing: External Audit, Other
PolicyAppSec Asset Mgmt Policy (APS.AM-04)2025-12-12185 days freshOpen →
ProcedureAppSec Asset Mgmt Procedure (APS.AM-04)2025-10-13125 days freshOpen →
AttestationFY26 AppSec Asset Mgmt Attestation2025-08-1465 days freshOpen →
TelemetryAppSec Asset Mgmt Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongAPS.DS-01Security requirements are defined for applications based on…AppSecAppSec Lead4 items
4 of 6 typesMissing: External Audit, Other
PolicyApp Data Security Policy (APS.DS-01)2026-04-11305 days freshOpen →
ProcedureApp Data Security Procedure (APS.DS-01)2026-03-12275 days freshOpen →
AttestationFY26 App Data Security Attestation2026-02-10245 days freshOpen →
TelemetryApp Data Security Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongAPS.DS-02Threat modeling is performed iteratively for applications…AppSecAppSec Lead4 items
4 of 6 typesMissing: External Audit, Other
PolicyApp Data Security Policy (APS.DS-02)2025-12-12185 days freshOpen →
ProcedureApp Data Security Procedure (APS.DS-02)2025-10-13125 days freshOpen →
AttestationFY26 App Data Security Attestation2025-08-1465 days freshOpen →
TelemetryApp Data Security Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongAPS.DS-03Security architecture reviews are performed for new…AppSecAppSec Lead4 items
4 of 6 typesMissing: External Audit, Other
PolicyApp Data Security Policy (APS.DS-03)2026-04-11305 days freshOpen →
ProcedureApp Data Security Procedure (APS.DS-03)2026-03-12275 days freshOpen →
AttestationFY26 App Data Security Attestation2026-02-10245 days freshOpen →
TelemetryApp Data Security Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongAPS.DS-04Privacy by design and Data Protection Impact Assessments…AppSecAppSec Lead4 items
4 of 6 typesMissing: External Audit, Other
PolicyApp Data Security Policy (APS.DS-04)2025-12-12185 days freshOpen →
ProcedureApp Data Security Procedure (APS.DS-04)2025-10-13125 days freshOpen →
AttestationFY26 App Data Security Attestation2025-08-1465 days freshOpen →
TelemetryApp Data Security Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongAPS.DS-05Secure design patterns and reusable security components are…AppSecAppSec Lead4 items
4 of 6 typesMissing: External Audit, Other
PolicyApp Data Security Policy (APS.DS-05)2026-04-11305 days freshOpen →
ProcedureApp Data Security Procedure (APS.DS-05)2026-03-12275 days freshOpen →
AttestationFY26 App Data Security Attestation2026-02-10245 days freshOpen →
TelemetryApp Data Security Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongAPS.SD-01Access control is applied to development assetsAppSecAppSec Lead4 items
4 of 6 typesMissing: External Audit, Other
PolicySecure Development Policy (APS.SD-01)2025-12-12185 days freshOpen →
ProcedureSecure Development Procedure (APS.SD-01)2025-10-13125 days freshOpen →
AttestationFY26 Secure Development Attestation2025-08-1465 days freshOpen →
TelemetrySecure Development Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongAPS.SD-02Cryptography is applied to protect data within applications…AppSecAppSec Lead4 items
4 of 6 typesMissing: External Audit, Other
PolicySecure Development Policy (APS.SD-02)2026-04-11305 days freshOpen →
ProcedureSecure Development Procedure (APS.SD-02)2026-03-12275 days freshOpen →
AttestationFY26 Secure Development Attestation2026-02-10245 days freshOpen →
TelemetrySecure Development Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongAPS.SD-03Input is validated and exceptions are handled securely…AppSecAppSec Lead4 items
4 of 6 typesMissing: External Audit, Other
PolicySecure Development Policy (APS.SD-03)2025-12-12185 days freshOpen →
ProcedureSecure Development Procedure (APS.SD-03)2025-10-13125 days freshOpen →
AttestationFY26 Secure Development Attestation2025-08-1465 days freshOpen →
TelemetrySecure Development Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongAPS.SD-04Security is addressed from the start of development (OWASP…AppSecAppSec Lead4 items
4 of 6 typesMissing: External Audit, Other
PolicySecure Development Policy (APS.SD-04)2026-04-11305 days freshOpen →
ProcedureSecure Development Procedure (APS.SD-04)2026-03-12275 days freshOpen →
AttestationFY26 Secure Development Attestation2026-02-10245 days freshOpen →
TelemetrySecure Development Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongAPS.SD-05Configurations are secure by default (OWASP C5) OWASP Top…AppSecAppSec Lead4 items
4 of 6 typesMissing: External Audit, Other
PolicySecure Development Policy (APS.SD-05)2025-12-12185 days freshOpen →
ProcedureSecure Development Procedure (APS.SD-05)2025-10-13125 days freshOpen →
AttestationFY26 Secure Development Attestation2025-08-1465 days freshOpen →
TelemetrySecure Development Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongAPS.SD-06Components are kept secure (OWASP C6) OWASP Top 10…AppSecAppSec Lead4 items
4 of 6 typesMissing: External Audit, Other
PolicySecure Development Policy (APS.SD-06)2026-04-11305 days freshOpen →
ProcedureSecure Development Procedure (APS.SD-06)2026-03-12275 days freshOpen →
AttestationFY26 Secure Development Attestation2026-02-10245 days freshOpen →
TelemetrySecure Development Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongAPS.SD-07Digital identities are secured (OWASP C7) OWASP Top 10…AppSecAppSec Lead4 items
4 of 6 typesMissing: External Audit, Other
PolicySecure Development Policy (APS.SD-07)2025-12-12185 days freshOpen →
ProcedureSecure Development Procedure (APS.SD-07)2025-10-13125 days freshOpen →
AttestationFY26 Secure Development Attestation2025-08-1465 days freshOpen →
TelemetrySecure Development Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongAPS.SD-08Browser security features are leveraged (OWASP C8) OWASP…AppSecAppSec Lead4 items
4 of 6 typesMissing: External Audit, Other
PolicySecure Development Policy (APS.SD-08)2026-04-11305 days freshOpen →
ProcedureSecure Development Procedure (APS.SD-08)2026-03-12275 days freshOpen →
AttestationFY26 Secure Development Attestation2026-02-10245 days freshOpen →
TelemetrySecure Development Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongAPS.SD-09Security logging and monitoring are implemented (OWASP C9)…AppSecAppSec Lead4 items
4 of 6 typesMissing: External Audit, Other
PolicySecure Development Policy (APS.SD-09)2025-12-12185 days freshOpen →
ProcedureSecure Development Procedure (APS.SD-09)2025-10-13125 days freshOpen →
AttestationFY26 Secure Development Attestation2025-08-1465 days freshOpen →
TelemetrySecure Development Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongAPS.SD-10Server-side request forgery is prevented (OWASP C10) OWASP…AppSecAppSec Lead4 items
4 of 6 typesMissing: External Audit, Other
PolicySecure Development Policy (APS.SD-10)2026-04-11305 days freshOpen →
ProcedureSecure Development Procedure (APS.SD-10)2026-03-12275 days freshOpen →
AttestationFY26 Secure Development Attestation2026-02-10245 days freshOpen →
TelemetrySecure Development Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongAPS.SD-11Secrets are sourced from secure secrets managementAppSecAppSec Lead4 items
4 of 6 typesMissing: External Audit, Other
PolicySecure Development Policy (APS.SD-11)2025-12-12185 days freshOpen →
ProcedureSecure Development Procedure (APS.SD-11)2025-10-13125 days freshOpen →
AttestationFY26 Secure Development Attestation2025-08-1465 days freshOpen →
TelemetrySecure Development Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongAPS.SD-12Secure coding standards are documented and appliedAppSecAppSec Lead4 items
4 of 6 typesMissing: External Audit, Other
PolicySecure Development Policy (APS.SD-12)2026-04-11305 days freshOpen →
ProcedureSecure Development Procedure (APS.SD-12)2026-03-12275 days freshOpen →
AttestationFY26 Secure Development Attestation2026-02-10245 days freshOpen →
TelemetrySecure Development Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongAPS.SC-01Third-party components and dependencies are inventoried and…AppSecVendor Risk Manager4 items
4 of 6 typesMissing: External Audit, Other
PolicyApp Supply Chain Policy (APS.SC-01)2025-12-12185 days freshOpen →
ProcedureApp Supply Chain Procedure (APS.SC-01)2025-10-13125 days freshOpen →
AttestationFY26 App Supply Chain Attestation2025-08-1465 days freshOpen →
TelemetryApp Supply Chain Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongAPS.SC-02Third-party component selection follows defined security…AppSecVendor Risk Manager4 items
4 of 6 typesMissing: External Audit, Other
PolicyApp Supply Chain Policy (APS.SC-02)2026-04-11305 days freshOpen →
ProcedureApp Supply Chain Procedure (APS.SC-02)2026-03-12275 days freshOpen →
AttestationFY26 App Supply Chain Attestation2026-02-10245 days freshOpen →
TelemetryApp Supply Chain Monitoring Dashboard2026-05-2615 days to staleOpen →
AdequateAPS.SC-03Build pipeline and deployment infrastructure integrity and…AppSecVendor Risk Manager2 items
2 of 6 typesMissing: Attestation, Telemetry, External Audit, Other
PolicyApp Supply Chain Policy (APS.SC-03)2025-12-12185 days freshOpen →
ProcedureApp Supply Chain Procedure (APS.SC-03)2025-10-13125 days freshOpen →
AdequateAPS.SC-04Container images and registries are managed for security…AppSecVendor Risk Manager2 items
2 of 6 typesMissing: Attestation, Telemetry, External Audit, Other
PolicyApp Supply Chain Policy (APS.SC-04)2025-08-1465 days freshOpen →
ProcedureApp Supply Chain Procedure (APS.SC-04)2026-04-11305 days freshOpen →
AdequateAPS.VM-01Application code testing is performedAppSecAppSec Lead2 items
2 of 6 typesMissing: Attestation, Telemetry, External Audit, Other
PolicyApp Vuln Management Policy (APS.VM-01)2026-03-12275 days freshOpen →
ProcedureApp Vuln Management Procedure (APS.VM-01)2026-02-10245 days freshOpen →
AdequateAPS.VM-02Application runtime testing is performedAppSecAppSec Lead2 items
2 of 6 typesMissing: Attestation, Telemetry, External Audit, Other
PolicyApp Vuln Management Policy (APS.VM-02)2025-12-12185 days freshOpen →
ProcedureApp Vuln Management Procedure (APS.VM-02)2025-10-13125 days freshOpen →
AdequateAPS.VM-03Infrastructure-as-Code (IaC) security scanning is performedAppSecAppSec Lead2 items
2 of 6 typesMissing: Attestation, Telemetry, External Audit, Other
PolicyApp Vuln Management Policy (APS.VM-03)2025-08-1465 days freshOpen →
ProcedureApp Vuln Management Procedure (APS.VM-03)2026-04-11305 days freshOpen →
AdequateAPS.VM-04Penetration testing is performed for in-scope applicationsAppSecAppSec Lead2 items
2 of 6 typesMissing: Attestation, Telemetry, External Audit, Other
PolicyApp Vuln Management Policy (APS.VM-04)2026-03-12275 days freshOpen →
ProcedureApp Vuln Management Procedure (APS.VM-04)2026-02-10245 days freshOpen →
AdequateAPS.VM-05Application vulnerabilities are trackedAppSecAppSec Lead2 items
2 of 6 typesMissing: Attestation, Telemetry, External Audit, Other
PolicyApp Vuln Management Policy (APS.VM-05)2025-12-12185 days freshOpen →
ProcedureApp Vuln Management Procedure (APS.VM-05)2025-10-13125 days freshOpen →
AdequateAPS.VM-06Bug bounty or coordinated vulnerability disclosure is…AppSecAppSec Lead2 items
2 of 6 typesMissing: Attestation, Telemetry, External Audit, Other
PolicyApp Vuln Management Policy (APS.VM-06)2025-08-1465 days freshOpen →
ProcedureApp Vuln Management Procedure (APS.VM-06)2026-04-11305 days freshOpen →
AdequateAPS.OP-01Application release and deployment processes apply secure…AppSecAppSec Lead2 items
2 of 6 typesMissing: Attestation, Telemetry, External Audit, Other
PolicyAppSec Operations Policy (APS.OP-01)2026-03-12275 days freshOpen →
ProcedureAppSec Operations Procedure (APS.OP-01)2026-02-10245 days freshOpen →
WeakAPS.OP-02Runtime application protection is applied where appropriateAppSecAppSec Lead1 item
1 of 6 typesMissing: Procedure, Attestation, Telemetry, External Audit, OtherStale: Policy
PolicyAppSec Operations Policy (APS.OP-02)2025-03-17 stale85 days overdueOpen →
Stale — needs refresh
WeakAPS.OP-03AppSec incident response procedures are documented and…AppSecAppSec Lead1 item
1 of 6 typesMissing: Procedure, Attestation, Telemetry, External Audit, OtherStale: Policy
PolicyAppSec Operations Policy (APS.OP-03)2025-03-17 stale85 days overdueOpen →
Stale — needs refresh
WeakAPS.OP-04Application BCP / DR procedures are documented and…AppSecAppSec Lead1 item
1 of 6 typesMissing: Procedure, Attestation, Telemetry, External Audit, OtherStale: Policy
PolicyAppSec Operations Policy (APS.OP-04)2025-03-17 stale85 days overdueOpen →
Stale — needs refresh
WeakAPS.OP-05Application decommissioning and end-of-life procedures…AppSecAppSec Lead1 item
1 of 6 typesMissing: Procedure, Attestation, Telemetry, External Audit, OtherStale: Policy
PolicyAppSec Operations Policy (APS.OP-05)2025-03-17 stale85 days overdueOpen →
Stale — needs refresh
WeakAPS.TA-01AppSec training is provided to developmentAppSecAppSec Lead1 item
1 of 6 typesMissing: Procedure, Attestation, Telemetry, External Audit, OtherStale: Policy
PolicyAppSec Training Policy (APS.TA-01)2025-03-17 stale85 days overdueOpen →
Stale — needs refresh
WeakAPS.TA-02A Security Champion programme is operated to designateAppSecAppSec Lead1 item
1 of 6 typesMissing: Procedure, Attestation, Telemetry, External Audit, OtherStale: Policy
PolicyAppSec Training Policy (APS.TA-02)2025-03-17 stale85 days overdueOpen →
Stale — needs refresh
StrongAIT.GV-01Third-Party AI policies are documentedAI Third PartyChief AI Officer4 items
4 of 6 typesMissing: External Audit, Other
PolicyThird-Party AI Governance Policy (AIT.GV-01)2025-12-12185 days freshOpen →
ProcedureThird-Party AI Governance Procedure (AIT.GV-01)2025-10-13125 days freshOpen →
AttestationFY26 Third-Party AI Governance Attestation2025-08-1465 days freshOpen →
TelemetryThird-Party AI Governance Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongAIT.GV-02Third-Party AI procedures are documentedAI Third PartyChief AI Officer4 items
4 of 6 typesMissing: External Audit, Other
PolicyThird-Party AI Governance Policy (AIT.GV-02)2026-04-11305 days freshOpen →
ProcedureThird-Party AI Governance Procedure (AIT.GV-02)2026-03-12275 days freshOpen →
AttestationFY26 Third-Party AI Governance Attestation2026-02-10245 days freshOpen →
TelemetryThird-Party AI Governance Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongAIT.GV-03Vendor responsibility frameworkAI Third PartyChief AI Officer4 items
4 of 6 typesMissing: External Audit, Other
PolicyThird-Party AI Governance Policy (AIT.GV-03)2025-12-12185 days freshOpen →
ProcedureThird-Party AI Governance Procedure (AIT.GV-03)2025-10-13125 days freshOpen →
AttestationFY26 Third-Party AI Governance Attestation2025-08-1465 days freshOpen →
TelemetryThird-Party AI Governance Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongAIT.GV-04Third-Party AI compliance with policiesAI Third PartyChief AI Officer4 items
4 of 6 typesMissing: External Audit, Other
PolicyThird-Party AI Governance Policy (AIT.GV-04)2026-04-11305 days freshOpen →
ProcedureThird-Party AI Governance Procedure (AIT.GV-04)2026-03-12275 days freshOpen →
AttestationFY26 Third-Party AI Governance Attestation2026-02-10245 days freshOpen →
TelemetryThird-Party AI Governance Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongAIT.VR-01Third-party AI vendors are evaluated against the Vendor…AI Third PartyVendor Risk Manager4 items
4 of 6 typesMissing: External Audit, Other
PolicyAI Vendor Review Policy (AIT.VR-01)2025-12-12185 days freshOpen →
ProcedureAI Vendor Review Procedure (AIT.VR-01)2025-10-13125 days freshOpen →
AttestationFY26 AI Vendor Review Attestation2025-08-1465 days freshOpen →
TelemetryAI Vendor Review Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongAIT.VR-02Information security requirements are included in…AI Third PartyVendor Risk Manager4 items
4 of 6 typesMissing: External Audit, Other
PolicyAI Vendor Review Policy (AIT.VR-02)2026-04-11305 days freshOpen →
ProcedureAI Vendor Review Procedure (AIT.VR-02)2026-03-12275 days freshOpen →
AttestationFY26 AI Vendor Review Attestation2026-02-10245 days freshOpen →
TelemetryAI Vendor Review Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongAIT.VR-03Vendor sub-processors and AI supply chain are identified…AI Third PartyVendor Risk Manager4 items
4 of 6 typesMissing: External Audit, Other
PolicyAI Vendor Review Policy (AIT.VR-03)2025-12-12185 days freshOpen →
ProcedureAI Vendor Review Procedure (AIT.VR-03)2025-10-13125 days freshOpen →
AttestationFY26 AI Vendor Review Attestation2025-08-1465 days freshOpen →
TelemetryAI Vendor Review Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongAIT.VR-04Vendor security and ethical posture is reassessed at…AI Third PartyVendor Risk Manager4 items
4 of 6 typesMissing: External Audit, Other
PolicyAI Vendor Review Policy (AIT.VR-04)2026-04-11305 days freshOpen →
ProcedureAI Vendor Review Procedure (AIT.VR-04)2026-03-12275 days freshOpen →
AttestationFY26 AI Vendor Review Attestation2026-02-10245 days freshOpen →
TelemetryAI Vendor Review Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongAIT.AM-01Third-party AI tools and services are inventoriedAI Third PartyVendor Risk Manager4 items
4 of 6 typesMissing: External Audit, Other
PolicyAI Vendor Inventory Policy (AIT.AM-01)2025-12-12185 days freshOpen →
ProcedureAI Vendor Inventory Procedure (AIT.AM-01)2025-10-13125 days freshOpen →
AttestationFY26 AI Vendor Inventory Attestation2025-08-1465 days freshOpen →
TelemetryAI Vendor Inventory Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongAIT.AM-02Third-party AI assets are classified and tagged with AI…AI Third PartyVendor Risk Manager4 items
4 of 6 typesMissing: External Audit, Other
PolicyAI Vendor Inventory Policy (AIT.AM-02)2026-04-11305 days freshOpen →
ProcedureAI Vendor Inventory Procedure (AIT.AM-02)2026-03-12275 days freshOpen →
AttestationFY26 AI Vendor Inventory Attestation2026-02-10245 days freshOpen →
TelemetryAI Vendor Inventory Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongAIT.AM-03Shadow AI — unauthorised third-party AI use — is detected…AI Third PartyVendor Risk Manager4 items
4 of 6 typesMissing: External Audit, Other
PolicyAI Vendor Inventory Policy (AIT.AM-03)2025-12-12185 days freshOpen →
ProcedureAI Vendor Inventory Procedure (AIT.AM-03)2025-10-13125 days freshOpen →
AttestationFY26 AI Vendor Inventory Attestation2025-08-1465 days freshOpen →
TelemetryAI Vendor Inventory Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongAIT.AM-04Embedded AI capabilities within existing SaaS suppliers are…AI Third PartyVendor Risk Manager4 items
4 of 6 typesMissing: External Audit, Other
PolicyAI Vendor Inventory Policy (AIT.AM-04)2026-04-11305 days freshOpen →
ProcedureAI Vendor Inventory Procedure (AIT.AM-04)2026-03-12275 days freshOpen →
AttestationFY26 AI Vendor Inventory Attestation2026-02-10245 days freshOpen →
TelemetryAI Vendor Inventory Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongAIT.AG-01Agentic AI tool authorisation scope is documented and…AI Third PartyAI Risk Lead4 items
4 of 6 typesMissing: External Audit, Other
PolicyThird-Party AI Agents Policy (AIT.AG-01)2025-12-12185 days freshOpen →
ProcedureThird-Party AI Agents Procedure (AIT.AG-01)2025-10-13125 days freshOpen →
AttestationFY26 Third-Party AI Agents Attestation2025-08-1465 days freshOpen →
TelemetryThird-Party AI Agents Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongAIT.AG-02Human-in-the-loop authorisation is applied to sensitive…AI Third PartyAI Risk Lead4 items
4 of 6 typesMissing: External Audit, Other
PolicyThird-Party AI Agents Policy (AIT.AG-02)2026-04-11305 days freshOpen →
ProcedureThird-Party AI Agents Procedure (AIT.AG-02)2026-03-12275 days freshOpen →
AttestationFY26 Third-Party AI Agents Attestation2026-02-10245 days freshOpen →
TelemetryThird-Party AI Agents Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongAIT.AG-03Agentic AI activity is logged at action granularityAI Third PartyAI Risk Lead4 items
4 of 6 typesMissing: External Audit, Other
PolicyThird-Party AI Agents Policy (AIT.AG-03)2025-12-12185 days freshOpen →
ProcedureThird-Party AI Agents Procedure (AIT.AG-03)2025-10-13125 days freshOpen →
AttestationFY26 Third-Party AI Agents Attestation2025-08-1465 days freshOpen →
TelemetryThird-Party AI Agents Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongAIT.AG-04Agentic AI prompt injectionAI Third PartyAI Risk Lead4 items
4 of 6 typesMissing: External Audit, Other
PolicyThird-Party AI Agents Policy (AIT.AG-04)2026-04-11305 days freshOpen →
ProcedureThird-Party AI Agents Procedure (AIT.AG-04)2026-03-12275 days freshOpen →
AttestationFY26 Third-Party AI Agents Attestation2026-02-10245 days freshOpen →
TelemetryThird-Party AI Agents Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongAIT.AG-05Agentic AI vendor selection follows elevated criteriaAI Third PartyAI Risk Lead4 items
4 of 6 typesMissing: External Audit, Other
PolicyThird-Party AI Agents Policy (AIT.AG-05)2025-12-12185 days freshOpen →
ProcedureThird-Party AI Agents Procedure (AIT.AG-05)2025-10-13125 days freshOpen →
AttestationFY26 Third-Party AI Agents Attestation2025-08-1465 days freshOpen →
TelemetryThird-Party AI Agents Monitoring Dashboard2026-06-0828 days to staleOpen →
WeakAIT.AG-06Emergency suspension and revocation capability for…AI Third PartyAI Risk Lead2 items
1 of 6 typesMissing: Policy, Attestation, Telemetry, External Audit, Other
Procedure(Placeholder) Emergency Suspension Procedure for Third-Party AI Agents — AIT.AG-062026-06-14369 days fresh
Placeholder — replace with the runbook / SOP for suspending and revoking third-party AI agents in an incident.
Procedure(Placeholder) Emergency Suspension Procedure for Third-Party AI Agents — AIT.AG-062026-06-14369 days fresh
Placeholder — replace with the runbook for suspending third-party AI agents.
StrongAIT.US-01Approved third-party AI toolsAI Third PartyChief AI Officer4 items
4 of 6 typesMissing: External Audit, Other
PolicyAI Acceptable Use Policy (AIT.US-01)2026-04-11305 days freshOpen →
ProcedureAI Acceptable Use Procedure (AIT.US-01)2026-03-12275 days freshOpen →
AttestationFY26 AI Acceptable Use Attestation2026-02-10245 days freshOpen →
TelemetryAI Acceptable Use Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongAIT.US-02Data exposure to third-party AI tools is governed per AI…AI Third PartyChief AI Officer4 items
4 of 6 typesMissing: External Audit, Other
PolicyAI Acceptable Use Policy (AIT.US-02)2025-12-12185 days freshOpen →
ProcedureAI Acceptable Use Procedure (AIT.US-02)2025-10-13125 days freshOpen →
AttestationFY26 AI Acceptable Use Attestation2025-08-1465 days freshOpen →
TelemetryAI Acceptable Use Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongAIT.US-03AI tool output handling and verification requirements are…AI Third PartyChief AI Officer4 items
4 of 6 typesMissing: External Audit, Other
PolicyAI Acceptable Use Policy (AIT.US-03)2026-04-11305 days freshOpen →
ProcedureAI Acceptable Use Procedure (AIT.US-03)2026-03-12275 days freshOpen →
AttestationFY26 AI Acceptable Use Attestation2026-02-10245 days freshOpen →
TelemetryAI Acceptable Use Monitoring Dashboard2026-05-2615 days to staleOpen →
AdequateAIT.US-04Personal and company account separation is enforced for…AI Third PartyChief AI Officer2 items
2 of 6 typesMissing: Attestation, Telemetry, External Audit, Other
PolicyAI Acceptable Use Policy (AIT.US-04)2025-12-12185 days freshOpen →
ProcedureAI Acceptable Use Procedure (AIT.US-04)2025-10-13125 days freshOpen →
AdequateAIT.MO-01Third-party AI usage telemetry is collected and analysedAI Third PartyAI Risk Lead2 items
2 of 6 typesMissing: Attestation, Telemetry, External Audit, Other
PolicyAI Vendor Monitoring Policy (AIT.MO-01)2025-08-1465 days freshOpen →
ProcedureAI Vendor Monitoring Procedure (AIT.MO-01)2026-04-11305 days freshOpen →
AdequateAIT.MO-02Third-party AI provider security postureAI Third PartyAI Risk Lead2 items
2 of 6 typesMissing: Attestation, Telemetry, External Audit, Other
PolicyAI Vendor Monitoring Policy (AIT.MO-02)2026-03-12275 days freshOpen →
ProcedureAI Vendor Monitoring Procedure (AIT.MO-02)2026-02-10245 days freshOpen →
AdequateAIT.MO-03Vendor business, ethical, and regulatory changes are…AI Third PartyAI Risk Lead2 items
2 of 6 typesMissing: Attestation, Telemetry, External Audit, Other
PolicyAI Vendor Monitoring Policy (AIT.MO-03)2025-12-12185 days freshOpen →
ProcedureAI Vendor Monitoring Procedure (AIT.MO-03)2025-10-13125 days freshOpen →
AdequateAIT.MO-04Anomalous usage patterns and abuse indicators are detectedAI Third PartyAI Risk Lead2 items
2 of 6 typesMissing: Attestation, Telemetry, External Audit, Other
PolicyAI Vendor Monitoring Policy (AIT.MO-04)2025-08-1465 days freshOpen →
ProcedureAI Vendor Monitoring Procedure (AIT.MO-04)2026-04-11305 days freshOpen →
AdequateAIT.IR-01Third-party AI-specific incident response playbooks are…AI Third PartyAI Risk Lead2 items
2 of 6 typesMissing: Attestation, Telemetry, External Audit, Other
PolicyAI Vendor Incident Response Policy (AIT.IR-01)2026-03-12275 days freshOpen →
ProcedureAI Vendor Incident Response Procedure (AIT.IR-01)2026-02-10245 days freshOpen →
AdequateAIT.IR-02Third-party AI incidents are escalated and managed per the…AI Third PartyAI Risk Lead2 items
2 of 6 typesMissing: Attestation, Telemetry, External Audit, Other
PolicyAI Vendor Incident Response Policy (AIT.IR-02)2025-12-12185 days freshOpen →
ProcedureAI Vendor Incident Response Procedure (AIT.IR-02)2025-10-13125 days freshOpen →
WeakAIT.IR-03Vendor-initiated breach and security notifications are…AI Third PartyAI Risk Lead1 item
1 of 6 typesMissing: Procedure, Attestation, Telemetry, External Audit, OtherStale: Policy
PolicyAI Vendor Incident Response Policy (AIT.IR-03)2025-03-17 stale85 days overdueOpen →
Stale — needs refresh
WeakAIT.RT-01Third-party AI tool retirement is performed when approval…AI Third PartyAI Risk Lead1 item
1 of 6 typesMissing: Procedure, Attestation, Telemetry, External Audit, OtherStale: Policy
PolicyAI Vendor Risk Treatment Policy (AIT.RT-01)2025-03-17 stale85 days overdueOpen →
Stale — needs refresh
WeakAIT.RT-02Data return, deletion, and account closure are verified at…AI Third PartyAI Risk Lead1 item
1 of 6 typesMissing: Procedure, Attestation, Telemetry, External Audit, OtherStale: Policy
PolicyAI Vendor Risk Treatment Policy (AIT.RT-02)2025-03-17 stale85 days overdueOpen →
Stale — needs refresh
WeakAIT.RT-03Retirement outcomes inform Vendor Responsibility Framework…AI Third PartyAI Risk Lead1 item
1 of 6 typesMissing: Procedure, Attestation, Telemetry, External Audit, OtherStale: Policy
PolicyAI Vendor Risk Treatment Policy (AIT.RT-03)2025-03-17 stale85 days overdueOpen →
Stale — needs refresh
StrongAII.GV-01AI security policies are documentedAI Internally DevelopedChief AI Officer4 items
4 of 6 typesMissing: External Audit, Other
PolicyInternal AI Governance Policy (AII.GV-01)2025-08-1465 days freshOpen →
ProcedureInternal AI Governance Procedure (AII.GV-01)2026-04-11305 days freshOpen →
AttestationFY26 Internal AI Governance Attestation2026-03-12275 days freshOpen →
TelemetryInternal AI Governance Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongAII.GV-02AI security procedures are documentedAI Internally DevelopedChief AI Officer4 items
4 of 6 typesMissing: External Audit, Other
PolicyInternal AI Governance Policy (AII.GV-02)2026-02-10245 days freshOpen →
ProcedureInternal AI Governance Procedure (AII.GV-02)2025-12-12185 days freshOpen →
AttestationFY26 Internal AI Governance Attestation2025-10-13125 days freshOpen →
TelemetryInternal AI Governance Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongAII.GV-03Secure AI Development Lifecycle (AI SDLC) standards are…AI Internally DevelopedChief AI Officer4 items
4 of 6 typesMissing: External Audit, Other
PolicyInternal AI Governance Policy (AII.GV-03)2025-08-1465 days freshOpen →
ProcedureInternal AI Governance Procedure (AII.GV-03)2026-04-11305 days freshOpen →
AttestationFY26 Internal AI Governance Attestation2026-03-12275 days freshOpen →
TelemetryInternal AI Governance Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongAII.GV-04AI security compliance with policiesAI Internally DevelopedChief AI Officer4 items
4 of 6 typesMissing: External Audit, Other
PolicyInternal AI Governance Policy (AII.GV-04)2026-02-10245 days freshOpen →
ProcedureInternal AI Governance Procedure (AII.GV-04)2025-12-12185 days freshOpen →
AttestationFY26 Internal AI Governance Attestation2025-10-13125 days freshOpen →
TelemetryInternal AI Governance Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongAII.AM-01In-house AI systems are inventoried and classifiedAI Internally DevelopedChief AI Officer4 items
4 of 6 typesMissing: External Audit, Other
PolicyInternal AI Asset Mgmt Policy (AII.AM-01)2025-08-1465 days freshOpen →
ProcedureInternal AI Asset Mgmt Procedure (AII.AM-01)2026-04-11305 days freshOpen →
AttestationFY26 Internal AI Asset Mgmt Attestation2026-03-12275 days freshOpen →
TelemetryInternal AI Asset Mgmt Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongAII.AM-02AI models and model artifacts are inventoriedAI Internally DevelopedChief AI Officer4 items
4 of 6 typesMissing: External Audit, Other
PolicyInternal AI Asset Mgmt Policy (AII.AM-02)2026-02-10245 days freshOpen →
ProcedureInternal AI Asset Mgmt Procedure (AII.AM-02)2025-12-12185 days freshOpen →
AttestationFY26 Internal AI Asset Mgmt Attestation2025-10-13125 days freshOpen →
TelemetryInternal AI Asset Mgmt Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongAII.AM-03Training datasets and AI data assets are inventoriedAI Internally DevelopedChief AI Officer4 items
4 of 6 typesMissing: External Audit, Other
PolicyInternal AI Asset Mgmt Policy (AII.AM-03)2025-08-1465 days freshOpen →
ProcedureInternal AI Asset Mgmt Procedure (AII.AM-03)2026-04-11305 days freshOpen →
AttestationFY26 Internal AI Asset Mgmt Attestation2026-03-12275 days freshOpen →
TelemetryInternal AI Asset Mgmt Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongAII.AM-04System prompts and AI instructions are inventoriedAI Internally DevelopedChief AI Officer4 items
4 of 6 typesMissing: External Audit, Other
PolicyInternal AI Asset Mgmt Policy (AII.AM-04)2026-02-10245 days freshOpen →
ProcedureInternal AI Asset Mgmt Procedure (AII.AM-04)2025-12-12185 days freshOpen →
AttestationFY26 Internal AI Asset Mgmt Attestation2025-10-13125 days freshOpen →
TelemetryInternal AI Asset Mgmt Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongAII.AM-05AI data flows and integrations are documentedAI Internally DevelopedChief AI Officer4 items
4 of 6 typesMissing: External Audit, Other
PolicyInternal AI Asset Mgmt Policy (AII.AM-05)2025-08-1465 days freshOpen →
ProcedureInternal AI Asset Mgmt Procedure (AII.AM-05)2026-04-11305 days freshOpen →
AttestationFY26 Internal AI Asset Mgmt Attestation2026-03-12275 days freshOpen →
TelemetryInternal AI Asset Mgmt Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongAII.DS-01AI security requirements are defined based on AI risk and…AI Internally DevelopedDPO4 items
4 of 6 typesMissing: External Audit, Other
PolicyAI Data Security Policy (AII.DS-01)2026-02-10245 days freshOpen →
ProcedureAI Data Security Procedure (AII.DS-01)2025-12-12185 days freshOpen →
AttestationFY26 AI Data Security Attestation2025-10-13125 days freshOpen →
TelemetryAI Data Security Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongAII.DS-02AI threat modeling is performed iteratively for AI systems…AI Internally DevelopedDPO4 items
4 of 6 typesMissing: External Audit, Other
PolicyAI Data Security Policy (AII.DS-02)2025-08-1465 days freshOpen →
ProcedureAI Data Security Procedure (AII.DS-02)2026-04-11305 days freshOpen →
AttestationFY26 AI Data Security Attestation2026-03-12275 days freshOpen →
TelemetryAI Data Security Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongAII.DS-03Security architecture reviews are performed for new AI…AI Internally DevelopedDPO4 items
4 of 6 typesMissing: External Audit, Other
PolicyAI Data Security Policy (AII.DS-03)2026-02-10245 days freshOpen →
ProcedureAI Data Security Procedure (AII.DS-03)2025-12-12185 days freshOpen →
AttestationFY26 AI Data Security Attestation2025-10-13125 days freshOpen →
TelemetryAI Data Security Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongAII.DS-04Privacy by Design and Data Protection Impact Assessments…AI Internally DevelopedDPO4 items
4 of 6 typesMissing: External Audit, Other
PolicyAI Data Security Policy (AII.DS-04)2025-08-1465 days freshOpen →
ProcedureAI Data Security Procedure (AII.DS-04)2026-04-11305 days freshOpen →
AttestationFY26 AI Data Security Attestation2026-03-12275 days freshOpen →
TelemetryAI Data Security Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongAII.DS-05Secure AI design patterns and reusable security components…AI Internally DevelopedDPO4 items
4 of 6 typesMissing: External Audit, Other
PolicyAI Data Security Policy (AII.DS-05)2026-02-10245 days freshOpen →
ProcedureAI Data Security Procedure (AII.DS-05)2025-12-12185 days freshOpen →
AttestationFY26 AI Data Security Attestation2025-10-13125 days freshOpen →
TelemetryAI Data Security Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongAII.SD-01Training data security and integrity controls are appliedAI Internally DevelopedAppSec Lead4 items
4 of 6 typesMissing: External Audit, Other
PolicyAI Secure Development Policy (AII.SD-01)2025-08-1465 days freshOpen →
ProcedureAI Secure Development Procedure (AII.SD-01)2026-04-11305 days freshOpen →
AttestationFY26 AI Secure Development Attestation2026-03-12275 days freshOpen →
TelemetryAI Secure Development Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongAII.SD-02Model training and fine-tuning security controls are…AI Internally DevelopedAppSec Lead4 items
4 of 6 typesMissing: External Audit, Other
PolicyAI Secure Development Policy (AII.SD-02)2026-02-10245 days freshOpen →
ProcedureAI Secure Development Procedure (AII.SD-02)2025-12-12185 days freshOpen →
AttestationFY26 AI Secure Development Attestation2025-10-13125 days freshOpen →
TelemetryAI Secure Development Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongAII.SD-03System prompts and AI instructions are developed and…AI Internally DevelopedAppSec Lead4 items
4 of 6 typesMissing: External Audit, Other
PolicyAI Secure Development Policy (AII.SD-03)2025-08-1465 days freshOpen →
ProcedureAI Secure Development Procedure (AII.SD-03)2026-04-11305 days freshOpen →
AttestationFY26 AI Secure Development Attestation2026-03-12275 days freshOpen →
TelemetryAI Secure Development Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongAII.SD-04Inference input validation and output handling are appliedAI Internally DevelopedAppSec Lead4 items
4 of 6 typesMissing: External Audit, Other
PolicyAI Secure Development Policy (AII.SD-04)2026-02-10245 days freshOpen →
ProcedureAI Secure Development Procedure (AII.SD-04)2025-12-12185 days freshOpen →
AttestationFY26 AI Secure Development Attestation2025-10-13125 days freshOpen →
TelemetryAI Secure Development Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongAII.SD-05Model artifact integrity and safe loading controls are…AI Internally DevelopedAppSec Lead4 items
4 of 6 typesMissing: External Audit, Other
PolicyAI Secure Development Policy (AII.SD-05)2025-08-1465 days freshOpen →
ProcedureAI Secure Development Procedure (AII.SD-05)2026-04-11305 days freshOpen →
AttestationFY26 AI Secure Development Attestation2026-03-12275 days freshOpen →
TelemetryAI Secure Development Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongAII.SD-06ML pipeline security controls are appliedAI Internally DevelopedAppSec Lead4 items
4 of 6 typesMissing: External Audit, Other
PolicyAI Secure Development Policy (AII.SD-06)2026-02-10245 days freshOpen →
ProcedureAI Secure Development Procedure (AII.SD-06)2025-12-12185 days freshOpen →
AttestationFY26 AI Secure Development Attestation2025-10-13125 days freshOpen →
TelemetryAI Secure Development Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongAII.SD-07Adversarial robustness defences are implemented where…AI Internally DevelopedAppSec Lead4 items
4 of 6 typesMissing: External Audit, Other
PolicyAI Secure Development Policy (AII.SD-07)2025-08-1465 days freshOpen →
ProcedureAI Secure Development Procedure (AII.SD-07)2026-04-11305 days freshOpen →
AttestationFY26 AI Secure Development Attestation2026-03-12275 days freshOpen →
TelemetryAI Secure Development Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongAII.SD-08AI-specific secrets and credentials are managedAI Internally DevelopedAppSec Lead4 items
4 of 6 typesMissing: External Audit, Other
PolicyAI Secure Development Policy (AII.SD-08)2026-02-10245 days freshOpen →
ProcedureAI Secure Development Procedure (AII.SD-08)2025-12-12185 days freshOpen →
AttestationFY26 AI Secure Development Attestation2025-10-13125 days freshOpen →
TelemetryAI Secure Development Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongAII.SD-09Secure AI coding standards and code review are appliedAI Internally DevelopedAppSec Lead4 items
4 of 6 typesMissing: External Audit, Other
PolicyAI Secure Development Policy (AII.SD-09)2025-08-1465 days freshOpen →
ProcedureAI Secure Development Procedure (AII.SD-09)2026-04-11305 days freshOpen →
AttestationFY26 AI Secure Development Attestation2026-03-12275 days freshOpen →
TelemetryAI Secure Development Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongAII.SC-01AI components, models, and dependencies are inventoried and…AI Internally DevelopedVendor Risk Manager4 items
4 of 6 typesMissing: External Audit, Other
PolicyAI Component Supply Chain Policy (AII.SC-01)2026-02-10245 days freshOpen →
ProcedureAI Component Supply Chain Procedure (AII.SC-01)2025-12-12185 days freshOpen →
AttestationFY26 AI Component Supply Chain Attestation2025-10-13125 days freshOpen →
TelemetryAI Component Supply Chain Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongAII.SC-02Base model and pre-trained model selection follows defined…AI Internally DevelopedVendor Risk Manager4 items
4 of 6 typesMissing: External Audit, Other
PolicyAI Component Supply Chain Policy (AII.SC-02)2025-08-1465 days freshOpen →
ProcedureAI Component Supply Chain Procedure (AII.SC-02)2026-04-11305 days freshOpen →
AttestationFY26 AI Component Supply Chain Attestation2026-03-12275 days freshOpen →
TelemetryAI Component Supply Chain Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongAII.SC-03Training dataset provenance and licensing are verified…AI Internally DevelopedVendor Risk Manager4 items
4 of 6 typesMissing: External Audit, Other
PolicyAI Component Supply Chain Policy (AII.SC-03)2026-02-10245 days freshOpen →
ProcedureAI Component Supply Chain Procedure (AII.SC-03)2025-12-12185 days freshOpen →
AttestationFY26 AI Component Supply Chain Attestation2025-10-13125 days freshOpen →
TelemetryAI Component Supply Chain Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongAII.SC-04AI build pipeline and ML infrastructure integrity are…AI Internally DevelopedVendor Risk Manager4 items
4 of 6 typesMissing: External Audit, Other
PolicyAI Component Supply Chain Policy (AII.SC-04)2025-08-1465 days freshOpen →
ProcedureAI Component Supply Chain Procedure (AII.SC-04)2026-04-11305 days freshOpen →
AttestationFY26 AI Component Supply Chain Attestation2026-03-12275 days freshOpen →
TelemetryAI Component Supply Chain Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongAII.VM-01AI code and component testing is performedAI Internally DevelopedAppSec Lead4 items
4 of 6 typesMissing: External Audit, Other
PolicyAI Vuln Tracking Policy (AII.VM-01)2026-02-10245 days freshOpen →
ProcedureAI Vuln Tracking Procedure (AII.VM-01)2025-12-12185 days freshOpen →
AttestationFY26 AI Vuln Tracking Attestation2025-10-13125 days freshOpen →
TelemetryAI Vuln Tracking Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongAII.VM-02AI runtime testing is performedAI Internally DevelopedAppSec Lead4 items
4 of 6 typesMissing: External Audit, Other
PolicyAI Vuln Tracking Policy (AII.VM-02)2025-08-1465 days freshOpen →
ProcedureAI Vuln Tracking Procedure (AII.VM-02)2026-04-11305 days freshOpen →
AttestationFY26 AI Vuln Tracking Attestation2026-03-12275 days freshOpen →
TelemetryAI Vuln Tracking Monitoring Dashboard2026-06-0828 days to staleOpen →
StrongAII.VM-03AI red teaming is performed for in-scope AI systemsAI Internally DevelopedAppSec Lead4 items
4 of 6 typesMissing: External Audit, Other
PolicyAI Vuln Tracking Policy (AII.VM-03)2026-02-10245 days freshOpen →
ProcedureAI Vuln Tracking Procedure (AII.VM-03)2025-12-12185 days freshOpen →
AttestationFY26 AI Vuln Tracking Attestation2025-10-13125 days freshOpen →
TelemetryAI Vuln Tracking Monitoring Dashboard2026-05-2615 days to staleOpen →
StrongAII.VM-04AI vulnerabilities are trackedAI Internally DevelopedAppSec Lead4 items
4 of 6 typesMissing: External Audit, Other
PolicyAI Vuln Tracking Policy (AII.VM-04)2025-08-1465 days freshOpen →
ProcedureAI Vuln Tracking Procedure (AII.VM-04)2026-04-11305 days freshOpen →
AttestationFY26 AI Vuln Tracking Attestation2026-03-12275 days freshOpen →
TelemetryAI Vuln Tracking Monitoring Dashboard2026-06-0828 days to staleOpen →
AdequateAII.VM-05AI bug bounty or coordinated vulnerability disclosure is…AI Internally DevelopedAppSec Lead2 items
2 of 6 typesMissing: Attestation, Telemetry, External Audit, Other
PolicyAI Vuln Tracking Policy (AII.VM-05)2026-02-10245 days freshOpen →
ProcedureAI Vuln Tracking Procedure (AII.VM-05)2025-12-12185 days freshOpen →
WeakAII.VM-06A versioned security evaluation suite gates promotion of AI…AI Internally DevelopedAppSec Lead2 items
1 of 6 typesMissing: Policy, Attestation, Telemetry, External Audit, Other
Procedure(Placeholder) AI Security Evaluation Suite & Promotion Gate — AII.VM-062026-06-14369 days fresh
Placeholder — replace with the versioned evaluation suite + change-control gate definition for AI system promotions.
Procedure(Placeholder) AI Security Evaluation Suite & Promotion Gate — AII.VM-062026-06-14369 days fresh
Placeholder — replace with the versioned eval suite + change-control gate.
AdequateAII.OP-01AI release and deployment processes apply secure release…AI Internally DevelopedChief AI Officer2 items
2 of 6 typesMissing: Attestation, Telemetry, External Audit, Other
PolicyAI Operations Policy (AII.OP-01)2025-10-13125 days freshOpen →
ProcedureAI Operations Procedure (AII.OP-01)2025-08-1465 days freshOpen →
AdequateAII.OP-02Runtime AI protection is appliedAI Internally DevelopedChief AI Officer2 items
2 of 6 typesMissing: Attestation, Telemetry, External Audit, Other
PolicyAI Operations Policy (AII.OP-02)2026-04-11305 days freshOpen →
ProcedureAI Operations Procedure (AII.OP-02)2026-03-12275 days freshOpen →
AdequateAII.OP-03AI systems are monitoredAI Internally DevelopedChief AI Officer2 items
2 of 6 typesMissing: Attestation, Telemetry, External Audit, Other
PolicyAI Operations Policy (AII.OP-03)2026-02-10245 days freshOpen →
ProcedureAI Operations Procedure (AII.OP-03)2025-12-12185 days freshOpen →
AdequateAII.OP-04AI incident response procedures are documented and…AI Internally DevelopedChief AI Officer2 items
2 of 6 typesMissing: Attestation, Telemetry, External Audit, Other
PolicyAI Operations Policy (AII.OP-04)2025-10-13125 days freshOpen →
ProcedureAI Operations Procedure (AII.OP-04)2025-08-1465 days freshOpen →
AdequateAII.OP-05AI system BCP / DR procedures are documented and maintainedAI Internally DevelopedChief AI Officer2 items
2 of 6 typesMissing: Attestation, Telemetry, External Audit, Other
PolicyAI Operations Policy (AII.OP-05)2026-04-11305 days freshOpen →
ProcedureAI Operations Procedure (AII.OP-05)2026-03-12275 days freshOpen →
AdequateAII.OP-06AI system decommissioning and end-of-life procedures…AI Internally DevelopedChief AI Officer2 items
2 of 6 typesMissing: Attestation, Telemetry, External Audit, Other
PolicyAI Operations Policy (AII.OP-06)2026-02-10245 days freshOpen →
ProcedureAI Operations Procedure (AII.OP-06)2025-12-12185 days freshOpen →
WeakAII.OP-07AI-generated content transparency and provenance…AI Internally DevelopedChief AI Officer2 items
1 of 6 typesMissing: Procedure, Attestation, Telemetry, External Audit, Other
Policy(Placeholder) AI Content Transparency & Provenance Policy — AII.OP-072026-06-14369 days fresh
Placeholder — replace with the policy specifying transparency labelling and provenance metadata for AI-generated content.
Policy(Placeholder) AI Content Transparency & Provenance Policy — AII.OP-072026-06-14369 days fresh
Placeholder — replace with the policy on transparency labelling for AI content.
AdequateAII.AG-01Agent authorisation scope is documented and enforcedAI Internally DevelopedAI Risk Lead2 items
2 of 6 typesMissing: Attestation, Telemetry, External Audit, Other
PolicyInternal AI Agents Policy (AII.AG-01)2025-10-13125 days freshOpen →
ProcedureInternal AI Agents Procedure (AII.AG-01)2025-08-1465 days freshOpen →
AdequateAII.AG-02Human-in-the-loop authorisation is applied to sensitive…AI Internally DevelopedAI Risk Lead2 items
2 of 6 typesMissing: Attestation, Telemetry, External Audit, Other
PolicyInternal AI Agents Policy (AII.AG-02)2026-04-11305 days freshOpen →
ProcedureInternal AI Agents Procedure (AII.AG-02)2026-03-12275 days freshOpen →
AdequateAII.AG-03Agent activity is logged at action granularityAI Internally DevelopedAI Risk Lead2 items
2 of 6 typesMissing: Attestation, Telemetry, External Audit, Other
PolicyInternal AI Agents Policy (AII.AG-03)2026-02-10245 days freshOpen →
ProcedureInternal AI Agents Procedure (AII.AG-03)2025-12-12185 days freshOpen →
WeakAII.AG-04Agent defences against prompt injectionAI Internally DevelopedAI Risk Lead1 item
1 of 6 typesMissing: Procedure, Attestation, Telemetry, External Audit, OtherStale: Policy
PolicyInternal AI Agents Policy (AII.AG-04)2025-03-17 stale85 days overdueOpen →
Stale — needs refresh
WeakAII.AG-05Agent frameworks, orchestration, and MCP implementations…AI Internally DevelopedAI Risk Lead1 item
1 of 6 typesMissing: Procedure, Attestation, Telemetry, External Audit, OtherStale: Policy
PolicyInternal AI Agents Policy (AII.AG-05)2025-03-17 stale85 days overdueOpen →
Stale — needs refresh
WeakAII.AG-06Emergency suspension and revocation capability for in-house…AI Internally DevelopedAI Risk Lead2 items
1 of 6 typesMissing: Policy, Attestation, Telemetry, External Audit, Other
Procedure(Placeholder) Emergency Suspension Procedure for In-House AI Agents — AII.AG-062026-06-14369 days fresh
Placeholder — replace with the runbook / SOP for suspending and revoking in-house AI agents in an incident.
Procedure(Placeholder) Emergency Suspension Procedure for In-House AI Agents — AII.AG-062026-06-14369 days fresh
Placeholder — replace with the runbook for suspending in-house AI agents.
WeakAII.TA-01AI security training is provided to AI developmentAI Internally DevelopedChief AI Officer1 item
1 of 6 typesMissing: Procedure, Attestation, Telemetry, External Audit, OtherStale: Policy
PolicyAI Awareness Training Policy (AII.TA-01)2025-03-17 stale85 days overdueOpen →
Stale — needs refresh
WeakAII.TA-02An AI Security Champion programme is operated to designateAI Internally DevelopedChief AI Officer1 item
1 of 6 typesMissing: Procedure, Attestation, Telemetry, External Audit, OtherStale: Policy
PolicyAI Awareness Training Policy (AII.TA-02)2025-03-17 stale85 days overdueOpen →
Stale — needs refresh
WeakAII.US-01Approved in-house AI tools and use cases are defined and…AI Internally DevelopedChief AI Officer1 item
1 of 6 typesMissing: Procedure, Attestation, Telemetry, External Audit, OtherStale: Policy
PolicyInternal AI Use Policy (AII.US-01)2025-03-17 stale85 days overdueOpen →
Stale — needs refresh
WeakAII.US-02Data exposure to in-house AI tools is governed per AI…AI Internally DevelopedChief AI Officer1 item
1 of 6 typesMissing: Procedure, Attestation, Telemetry, External Audit, OtherStale: Policy
PolicyInternal AI Use Policy (AII.US-02)2025-03-17 stale85 days overdueOpen →
Stale — needs refresh
WeakAII.US-03AI tool output handling and verification requirements are…AI Internally DevelopedChief AI Officer1 item
1 of 6 typesMissing: Procedure, Attestation, Telemetry, External Audit, OtherStale: Policy
PolicyInternal AI Use Policy (AII.US-03)2025-03-17 stale85 days overdueOpen →
Stale — needs refresh
WeakAII.US-04Authentication and account hygiene for in-house AI tools is…AI Internally DevelopedChief AI Officer1 item
1 of 6 typesMissing: Procedure, Attestation, Telemetry, External Audit, OtherStale: Policy
PolicyInternal AI Use Policy (AII.US-04)2025-03-17 stale85 days overdueOpen →
Stale — needs refresh

Priorities

Forward-looking resourcing lens. Two views answer the same question from different angles: where should the next pound or FTE-day go?

Priority Matrix 115

Controls with Gap > 0 plotted by Gap (Y) × Business Impact (X). The top-right cell is the "Act Now" zone — the highest-leverage resourcing decisions.

Low Impact (1-2)
Medium Impact (3)
High Impact (4-5)
High Gap (4+)
0
1
4
ACT NOW
Medium Gap (2-3)
0
8
13
Low Gap (1)
0
26
63

Act Now — Top 4 Controls

Quick Wins 41

Controls where Gap = 1 and Forecast = Target. These are already on track to close before the next review — the easy wins to confirm before the steering meeting.

Total Quick Wins
41
Govern
0
Identify
3
Protect
7
Detect
3
Respond
1
Recover
4
AppSec
11
AI Third Party
3
AI Internally Developed
9

Identify 3

Protect 7

Detect 3

Respond 1

Recover 4

AppSec 11

AI Third Party 3

AI Internally Developed 9

References

All documentation used as reference material in creating the Information Security Management System and ISMS Controls, plus curated industry references for ongoing CISO and ISMS planning.

Reference Material for Control Mapping 38

All sources cited in Control Mappings across the 9 Domains. Order follows the importance hierarchy used across the Core, AppSec, and AI Mapping conventions — certification standards first, then regulations, frameworks, taxonomies, and industry control sets.

ISO/IEC 27001:2022
Information Security Management System certification standard
ISO/IEC 27002:2022
Information security controls — implementation guidance for ISO 27001 Annex A
ISO/IEC 42001:2023
AI Management System certification standard
EU AI Act (Regulation 2024/1689)
EU risk-based regulation for AI systems
EU NIS 2 Directive (2022/2555)
EU cybersecurity baseline for essential and important entities
EU GDPR (Regulation 2016/679)
EU General Data Protection Regulation
EU Cyber Resilience Act (Regulation 2024/2847)
EU security requirements for products with digital elements
NIST CSF 2.0 (2024)
NIST Cybersecurity Framework, six Functions (Govern, Identify, Protect, Detect, Respond, Recover)
NIST AI RMF (AI 100-1, 2023)
AI Risk Management Framework
NIST AI 600-1 (GenAI Profile, 2024)
Generative AI profile of the AI RMF
MITRE ATT&CK
Adversary tactics and techniques knowledge base. Anchors Detect / Respond Controls
MITRE ATLAS
Adversarial Threat Landscape for AI Systems
TISAX (ISA 6)
Trusted Information Security Assessment Exchange — automotive-sector security framework
OECD AI Principles
International principles for trustworthy AI
NIST SP 800-53 Rev. 5 (2020)
Security and privacy controls for federal information systems
NIST SP 800-161 Rev. 1 (2022)
Cybersecurity Supply Chain Risk Management
NIST SP 800-204C (2022)
Implementation of DevSecOps for microservices with service mesh
NIST SSDF (SP 800-218, 2022)
Secure Software Development Framework
NIST SP 800-218A (2024)
SSDF augmentations for AI-augmented development
NIST Privacy Framework v1.0 (2020)
Voluntary privacy risk management framework
CIS Controls v8.1.2
Center for Internet Security prioritised control set
CSA CCM v4.1.0
Cloud Security Alliance Cloud Controls Matrix
CSA AICM
Cloud Security Alliance AI Controls Matrix
CSA Agentic AI Red Teaming Guide
Red-teaming methodology for agentic AI systems
OWASP AI Exchange
Practical guidance on securing AI systems
OWASP AISVS
Artificial Intelligence Security Verification Standard
OWASP Top 10 for LLM Applications
Most critical LLM application security risks
OWASP Top 10 (Web)
Most critical web application security risks
OWASP API Security Top 10
Most critical API security risks
OWASP NHI Top 10
Non-Human Identity top risks
OWASP Mobile Top 10
Most critical mobile application security risks
OWASP ASVS
Application Security Verification Standard
OWASP MASVS
Mobile Application Security Verification Standard
OWASP Proactive Controls
Developer-focused secure coding controls
OWASP DevSecOps Guidelines
Practical DevSecOps guidance
OWASP Cheat Sheet Series
Concise, high-value security advice for developers
OWASP SAMM
Software Assurance Maturity Model
ISO 22301:2019
Business Continuity Management System (cited for AI resilience)

Additional References 12

Reference materials reviewed during ISMS Dashboard creation but not cited in any Control Mapping. Held for drafting context, terminology alignment, or general framing. Alphabetical.

AIVSS for Agentic AI (v0.8)
OWASP AI Vulnerability Scoring System applied to agentic AI core security risks
Berkeley GPAIS Foundation Model Risk Profile
Risk profile for general-purpose AI / foundation models
ENISA Multilayer Framework
European Union Agency for Cybersecurity guidance on multilayer security
ISO 9001:2015 (Quality Management System)
Quality management system requirements; QMS reference for management-system structure
ISO 22989:2022 (AI Terminology)
Information technology — AI — AI concepts and terminology
ISO 31000:2018 (Risk Management)
Risk management — guidelines
ISO/IEC 27005:2022
Information security risk management guidance for the ISMS
ISO/IEC 27035-1:2023
Information security incident management — Part 1: Principles and process
ISO/IEC 27035-2:2023
Information security incident management — Part 2: Guidelines to plan and prepare for incident response
ISO/IEC 38507:2022
Governance implications of the use of artificial intelligence by organizations
ISO/IEC TR 27563:2023
Security and privacy in artificial intelligence use cases — best practices
ISO/IEC TS 4213:2022
Information technology — AI — Assessment of machine learning classification performance

Online Resources 9

Standing-resource organisations a CISO and ISMS function should keep current with. Linked to organisation home pages; alphabetical.

CompTIA
Trade association and certification body for IT, including security
FIRST (Forum of Incident Response and Security Teams)
Global association of CSIRTs
IAPP (International Association of Privacy Professionals)
Privacy professional body and certifications
Information Security Forum (ISF)
Membership-based information security research and benchmarking
ISACA
Professional association for IT governance, risk, audit, and security
ISO (International Organization for Standardization)
Source for ISO/IEC standards used across the ISMS
(ISC)²
Information security certification body (CISSP, CCSP, others)
OWASP (Open Worldwide Application Security Project)
Application and AI security guidance and projects
SANS Institute
Security training, certifications (GIAC), and research

Additional References — News & Analysis 8

Curated industry news sources for ongoing CISO situational awareness.

Dark Reading
Daily security news with depth analysis
The Record (Recorded Future)
Threat-intelligence-driven security reporting
CyberScoop
Federal and enterprise security news
SC Media
Security news, analysis, and CISO perspective
The Hacker News
Cybersecurity news and threat reports
Krebs on Security
Investigative cybersecurity journalism by Brian Krebs
Schneier on Security
Long-running security blog by Bruce Schneier
The Cyberwire
Cyber news, podcasts, and analysis

Additional References — CISO Peer Community 4

Membership-based or invite-only peer communities for CISOs.

IANS Research
Research-driven advisory and peer community for security leaders
Evanta (Gartner)
Executive peer-led community for CISOs
Cybersecurity Collaborative
Membership-based CISO community
CISO Series network
CISO-focused peer content and discussion network

Additional References — Newsletters 5

Free newsletters covering security news, research, and operations.

SANS NewsBites
SANS Institute's free security news digest
Risky Biz News
Daily security news from the Risky Business team
TL;DR sec
Curated security news and resources for practitioners
Return on Security
Business and operational security perspectives
CISO Series
CISO-focused content network

Additional References — Analyst Research 3

Industry analyst houses publishing security and risk research.

Gartner
Industry analyst — security and risk management research
Forrester
Industry analyst — security and risk research
IDC
Industry analyst — IT and security market intelligence

Additional References — Authoritative & Regulatory 7

Government and industry bodies that publish authoritative cybersecurity guidance.

NIST
US National Institute of Standards and Technology &mdash; cybersecurity
ENISA
European Union Agency for Cybersecurity
NCSC (UK)
UK National Cyber Security Centre
CISA
US Cybersecurity & Infrastructure Security Agency
ISACA
Professional association for IT governance, risk, and audit
Cloud Security Alliance
Industry body for cloud security research
WEF Centre for Cybersecurity
World Economic Forum's cybersecurity programme

Additional References — Annual Reports 5

Recurring annual security reports worth tracking year over year.

Verizon DBIR
Verizon Data Breach Investigations Report &mdash; annual
Mandiant M-Trends
Mandiant's annual threat report
CrowdStrike Global Threat Report
Annual threat landscape report
IBM Cost of a Data Breach
Annual breach economics report
ENISA Threat Landscape
Annual EU threat landscape report

Glossary

Common acronyms and terms used throughout the Framework. Sorted alphabetically.

Board Snapshot

One-page executive view as of Q2 2026. Suitable for board packs and stakeholder updates. All figures derive from the live Control Library; numbers refresh whenever scoring is updated.

Healthy (Gap ≤ 0.49)Watch (Gap 0.50–1.25)Attention (Gap > 1.25)

Company-Wide Information Security Maturity

Target
6.22
Current
5.76
Gap
0.46
Total Controls
341
At Target
226 (66.3%)
Below Target
115 (33.7%)

Domain Status at a Glance

Top Priorities to Close Before Next Review 5

Largest current gaps that planned activity will not close — these are the candidates for additional resourcing or escalation.

Certification & Regulatory Posture

Where the framework currently stands against the seven tracked compliance standards.

  • ISO 27001: 341 Controls mapped · Avg Current 5.76 · Avg Gap 0.46 · 115 below Target
  • ISO 42001: 89 Controls mapped · Avg Current 5.45 · Avg Gap 0.80 · 40 below Target
  • EU AI Act: 90 Controls mapped · Avg Current 5.44 · Avg Gap 0.80 · 41 below Target
  • EU GDPR: 162 Controls mapped · Avg Current 5.77 · Avg Gap 0.44 · 57 below Target
  • NIS 2: 341 Controls mapped · Avg Current 5.76 · Avg Gap 0.46 · 115 below Target
  • EU CRA: 44 Controls mapped · Avg Current 5.80 · Avg Gap 0.50 · 21 below Target
  • TISAX: 335 Controls mapped · Avg Current 5.79 · Avg Gap 0.44 · 111 below Target

Risk Posture

Residual risk profile after applied Control treatment. Above-Tolerance and Treatment-at-Risk are the escalation candidates.

Total Risks
25
Low
6
Medium
19
High
0
Very High
0
  • Above Tolerance: 0 residual risks rated High or Very High
  • Treatment at Risk: 20 risks whose treating Controls are currently below Target maturity

Top 3 Residual Risks

ISR11Misuse of LLM by employees; vendor model security failures; adversarial inputs (prompt injection)Medium (9)
ISR01External attacker via social engineeringMedium (8)
ISR02Cybercriminal organisation; ransomware operatorMedium (8)

Risk Treatment Progress

Top residual risks with the remediation Actions targeting them. Source of the read-out: Actions tab.

ISR11Misuse of LLM by employees; vendor model security failures; adversarial inputs (prompt injection)Medium (9)No linked Actions
ISR01External attacker via social engineeringMedium (8)0 closed1 in progress0 open0 blocked0%
ISR02Cybercriminal organisation; ransomware operatorMedium (8)0 closed1 in progress0 open0 blocked0%
ISR03Internal user (malicious or accidental); leaving employeeMedium (8)No linked Actions
ISR04Misconfiguration; accidental public exposureMedium (8)0 closed2 in progress0 open0 blocked0%

Maturity vs Effectiveness Pairing

Per Scoring Model v2 Section 7. Top 10 outcome metrics by escalation priority. Of 31 Controls with registered outcome metrics: 10 Attention · 14 Watch · 7 Healthy.

ControlOutcome MetricCurrentTargetStatusMaturity
AII.AG-01% in-house AI systems with current impact assessment71%vs >= 95%AttentionMaturity 4/6
IDE.AM-03Shadow IT items identified per quarter12vs < 5AttentionMaturity 5/6
DET.CM-02Mean time to detect (MTTD), minutes22vs < 15AttentionMaturity 6/7
APS.SC-01% code-scan findings remediated within SLA82%vs 95%AttentionMaturity 6/7
AII.AG-02% in-house AI systems with current risk register64%vs >= 95%AttentionMaturity 5/6
IDE.RA-01% Risks reassessed within cadence78%vs 95%AttentionMaturity 6/6
PRO.AA-02% privileged accounts under JIT73%vs 90%AttentionMaturity 7/7
DET.CM-03MITRE ATT&CK technique coverage67%vs >= 80%AttentionMaturity 7/7
AIT.VR-02% third-party AI tools with executed DPA73%vs 100%AttentionMaturity 7/7
AIT.VR-03% third-party AI tools with risk assessment78%vs 100%AttentionMaturity 6/6

Risk Register

ISO 27001-compliant Risk Register. The Applied Controls field is the bridge to the Control Library — every Risk lists the Framework Controls treating it.

Risk Status Overview

Total Risks
25
Open
22
Accepted
24
Above Tolerance
0
High-Tier Reduction
100%
Inherent 19 → Residual 0

Risk Register Detail 25

Click any Risk to expand its full assessment. All fields conform to the ISO 27001-compliant template.

ISR01External attacker via social engineeringInherent: Very High (20)Residual: Medium (8)
Process: Information Security
Action Owner: Identity & Access Manager
Risk Owner: CISO
Location: All office and remote working locations
C/I/A: XX−
ISO Reference: A.5.10; A.5.15; A.5.17; A.8.5
Treatment: Mitigate
Status: In Progress
Acceptance: Accept (post-treatment)
Accepted Date: 2026-03-15
Review Frequency: Quarterly
Potential Causes: Phishing email evades email gateway; user clicks malicious link; credentials harvested; no MFA on legacy applications; password reuse across services.
Potential Consequences: Unauthorised access to customer data; GDPR fine and mandatory breach notification; reputational damage; loss of customer trust; remediation costs.
Inherent
L 4 × I 5 = 20 · Very High
Residual
L 2 × I 4 = 8 · Medium
Applied Controls: PRO.AA-01 PRO.AA-02 PRO.TA-01 DET.CM-02 GOV.PO-01
Treating Actions 0 of 1 closed · 0%
ACT-009PRO.TA-01Run FY26 mandatory security awareness trainingCISOIn ProgressDue 2026-07-31
ISR02Cybercriminal organisation; ransomware operatorInherent: High (15)Residual: Medium (8)
Process: Information Security
Action Owner: Security Operations Lead
Risk Owner: CISO
Location: All office and remote working locations
C/I/A: −XX
ISO Reference: A.5.30; A.8.7; A.8.13; A.8.16
Treatment: Mitigate
Status: In Progress
Acceptance: Accept (post-treatment)
Accepted Date: 2026-04-01
Review Frequency: Quarterly
Potential Causes: Initial access via phishing or exposed RDP; lateral movement due to flat network; backups online and encryptable; slow detection of mass file changes.
Potential Consequences: Business operations halted; data permanently lost or held to ransom; significant recovery costs; reputational damage; potential regulatory notification.
Inherent
L 3 × I 5 = 15 · High
Residual
L 2 × I 4 = 8 · Medium
Applied Controls: PRO.EP-01 PRO.NS-01 DET.CM-03 REC.RP-01 REC.RP-02 RES.IR-01
Treating Actions 0 of 1 closed · 0%
ACT-037REC.RP-02Annual DR plan tabletop testBusiness Continuity ManagerIn ProgressDue 2026-08-15
ISR03Internal user (malicious or accidental); leaving employeeInherent: High (12)Residual: Medium (8)
Process: Information Security
Action Owner: Insider Risk Lead
Risk Owner: CISO
Location: All office and remote working locations
C/I/A: X−−
ISO Reference: A.5.11; A.6.6; A.8.12
Treatment: Mitigate
Status: In Progress
Acceptance: Accept (post-treatment)
Accepted Date: 2026-04-10
Review Frequency: Quarterly
Potential Causes: Excessive standing permissions; no Data Loss Prevention; departing employees retain access during notice period; insufficient awareness training on data handling.
Potential Consequences: IP theft; customer data leak; competitive disadvantage; regulatory exposure; potential civil claims.
Inherent
L 3 × I 4 = 12 · High
Residual
L 2 × I 4 = 8 · Medium
Applied Controls: PRO.AA-04 PRO.DS-03 DET.CM-01 GOV.RR-01
ISR04Misconfiguration; accidental public exposureInherent: Very High (20)Residual: Medium (8)
Process: Engineering / Cloud Operations
Action Owner: Cloud Security Engineer
Risk Owner: CTO
Location: All office and remote working locations
C/I/A: XX−
ISO Reference: A.5.23; A.8.9; A.8.32
Treatment: Mitigate
Status: In Progress
Acceptance: Accept (post-treatment)
Accepted Date: 2026-03-20
Review Frequency: Quarterly
Potential Causes: Default permissive settings on new resources; lack of preventive guardrails; manual configuration drift over time; missing Cloud Security Posture Management tooling.
Potential Consequences: Public exposure of customer or internal data; regulatory penalty; reputational damage; mandatory breach notification.
Inherent
L 4 × I 5 = 20 · Very High
Residual
L 2 × I 4 = 8 · Medium
Applied Controls: PRO.AA-03 PRO.NS-02 DET.CM-04 APS.OP-01
Treating Actions 0 of 2 closed · 0%
ACT-028DET.CM-04Onboard 4 new log sources into Splunk SIEMSOC ManagerIn ProgressDue 2026-07-15
ACT-055PRO.AA-03Quarterly access review across Tier-1 systemsIdentity & Access ManagerIn ProgressDue 2026-06-25
ISR05Compromised vendor; software supply chain attackInherent: High (12)Residual: Medium (8)
Process: Procurement / Vendor Management
Action Owner: Vendor Risk Manager
Risk Owner: CISO
Location: All office and remote working locations
C/I/A: XXX
ISO Reference: A.5.19; A.5.20; A.5.21; A.5.22
Treatment: Mitigate
Status: In Progress
Acceptance: Accept (post-treatment)
Accepted Date: 2026-04-05
Review Frequency: Quarterly
Potential Causes: Inadequate vendor due diligence; no contractual security clauses; no ongoing vendor security assessment; limited visibility into vendor sub-processors.
Potential Consequences: Cascading compromise from vendor breach; breach via vendor access; regulatory exposure; reputational damage by association.
Inherent
L 3 × I 4 = 12 · High
Residual
L 2 × I 4 = 8 · Medium
Applied Controls: IDE.SC-01 IDE.SC-02 GOV.RM-02 APS.SC-01
ISR06Internal administrator; compromised admin accountInherent: High (15)Residual: Medium (8)
Process: Information Security
Action Owner: Identity & Access Manager
Risk Owner: CISO
Location: All office and remote working locations
C/I/A: XX−
ISO Reference: A.5.15; A.5.16; A.5.18; A.8.2
Treatment: Mitigate
Status: In Progress
Acceptance: Accept (post-treatment)
Accepted Date: 2026-04-12
Review Frequency: Quarterly
Potential Causes: Standing privileged access; no Just-In-Time access; weak admin authentication; no privileged access monitoring or session recording.
Potential Consequences: Mass data exposure; system integrity loss; audit findings; potential regulatory action.
Inherent
L 3 × I 5 = 15 · High
Residual
L 2 × I 4 = 8 · Medium
Applied Controls: PRO.AA-05 PRO.AA-06 DET.CM-05 GOV.RR-02
Treating Actions 0 of 1 closed · 0%
ACT-056PRO.AA-06Just-In-Time access for production adminIdentity & Access ManagerIn ProgressDue 2026-08-15
ISR07External actor (hacktivist, criminal, competitor)Inherent: Medium (9)Residual: Low (4)
Process: Engineering
Action Owner: Platform Engineering Lead
Risk Owner: CTO
Location: All office and remote working locations
C/I/A: −−X
ISO Reference: A.5.30; A.8.6
Treatment: Mitigate
Status: Complete
Acceptance: Accepted
Accepted Date: 2026-02-28
Review Frequency: Annually
Potential Causes: No DDoS protection at edge; single points of failure; capacity limits unmodelled.
Potential Consequences: Service outage; revenue loss; SLA breach; reputational damage.
Inherent
L 3 × I 3 = 9 · Medium
Residual
L 2 × I 2 = 4 · Low
Applied Controls: PRO.NS-03 PRO.NS-04 DET.CM-06 REC.RP-03
Treating Actions 0 of 1 closed · 0%
ACT-020PRO.NS-03Roll out Zero-Trust network access for contractorsCTOIn ProgressDue 2026-09-30
ISR08External attacker; opportunistic exploitInherent: Very High (16)Residual: Medium (8)
Process: Engineering / Information Security
Action Owner: Vulnerability Manager
Risk Owner: CISO
Location: All office and remote working locations
C/I/A: XXX
ISO Reference: A.8.8; A.8.32
Treatment: Mitigate
Status: In Progress
Acceptance: Accept (post-treatment)
Accepted Date: 2026-04-18
Review Frequency: Monthly
Potential Causes: Slow patching cycle on production systems; incomplete asset inventory; legacy systems out of vendor support.
Potential Consequences: System compromise; data breach; lateral movement; full incident response activation.
Inherent
L 4 × I 4 = 16 · Very High
Residual
L 2 × I 4 = 8 · Medium
Applied Controls: PRO.VM-01 PRO.VM-02 DET.CM-04 IDE.AM-01
Treating Actions 0 of 2 closed · 0%
ACT-028DET.CM-04Onboard 4 new log sources into Splunk SIEMSOC ManagerIn ProgressDue 2026-07-15
ACT-058PRO.VM-02Patch backlog burn-down for legacy estateCTOOpenDue 2026-05-15
ISR09Inadequate data protection processes; data sprawl; lack of awarenessInherent: High (15)Residual: Medium (8)
Process: Legal / Data Protection
Action Owner: Data Protection Officer
Risk Owner: Data Protection Officer
Location: All office and remote working locations
C/I/A: XX−
ISO Reference: A.5.34
Treatment: Mitigate
Status: In Progress
Acceptance: Accept (post-treatment)
Accepted Date: 2026-03-30
Review Frequency: Quarterly
Potential Causes: Incomplete personal data inventory; missing data flow maps; no formalised Data Subject Request process; staff untrained on personal data handling.
Potential Consequences: GDPR fine up to 4% global annual turnover; supervisory authority intervention; civil claims; reputational damage.
Inherent
L 3 × I 5 = 15 · High
Residual
L 2 × I 4 = 8 · Medium
Applied Controls: GOV.PO-02 IDE.DI-01 IDE.DI-02 PRO.DS-04
Treating Actions 0 of 2 closed · 0%
ACT-005GOV.PO-02Annual Information Security Policy reviewCISOOpenDue 2026-08-15
ACT-027PRO.DS-04Implement DLP rules for sensitive personal dataDPOIn ProgressDue 2026-07-30
ISR10Advanced persistent attacker; insider; opportunistic intruderInherent: High (12)Residual: Medium (6)
Process: Information Security
Action Owner: SOC Manager
Risk Owner: CISO
Location: All office and remote working locations
C/I/A: XX−
ISO Reference: A.8.15; A.8.16
Treatment: Mitigate
Status: In Progress
Acceptance: Accept (post-treatment)
Accepted Date: 2026-04-22
Review Frequency: Quarterly
Potential Causes: Inadequate log coverage across systems; no SIEM aggregation; alerts not tuned to environment; no 24/7 monitoring coverage.
Potential Consequences: Prolonged breach dwell time; increased blast radius; regulatory exposure for failure to detect; remediation costs.
Inherent
L 3 × I 4 = 12 · High
Residual
L 2 × I 3 = 6 · Medium
Applied Controls: DET.LM-01 DET.LM-02 DET.CM-01 DET.EA-01
ISR11Misuse of LLM by employees; vendor model security failures; adversarial inputs (prompt injection)Inherent: Very High (16)Residual: Medium (9)
Process: AI Programme / Information Security
Action Owner: AI Risk Lead
Risk Owner: CISO; Chief AI Officer
Location: All office and remote working locations
C/I/A: XX−
ISO Reference: A.5.34; ISO 42001 Cl. 8
Treatment: Mitigate
Status: In Progress
Acceptance: Pending review
Accepted Date: 2026-04-25
Review Frequency: Quarterly
Potential Causes: Lack of acceptable use policy for AI tools; no model evaluation programme; sensitive data sent to public LLMs; no controls on agent autonomy.
Potential Consequences: Sensitive data exposure to third parties; decisions based on flawed model output; regulatory exposure under EU AI Act; reputational damage.
Inherent
L 4 × I 4 = 16 · Very High
Residual
L 3 × I 3 = 9 · Medium
Applied Controls: AIT.GV-01 AIT.US-01 AII.AG-01 AII.DS-01
ISR12Theft; loss; opportunistic compromiseInherent: Medium (9)Residual: Low (4)
Process: Information Security
Action Owner: Endpoint Security Lead
Risk Owner: CISO
Location: All office and remote working locations
C/I/A: X−−
ISO Reference: A.7.9; A.8.1
Treatment: Mitigate
Status: Complete
Acceptance: Accepted
Accepted Date: 2026-02-15
Review Frequency: Annually
Potential Causes: Lack of Full Disk Encryption on some endpoints; missing Mobile Device Management; no remote wipe capability.
Potential Consequences: Data exposure on stolen device; regulatory breach notification; reputational damage.
Inherent
L 3 × I 3 = 9 · Medium
Residual
L 2 × I 2 = 4 · Low
Applied Controls: PRO.EP-02 PRO.EP-03 PRO.CR-01 GOV.PO-03
ISR13Hardware failure; natural disaster; supplier outage; cyber incidentInherent: Medium (10)Residual: Medium (8)
Process: Information Security / Engineering
Action Owner: Business Continuity Manager
Risk Owner: CTO
Location: All office and remote working locations
C/I/A: −XX
ISO Reference: A.5.29; A.5.30
Treatment: Mitigate
Status: In Progress
Acceptance: Accept (post-treatment)
Accepted Date: 2026-04-08
Review Frequency: Annually
Potential Causes: No tested Disaster Recovery plan; single region/AZ deployment for critical workloads; no documented failover; no comms plan for extended outage.
Potential Consequences: Extended downtime; significant revenue loss; contractual penalties; customer churn; potential business viability concerns.
Inherent
L 2 × I 5 = 10 · Medium
Residual
L 2 × I 4 = 8 · Medium
Applied Controls: REC.RP-01 REC.RP-04 REC.RV-01 RES.IC-01
ISR14Key compromise; key loss; weak key generationInherent: Medium (10)Residual: Low (4)
Process: Engineering / Cryptography
Action Owner: Cryptography Engineering Lead
Risk Owner: CISO
Location: All office and remote working locations
C/I/A: XXX
ISO Reference: A.8.24
Treatment: Mitigate
Status: In Progress
Acceptance: Accept (post-treatment)
Accepted Date: 2026-03-25
Review Frequency: Annually
Potential Causes: Manual key handling; no Hardware Security Module; absent or infrequent key rotation; key reuse across environments.
Potential Consequences: Data exposure if keys compromised; permanent data loss if keys lost; audit findings; certification jeopardy.
Inherent
L 2 × I 5 = 10 · Medium
Residual
L 1 × I 4 = 4 · Low
Applied Controls: PRO.CR-01 PRO.CR-02 PRO.CR-03 GOV.PO-04
Treating Actions 0 of 1 closed · 0%
ACT-019PRO.CR-02Migrate legacy crypto to HSM-backed keysCTOIn ProgressDue 2026-08-15
ISR15Former employee; contractor offboarding gapInherent: High (12)Residual: Medium (8)
Process: Human Resources / Information Security
Action Owner: Identity & Access Manager
Risk Owner: CISO
Location: All office and remote working locations
C/I/A: XX−
ISO Reference: A.5.11; A.6.5; A.8.18
Treatment: Mitigate
Status: In Progress
Acceptance: Accept (post-treatment)
Accepted Date: 2026-04-15
Review Frequency: Quarterly
Potential Causes: Manual offboarding process; missing SaaS in offboarding scope; delayed HR notification of leavers; shared accounts retained.
Potential Consequences: Data exfiltration by former employee; IP theft; competitive damage; regulatory exposure.
Inherent
L 3 × I 4 = 12 · High
Residual
L 2 × I 4 = 8 · Medium
Applied Controls: PRO.AA-07 PRO.AA-04 GOV.RR-03 IDE.AM-02
Treating Actions 1 of 1 closed · 100%
ACT-063IDE.AM-02Decommission EOL Windows Server 2012R2 instancesCIOCompleteDue 2026-05-01
ISR16Improperly configured cloud resources (storage buckets, IAM roles, network ACLs) expose sensitive dataInherent: Very High (20)Residual: Medium (8)
Process: Cloud Operations / Information Security
Action Owner: Cloud Security Engineer
Risk Owner: CTO
Location: Cloud and remote working locations
C/I/A: X−−
ISO Reference: A.5.23; A.8.9; A.8.12
Treatment: Mitigate
Status: In Progress
Acceptance: Accept (post-treatment)
Accepted Date: 2026-05-20
Review Frequency: Quarterly
Potential Causes: Manual configuration; configuration drift; insufficient peer review of IaC; no CSPM tooling
Potential Consequences: Data exposure of customer or internal records; GDPR fines; reputational damage; loss of customer trust
Inherent
L 4 × I 5 = 20 · Very High
Residual
L 2 × I 4 = 8 · Medium
Applied Controls: PRO.IP-04 IDE.AM-08 DET.CM-01 PRO.AA-04
ISR17Targeted phishing campaign harvests employee credentials leading to account takeover and lateral movementInherent: Very High (20)Residual: Medium (8)
Process: Information Security / HR
Action Owner: Security Awareness Lead
Risk Owner: CISO
Location: All office and remote working locations
C/I/A: XX−
ISO Reference: A.6.3; A.8.5; A.5.10
Treatment: Mitigate
Status: In Progress
Acceptance: Accept (post-treatment)
Accepted Date: 2026-04-10
Review Frequency: Quarterly
Potential Causes: Insufficient awareness training; weak email filtering; lack of phishing simulations; absence of MFA on legacy systems
Potential Consequences: Unauthorised access to corporate systems; data breach; downstream supply chain compromise
Inherent
L 5 × I 4 = 20 · Very High
Residual
L 2 × I 4 = 8 · Medium
Applied Controls: PRO.AA-03 PRO.AA-05 PRO.AA-07 PRO.EM-02 PRO.EM-03 PRO.EM-05 PRO.TA-01 PRO.TA-02 PRO.TA-04 PRO.TA-06 DET.CM-02 DET.CM-04
Treating Actions 0 of 4 closed · 0%
ACT-009PRO.TA-01Run FY26 mandatory security awareness trainingCISOIn ProgressDue 2026-07-31
ACT-016PRO.EM-02Implement DKIM/DMARC enforcement on legacy subdomainsCIOOpenDue 2026-09-15
ACT-028DET.CM-04Onboard 4 new log sources into Splunk SIEMSOC ManagerIn ProgressDue 2026-07-15
ACT-055PRO.AA-03Quarterly access review across Tier-1 systemsIdentity & Access ManagerIn ProgressDue 2026-06-25
ISR18Ransomware encrypts production systems and lateral spread defeats backup recoveryInherent: Very High (20)Residual: Medium (8)
Process: Information Security / IT Operations
Action Owner: SOC Manager
Risk Owner: CIO
Location: Data centres and cloud workloads
C/I/A: XXX
ISO Reference: A.5.29; A.8.13; A.8.16
Treatment: Mitigate
Status: In Progress
Acceptance: Accept (post-treatment)
Accepted Date: 2026-05-05
Review Frequency: Quarterly
Potential Causes: Unpatched systems; weak endpoint protection; insufficient backup testing; flat network
Potential Consequences: Operational shutdown; ransom demand; reputational damage; legal liability; insurance impact
Inherent
L 4 × I 5 = 20 · Very High
Residual
L 2 × I 4 = 8 · Medium
Applied Controls: DET.CM-05 RES.AN-02 REC.RP-01 PRO.IP-09 REC.RP-04
Treating Actions 0 of 1 closed · 0%
ACT-036RES.AN-02Implement enriched alert triage in SOARIncident Response LeadBlockedDue 2026-08-30
ISR19Critical SaaS vendor suffers breach exposing Company data or servicesInherent: High (15)Residual: Medium (8)
Process: Vendor Management / Information Security
Action Owner: Vendor Risk Manager
Risk Owner: CISO
Location: Third-party SaaS environments
C/I/A: X−−
ISO Reference: A.5.19; A.5.20; A.5.21
Treatment: Mitigate
Status: In Progress
Acceptance: Accept (post-treatment)
Accepted Date: 2026-03-15
Review Frequency: Quarterly
Potential Causes: Inadequate vendor assessment; lack of continuous monitoring; weak contractual SLAs; no exit plan
Potential Consequences: Data exposure; supply chain risk realisation; regulatory scrutiny; service disruption
Inherent
L 3 × I 5 = 15 · High
Residual
L 2 × I 4 = 8 · Medium
Applied Controls: AIT.VR-01 AIT.GV-04 AIT.IR-01
ISR20Volumetric DDoS attack causes prolonged customer-facing service outageInherent: High (12)Residual: Low (3)
Process: Network Operations / Information Security
Action Owner: Network Security Engineer
Risk Owner: CTO
Location: Internet-facing services
C/I/A: −−X
ISO Reference: A.8.20; A.8.21; A.5.30
Treatment: Mitigate
Status: Completed
Acceptance: Accept (post-treatment)
Accepted Date: 2026-02-10
Review Frequency: Annual
Potential Causes: Insufficient DDoS protection; flat network architecture; no traffic baselining; weak CDN coverage
Potential Consequences: Customer services unavailable; SLA breaches; revenue loss; reputational impact
Inherent
L 3 × I 4 = 12 · High
Residual
L 1 × I 3 = 3 · Low
Applied Controls: PRO.IP-09 DET.CM-01 RES.RP-01
ISR21Privileged user (administrator, developer) intentionally or negligently misuses accessInherent: Medium (10)Residual: Low (4)
Process: Information Security / HR
Action Owner: Insider Threat Lead
Risk Owner: CISO
Location: Internal systems with privileged access
C/I/A: XXX
ISO Reference: A.5.15; A.8.2; A.5.16
Treatment: Mitigate
Status: In Progress
Acceptance: Accept (post-treatment)
Accepted Date: 2026-05-12
Review Frequency: Quarterly
Potential Causes: Insufficient monitoring of privileged actions; weak separation of duties; lack of UEBA; absence of just-in-time elevation
Potential Consequences: Data exfiltration; integrity damage to systems or records; service disruption
Inherent
L 2 × I 5 = 10 · Medium
Residual
L 1 × I 4 = 4 · Low
Applied Controls: PRO.AA-04 PRO.AA-05 DET.CM-07 GOV.RR-04
Treating Actions 0 of 1 closed · 0%
ACT-004GOV.RR-04Document segregation-of-duties matrixCISOBlockedDue 2026-09-01
ISR22AI system generates harmful, biased, or factually incorrect output that influences business decisions or customer interactionsInherent: Very High (16)Residual: Medium (8)
Process: AI Operations / Information Security
Action Owner: AI Risk Manager
Risk Owner: Chief AI Officer
Location: AI systems (in-house and third-party)
C/I/A: −X−
ISO Reference: ISO 42001 6.1.2; EU AI Act Art. 9, 15
Treatment: Mitigate
Status: In Progress
Acceptance: Accept (post-treatment)
Accepted Date: 2026-06-01
Review Frequency: Quarterly
Potential Causes: Insufficient model evaluation; lack of guardrails; absence of human-in-the-loop for sensitive decisions; no provenance metadata
Potential Consequences: Reputational damage; regulatory action (EU AI Act); biased decision outcomes; customer harm
Inherent
L 4 × I 4 = 16 · Very High
Residual
L 2 × I 4 = 8 · Medium
Applied Controls: AII.AG-02 AII.OP-07 AII.VM-06 AIT.AG-02 GOV.RR-08
Treating Actions 0 of 2 closed · 0%
ACT-022AIT.AG-02Vendor AI agent inventory baselineChief AI OfficerIn ProgressDue 2026-07-30
ACT-050AII.AG-02Audit human-in-the-loop checks for high-risk agentsAI Risk LeadIn ProgressDue 2026-07-15
ISR23Regulatory reporting (GDPR breach notification, NIS 2 incident reporting) missed or incomplete within mandatory timeframesInherent: High (12)Residual: Medium (6)
Process: Compliance / Legal
Action Owner: Compliance Manager
Risk Owner: General Counsel
Location: Group-wide
C/I/A: −X−
ISO Reference: GDPR Art. 33-34; NIS 2 Art. 23
Treatment: Mitigate
Status: In Progress
Acceptance: Accept (post-treatment)
Accepted Date: 2026-04-22
Review Frequency: Annual
Potential Causes: Inadequate incident classification; manual reporting processes; unclear regulatory deadlines; absence of tabletop testing
Potential Consequences: Regulatory penalties; loss of operating authorisation; reputational damage; civil action
Inherent
L 3 × I 4 = 12 · High
Residual
L 2 × I 3 = 6 · Medium
Applied Controls: GOV.OV-02 GOV.OV-03 RES.GV-02
Treating Actions 1 of 1 closed · 100%
ACT-007GOV.OV-03Q3 ISMS Steering Committee agenda templateCISOCompleteDue 2026-05-15
ISR24Malicious code injected into open-source library used in production applicationInherent: High (12)Residual: Medium (6)
Process: Software Development / AppSec
Action Owner: AppSec Lead
Risk Owner: CTO
Location: Software supply chain
C/I/A: XXX
ISO Reference: A.5.21; A.8.30; A.8.29
Treatment: Mitigate
Status: In Progress
Acceptance: Accept (post-treatment)
Accepted Date: 2026-05-30
Review Frequency: Quarterly
Potential Causes: Insufficient SBOM management; lack of dependency scanning; weak signing verification; reliance on transitive dependencies without audit
Potential Consequences: Data exposure; backdoor access; potential customer impact; mandatory disclosure obligation
Inherent
L 3 × I 4 = 12 · High
Residual
L 2 × I 3 = 6 · Medium
Applied Controls: APS.SD-04 APS.SD-05 APS.GV-04 IDE.SC-04
Treating Actions 0 of 1 closed · 0%
ACT-040APS.SD-04Roll out Snyk SAST to all main repositoriesAppSec LeadIn ProgressDue 2026-07-31
ISR25Backups corrupted, encrypted by attacker, or unable to restore in a real recovery scenarioInherent: Medium (10)Residual: Low (4)
Process: IT Operations / Business Continuity
Action Owner: Backup Operations Lead
Risk Owner: CIO
Location: Data centres and cloud storage
C/I/A: −XX
ISO Reference: A.8.13; A.5.30
Treatment: Mitigate
Status: In Progress
Acceptance: Accept (post-treatment)
Accepted Date: 2026-04-08
Review Frequency: Quarterly
Potential Causes: Insufficient backup integrity testing; encryption keys not separately stored; immutability gaps; absence of restore drills
Potential Consequences: Inability to recover from incident; extended downtime; permanent data loss; reputational damage
Inherent
L 2 × I 5 = 10 · Medium
Residual
L 1 × I 4 = 4 · Low
Applied Controls: REC.RP-01 REC.RP-04 PRO.IP-04 IDE.AM-07

Top 5 Residual Risks

Highest residual rating after applied Controls. These are the open risks that warrant the most management attention.

ISR11Misuse of LLM by employees; vendor model security failures; adversarial inputs (prompt injection)Medium (9)AIT.GV-01 AIT.US-01 AII.AG-01 AII.DS-01
ISR01External attacker via social engineeringMedium (8)PRO.AA-01 PRO.AA-02 PRO.TA-01 DET.CM-02 GOV.PO-01
ISR04Misconfiguration; accidental public exposureMedium (8)PRO.AA-03 PRO.NS-02 DET.CM-04 APS.OP-01
ISR16Improperly configured cloud resources (storage buckets, IAM roles, network ACLs) expose sensitive dataMedium (8)PRO.IP-04 IDE.AM-08 DET.CM-01 PRO.AA-04
ISR17Targeted phishing campaign harvests employee credentials leading to account takeover and lateral movementMedium (8)PRO.AA-03 PRO.AA-05 PRO.AA-07 PRO.EM-02 PRO.EM-03 PRO.EM-05 PRO.TA-01 PRO.TA-02 PRO.TA-04 PRO.TA-06 DET.CM-02 DET.CM-04

Risk Distribution

Inherent and residual risk distribution across the 5×5 likelihood × impact matrix.

Inherent Risk Distribution

Inherent
Impact 1
Impact 2
Impact 3
Impact 4
Impact 5
Likelihood 5
1
Likelihood 4
3
4
Likelihood 3
2
7
4
Likelihood 2
4
Likelihood 1

Residual Risk Distribution

Residual
Impact 1
Impact 2
Impact 3
Impact 4
Impact 5
Likelihood 5
Likelihood 4
Likelihood 3
1
Likelihood 2
2
3
15
Likelihood 1
1
3

GRC Mapping

Framework Controls mapped to seven governance, risk, and compliance standards. Each section lists the Controls that satisfy that standard, with current maturity and gap. Click any Control ID for its full details.

Certification & Regulatory Posture

Per-standard certification status, issuing body, and the next milestone with countdown. Sample data — the workbook will own these values in a future release.

Standard
Type
Status
Certificate
Issuer
Issued
Expires
Next Milestone
Countdown
ISO 27001
Certification
Active
IS 9876543
BSI
2024-09-15
2027-09-14
Year 2 Surveillance Audit
2026-09-15
97 days
ISO 42001
Certification
In Progress
BSI (targeted)
Stage 1 Audit (target)
2026-12-01
174 days
EU AI Act
Regulation
Gap Analysis
Annex III obligations apply
2026-08-02
53 days
EU GDPR
Regulation
Compliant
Annual DPIA Review
2026-09-30
112 days
NIS 2
Regulation
In Scope (Essential)
National CSIRT
First annual incident report due
2026-12-31
204 days
EU CRA
Regulation
Preparing
Vulnerability reporting obligations begin
2026-09-11
93 days
TISAX
Certification (Automotive)
Active (AL3)
TX-2024-0512-V3
DEKRA
2024-05-12
2027-05-11
Renewal Assessment
2027-05-12
336 days

Regulatory & Audit Deadline Calendar

Upcoming regulatory enforcement dates and audit milestones, soonest first.

Aug 2026
2026-08-02
EU AI Act
High-Risk AI (Annex III) obligations apply
HIGH
53 days
Sep 2026
2026-09-11
EU CRA
Vulnerability reporting obligations begin
HIGH
93 days
Sep 2026
2026-09-15
ISO 27001
Year 2 Surveillance Audit (BSI)
MEDIUM
97 days
Sep 2026
2026-09-30
EU GDPR
Annual DPIA Review
MEDIUM
112 days
Dec 2026
2026-12-01
ISO 42001
Stage 1 Certification Audit (target)
MEDIUM
174 days
Dec 2026
2026-12-31
NIS 2
First annual incident report due
MEDIUM
204 days
May 2027
2027-05-12
TISAX
TISAX Renewal Assessment
MEDIUM
336 days
Aug 2027
2027-08-02
EU AI Act
High-Risk AI (Annex I) obligations apply
MEDIUM
418 days
Sep 2027
2027-09-15
ISO 27001
Year 3 Recertification Audit
HIGH
462 days
Dec 2027
2027-12-11
EU CRA
CRA full application
HIGH
549 days
Healthy (Gap ≤ 0.49)Watch (Gap 0.50–1.25)Attention (Gap > 1.25)
ISO 27001
5.76
341 Controls mapped
Avg Gap 0.46
ISO 42001
5.45
89 Controls mapped
Avg Gap 0.80
EU AI Act
5.44
90 Controls mapped
Avg Gap 0.80
EU GDPR
5.77
162 Controls mapped
Avg Gap 0.44
NIS 2
5.76
341 Controls mapped
Avg Gap 0.46
EU CRA
5.80
44 Controls mapped
Avg Gap 0.50
TISAX
5.79
335 Controls mapped
Avg Gap 0.44

ISO 27001 341

ISO/IEC 27001:2022 - Information Security Management System (ISMS) certification standard.

Mapped Controls
341
Avg Current
5.76
Avg Target
6.22
Avg Gap
0.46
Controls Below Target
115
GOV.OC-01ISMS scope is definedCl. 4.3Target6Current6Gap0GOV.OC-02Internal and external issues relevant to information…Cl. 4.1Target6Current6Gap0GOV.OC-03Interested partiesCl. 4.2; A.5.5; A.5.6; A.5.31Target6Current6Gap0GOV.OC-04Critical dependencies and mission-critical capabilities are…Cl. 4.1; Cl. 4.3; A.5.29; A.5.30Target6Current6Gap0GOV.LE-01A legal, statutory, regulatory, and contractual…Cl. 4.2; Cl. 4.4; A.5.31Target6Current6Gap0GOV.LE-02Regulatory engagementCl. 7.4; A.5.5; A.5.6Target6Current6Gap0GOV.LE-03Intellectual property rightsA.5.32Target6Current5Gap1GOV.LE-04Records and information lifecycle obligationsA.5.33; A.5.34; A.8.10Target6Current6Gap0GOV.RM-01Information security risk management methodology and…Cl. 6.1.1; Cl. 6.1.2; Cl. 6.1.3Target6Current6Gap0GOV.RM-02Information security risk appetite and risk tolerance are…Cl. 6.1.2; Cl. 6.1.3Target6Current6Gap0GOV.RM-03Information security risks are identifiedCl. 6.1.2; Cl. 8.2Target6Current6Gap0GOV.RM-04Risk treatment optionsCl. 6.1.3; Cl. 8.3Target6Current6Gap0GOV.RM-05Information security risk management is integrated with…Cl. 4.4; Cl. 6.1.1Target6Current6Gap0GOV.RR-01Information security leadershipCl. 5.1; Cl. 5.3; A.5.2; A.5.4Target6Current6Gap0GOV.RR-02Information security roles and responsibilities for Company…Cl. 5.3; A.5.2; A.5.4; A.6.2; A.6.3Target6Current6Gap0GOV.RR-03Segregation of duties for security-sensitive activities is…A.5.3Target6Current5Gap1GOV.RR-04Personnel screening commensurate with role sensitivity is…A.6.1Target6Current6Gap0GOV.RR-05Confidentiality and non-disclosure obligations are…A.6.6Target6Current6Gap0GOV.RR-06Workforce conduct expectations and the disciplinary process…A.6.2; A.6.4Target6Current6Gap0GOV.RR-07Personnel onboardingA.5.11; A.6.1; A.6.2; A.6.5Target6Current5Gap1GOV.RR-08A cross-functional AI governance forum is established with…Cl. 5.3; A.5.2; A.5.4Target6Current2Gap4GOV.PO-01Information security policy architectureCl. 5.2; A.5.1Target6Current6Gap0GOV.PO-02Information security policies and supporting documents are…Cl. 5.2; Cl. 9.3; A.5.1Target6Current6Gap0GOV.PO-03Information security policies are communicated to personnel…Cl. 7.4; A.5.1; A.6.3Target6Current6Gap0GOV.PO-04Exceptions to information security policies are formally…Cl. 6.1.3; A.5.1; A.5.36Target6Current6Gap0GOV.RE-01Information security resourcing requirementsCl. 7.1Target6Current6Gap0GOV.RE-02Competence requirements for information security personnel…Cl. 7.2; A.6.3Target6Current6Gap0GOV.RE-03External expertiseCl. 7.1; A.5.19; A.5.20Target6Current6Gap0GOV.OV-01Information security key performance and key risk…Cl. 9.1Target6Current6Gap0GOV.OV-02ISMS performance is evaluated against defined objectivesCl. 9.1; Cl. 9.3Target6Current6Gap0GOV.OV-03Board of Directors and Executive Team are updated on…Cl. 5.1; Cl. 9.3Target6Current5Gap1GOV.OV-04Management review of the ISMS is conducted at defined…Cl. 9.3Target6Current6Gap0GOV.OV-05Continual improvement of the ISMS is governed through…Cl. 10.1; Cl. 10.2Target7Current6Gap1GOV.OV-06Per-Control maturity is scored against the Company's…Cl. 9.1Target7Current7Gap0GOV.AC-01Internal audit programme for the ISMS is established with…Cl. 9.2; A.5.35Target6Current6Gap0GOV.AC-02Independent reviews of information security are conducted…Cl. 9.2; A.5.35; A.5.36Target6Current5Gap1GOV.AC-03External audits and certification assessmentsCl. 9.2; A.5.35Target6Current6Gap0GOV.AC-04Audit findings, observations, and recommendations are…Cl. 10.2; A.5.35Target6Current6Gap0IDE.AM-01Asset management policyCl. 5.2; A.5.9; A.5.10Target6Current6Gap0IDE.AM-02Assets are classified using the Company's classification…A.5.12; A.5.13Target6Current6Gap0IDE.AM-03Service assets — including domain management, cloud…A.5.9; A.5.23Target6Current5Gap1IDE.AM-04Application assetsA.5.9; A.8.19Target6Current5Gap1IDE.AM-05Network assets — including network components, segments…A.5.9; A.8.20; A.8.22Target6Current6Gap0IDE.AM-06Endpoint assets — including company-managed devices — are…A.5.9; A.8.1Target6Current6Gap0IDE.AM-07Asset integrationsA.5.9; A.5.14Target6Current4Gap2IDE.AM-08Assets are managed throughout their lifecycleA.5.9; A.5.11; A.7.10; A.7.14; A.8.10Target6Current6Gap0IDE.DI-01Data inventory and records of processing policyCl. 5.2; A.5.9; A.5.34Target6Current6Gap0IDE.DI-02Data assets are inventoried by categoryA.5.9; A.5.12; A.5.13Target6Current6Gap0IDE.DI-03Personal data and special-category data are identifiedA.5.34Target6Current5Gap1IDE.DI-04Records of processing activitiesA.5.34Target6Current6Gap0IDE.DI-05Data flows across the asset estateA.5.14; A.5.34Target6Current5Gap1IDE.DI-06Data discovery activities are performed to detect…A.5.9; A.8.12Target6Current5Gap1IDE.BI-01Business impact analysis policyCl. 5.2; A.5.29; A.5.30Target6Current6Gap0IDE.BI-02Critical business functions and the assetsA.5.29; A.5.30Target6Current6Gap0IDE.BI-03Crown-jewel assetsA.5.9; A.5.12; A.5.29Target6Current6Gap0IDE.BI-04Business impact tolerancesA.5.29; A.5.30Target6Current6Gap0IDE.BI-05Business impact analysis outputs inform protection…A.5.29; A.5.30Target6Current6Gap0IDE.ES-01External attack surface management policyCl. 5.2; A.5.7; A.5.9Target6Current6Gap0IDE.ES-02Internet-exposed assetsA.5.9; A.8.16; A.8.20Target7Current6Gap1IDE.ES-03Shadow IT and unmanaged assets are detected and reconciled…A.5.9; A.5.23; A.8.19Target6Current6Gap0IDE.ES-04Brand-related external exposureA.5.7; A.5.9Target6Current4Gap2IDE.ES-05External attack surface findings are prioritisedA.5.7; A.8.8; A.8.16Target7Current6Gap1IDE.RA-01The information security risk assessment programmeCl. 6.1.2; Cl. 8.2Target6Current6Gap0IDE.RA-02Threat inputs from IDE.TMCl. 6.1.2; A.5.7; A.8.8Target7Current6Gap1IDE.RA-03Information security risks are analysed for likelihood and…Cl. 6.1.2; Cl. 8.2Target7Current7Gap0IDE.RA-04Project-level, change-level, and onboarding-level risk…Cl. 6.1.2; A.5.19; A.8.25Target6Current5Gap1IDE.RA-05Risk assessment outputs are recordedCl. 6.1.2; Cl. 6.1.3; Cl. 8.2; Cl. 8.3Target7Current7Gap0IDE.TM-01Threat management policyCl. 5.2; A.5.6; A.5.7Target6Current6Gap0IDE.TM-02External and internal threat intelligence is collected from…A.5.7Target6Current4Gap2IDE.TM-03The threat landscape and threat actor profile relevant to…A.5.7Target6Current6Gap0IDE.TM-04AI-specific threat intelligence sourcesA.5.7Target6Current4Gap2IDE.TM-05Threat intelligence outputs are disseminated to risk…Cl. 7.4; A.5.7Target7Current5Gap2IDE.SC-01Supply chain risk management policyCl. 5.2; A.5.19; A.5.20; A.5.21Target6Current6Gap0IDE.SC-02Suppliers and other third parties are inventoriedA.5.19; A.5.21Target7Current7Gap0IDE.SC-03Pre-engagement supplier due diligenceA.5.19; A.5.21; A.5.23Target6Current6Gap0IDE.SC-04Supplier contracts and onboarding establish information…A.5.20; A.5.21Target7Current7Gap0IDE.SC-05Supplier security posture is monitored throughout the…A.5.22Target7Current7Gap0IDE.SC-06Supplier termination and offboarding are governed by…A.5.11; A.5.22; A.8.10Target6Current5Gap1IDE.SC-07Supply chain risk management outcomes inform improvement of…Cl. 10.1; A.5.19; A.5.22Target7Current7Gap0PRO.AA-01Identity and access management policyCl. 5.2; A.5.15; A.5.16Target6Current6Gap0PRO.AA-02Identities are managed throughout their lifecycleA.5.16; A.5.18Target7Current7Gap0PRO.AA-03Authentication mechanisms are commensurate with sensitivityA.5.17; A.8.5Target6Current6Gap0PRO.AA-04Access is granted on the principles of least privilege and…A.5.15; A.5.18; A.8.3Target6Current5Gap1PRO.AA-05Privileged access is governed under additional safeguardsA.5.15; A.8.2Target6Current5Gap1PRO.AA-06Federated identityA.5.16; A.5.17; A.8.5Target7Current7Gap0PRO.AA-07Authentication credentialsA.5.17; A.8.5; A.8.24Target7Current6Gap1PRO.DS-01Data security policyCl. 5.2; A.5.10; A.5.34Target6Current6Gap0PRO.DS-02Data handling requirements per classificationA.5.10; A.5.12; A.5.13; A.5.14; A.8.3Target6Current5Gap1PRO.DS-03Data at rest is protected through encryption proportionate…A.5.34; A.7.10; A.8.24Target6Current6Gap0PRO.DS-04Data in transit is protected through encryption…A.5.14; A.8.20; A.8.24Target6Current6Gap0PRO.DS-05Data leakage prevention is applied across endpointsA.5.14; A.8.12; A.8.16Target6Current6Gap0PRO.DS-06Data masking, pseudonymisation, and tokenisation are…A.5.34; A.8.11; A.8.33Target6Current6Gap0PRO.DS-07Data retention, archival, and lawful disposal are governed…A.5.33; A.5.34; A.7.14; A.8.10Target7Current7Gap0PRO.DS-08Data backup is performedA.8.13; A.8.14Target6Current5Gap1PRO.CR-01Cryptography policyCl. 5.2; A.8.24Target6Current6Gap0PRO.CR-02Cryptographic algorithmsA.8.24Target6Current6Gap0PRO.CR-03Key management — generation, storage, distribution…A.8.24Target6Current6Gap0PRO.CR-04Public key infrastructure and digital certificates are…A.5.17; A.8.24Target6Current6Gap0PRO.CR-05Cryptographic agility and post-quantum readiness are…A.8.24Target6Current6Gap0PRO.PS-01Platform and configuration security policyCl. 5.2; A.8.9Target6Current6Gap0PRO.PS-02Operating system and platform configurations are hardened…A.8.9Target6Current6Gap0PRO.PS-03Cloud platform and SaaS configurations are governed under…A.5.23; A.8.9Target6Current5Gap1PRO.PS-04Software installationA.8.19; A.8.32Target6Current6Gap0PRO.PS-05Configuration changes to platforms and infrastructure are…A.8.32Target6Current6Gap0PRO.PS-06Anti-malware and platform-level threat protection are…A.8.7Target6Current6Gap0PRO.NS-01Network security policyCl. 5.2; A.8.20; A.8.21Target6Current6Gap0PRO.NS-02Network segmentation isolates environmentsA.8.20; A.8.22Target6Current4Gap2PRO.NS-03Perimeter protectionA.8.20; A.8.23Target7Current7Gap0PRO.NS-04Domain Name SystemA.8.17; A.8.20; A.8.21Target6Current6Gap0PRO.NS-05Remote access and VPN are governed under defined standardsA.6.7; A.8.20Target6Current6Gap0PRO.EM-01Email and messaging security policyCl. 5.2; A.5.14; A.8.23Target6Current5Gap1PRO.EM-02Email security serviceA.5.14; A.8.7; A.8.23Target6Current5Gap1PRO.EM-03Email protocol-level safeguardsA.5.14; A.8.24Target6Current6Gap0PRO.EM-04Messaging and collaboration platform securityA.5.14; A.5.23; A.8.12Target6Current5Gap1PRO.EM-05Impersonation, lookalike-domain, and brand-related email…A.5.7; A.5.14; A.8.23Target7Current7Gap0PRO.EP-01Endpoint security policyCl. 5.2; A.8.1Target6Current6Gap0PRO.EP-02Endpoint protectionA.8.1; A.8.7Target6Current5Gap1PRO.EP-03Mobile device management is applied to company-managed and…A.8.1Target6Current4Gap2PRO.EP-04Endpoint encryption is applied to in-scope devices…A.7.10; A.8.1; A.8.24Target7Current7Gap0PRO.EP-05Endpoint lifecycleA.5.11; A.7.14; A.8.1; A.8.10Target7Current6Gap1PRO.IR-01Physical and environmental protection policyCl. 5.2; A.7.1; A.7.5Target6Current6Gap0PRO.IR-02Physical access to facilitiesA.7.1; A.7.2; A.7.3; A.7.4; A.7.6Target7Current7Gap0PRO.IR-03Environmental threatsA.7.5; A.7.11; A.7.12Target6Current4Gap2PRO.IR-04Equipment siting, maintenance, and supporting utilities are…A.7.8; A.7.11; A.7.12; A.7.13Target6Current6Gap0PRO.IR-05Remote working and offsite use of Company assets are…A.6.7; A.7.9Target6Current6Gap0PRO.IR-06Clear desk, clear screen, and storage media handling are…A.7.7; A.7.10Target7Current7Gap0PRO.IR-07Infrastructure capacity and resource adequacy are monitoredA.8.6Target6Current4Gap2PRO.IR-08Resilience mechanismsA.5.29; A.5.30; A.8.14Target6Current6Gap0PRO.VM-01Vulnerability management policyCl. 5.2; A.8.8Target6Current6Gap0PRO.VM-02Vulnerability discoveryA.8.8; A.8.29Target6Current6Gap0PRO.VM-03Vulnerabilities are prioritised based on severityA.8.8Target7Current7Gap0PRO.VM-04Vulnerabilities are remediated through patchingA.8.8; A.8.32Target6Current5Gap1PRO.VM-05Vulnerability exceptions are formally requestedA.5.36; A.8.8Target7Current6Gap1PRO.VM-06Coordinated vulnerability disclosure and external…A.5.7; A.8.8Target6Current6Gap0PRO.TA-01Training and awareness policyCl. 5.2; Cl. 7.2; Cl. 7.3; A.6.3Target6Current6Gap0PRO.TA-02General information security training is provided to all…A.6.3Target6Current5Gap1PRO.TA-03Role-specific information security training is provided to…Cl. 7.2; A.6.3Target6Current5Gap1PRO.TA-04Phishing and social engineering simulation programmes are…A.6.3; A.8.16Target6Current4Gap2PRO.TA-05Security champion networks are established across functions…Cl. 5.3; A.6.3Target6Current5Gap1PRO.TA-06Training effectiveness is measuredCl. 9.1; A.6.3Target6Current4Gap2DET.GV-01Detection and monitoring policyCl. 5.2; A.5.7; A.8.16Target6Current6Gap0DET.GV-02Detection capabilityCl. 7.1; A.5.24; A.8.16Target6Current5Gap1DET.GV-03Detection coverage is mapped against MITRE ATT&CK…A.5.7; A.8.16Target6Current6Gap0DET.GV-04Detection effectivenessA.5.36; A.8.29; A.8.34Target6Current6Gap0DET.LM-01Logging policy, scope, and standards are documented…Cl. 5.2; A.8.15Target6Current6Gap0DET.LM-02Logs are generated across in-scope assets covering…A.8.15; A.8.17Target7Current6Gap1DET.LM-03Logs are aggregated to a central platform with sufficient…A.8.15; A.8.16Target6Current6Gap0DET.LM-04Log integrity is protectedA.5.33; A.8.15Target6Current6Gap0DET.LM-05Sensitive data accessA.8.2; A.8.15Target7Current6Gap1DET.CM-01Monitoring scope, signal sources, and tooling are defined…Cl. 5.2; A.8.16Target6Current6Gap0DET.CM-02Endpoint and identity monitoring captures EDRA.8.16Target7Current6Gap1DET.CM-03Network and cloud workload monitoring captures perimeterA.8.16; A.8.20Target7Current7Gap0DET.CM-04Data, application, and messaging monitoring captures DLP…A.8.12; A.8.16Target7Current7Gap0DET.CM-05Physical and environmental monitoring captures facility…A.7.4; A.7.5; A.8.16Target6Current6Gap0DET.CM-06Insider threat and user behaviour analytics monitor for…A.6.8; A.8.15; A.8.16Target6Current6Gap0DET.DE-01Detection content lifecycleCl. 5.2; A.5.7; A.8.16Target6Current6Gap0DET.DE-02Detection content is informed by threat intelligence per…A.5.7; A.8.16Target6Current6Gap0DET.DE-03Detection content is version-controlledA.8.16; A.8.32Target6Current6Gap0DET.DE-04Detection content effectivenessCl. 9.1; A.8.16Target7Current7Gap0DET.EA-01Alert triage processesA.5.25; A.6.8; A.8.16Target6Current6Gap0DET.EA-02Alerts are correlated across signal sources to identify…A.5.25; A.8.16Target6Current6Gap0DET.EA-03Investigation procedures define evidence handlingA.5.25; A.5.28; A.8.16Target6Current6Gap0DET.EA-04Confirmed incidents are escalated to incident response per…A.5.25; A.5.26; A.6.8Target7Current7Gap0DET.TH-01Threat hunting programmeCl. 5.2; A.5.7; A.8.16Target6Current6Gap0DET.TH-02Hunts are informed by threat intelligence per IDE.TMA.5.7; A.8.16Target6Current6Gap0DET.TH-03Hunt outcomes — confirmed threats, new detection content…A.5.7; A.5.27; A.8.16Target6Current5Gap1RES.GV-01Information Security incident response policyCl. 5.2; A.5.24; A.5.26Target6Current6Gap0RES.GV-02Incident response capabilityCl. 7.1; A.5.24; A.5.26Target6Current6Gap0RES.GV-03Stakeholder engagement frameworkA.5.5; A.5.6; A.5.24; A.6.8Target6Current6Gap0RES.PR-01Incident response plans and playbooksCl. 5.2; A.5.24Target6Current5Gap1RES.PR-02Response tooling — forensic acquisition, investigation…A.5.24; A.5.28Target6Current6Gap0RES.PR-03Personnel competence for response roles is established and…Cl. 7.2; A.5.24; A.6.3Target6Current6Gap0RES.PR-04Exercises — tabletop, technical, full simulation — are…A.5.24; A.8.29Target6Current6Gap0RES.PR-05External relationshipsA.5.5; A.5.6; A.5.24Target7Current7Gap0RES.IR-01Incidents are declaredA.5.25; A.6.8Target6Current6Gap0RES.IR-02Incident leadership and cross-functional coordination are…A.5.24; A.5.26Target6Current6Gap0RES.IR-03Containment actions are executed to limit incident impact…A.5.26; A.5.28Target6Current6Gap0RES.IR-04Eradication actions remove the threat presence and restore…A.5.26; A.5.27Target6Current6Gap0RES.IR-05Recovery coordination with REC ensures restoration of…A.5.26; A.5.29Target6Current6Gap0RES.IR-06Specialty incident classesA.5.24; A.5.26; A.5.27Target7Current6Gap1RES.AN-01Forensic analysis and evidence handling are performed under…A.5.27; A.5.28Target6Current6Gap0RES.AN-02Incident scope, impact, and affected assets are determined…A.5.25; A.5.27Target6Current6Gap0RES.AN-03Root cause is identified and documented for material…Cl. 10.2; A.5.27Target7Current7Gap0RES.AN-04Threat actor attribution is assessed where evidence…A.5.7; A.5.27Target7Current6Gap1RES.IC-01Internal communicationCl. 7.4; A.5.24; A.6.8Target6Current6Gap0RES.IC-02Regulatory notificationsA.5.5; A.5.24; A.6.8Target7Current7Gap0RES.IC-03Customer notification and engagement are conducted where…A.5.24; A.5.26; A.6.8Target6Current6Gap0RES.IC-04Supplier and third-party coordination is conducted where…A.5.6; A.5.22; A.5.24; A.6.8Target6Current6Gap0RES.IC-05Public communicationA.5.24; A.5.26; A.6.8Target6Current6Gap0RES.LL-01Post-incident reviews are conducted for material incidents…Cl. 10.1; Cl. 10.2; A.5.27Target6Current6Gap0RES.LL-02Programme-level effectivenessCl. 9.1; Cl. 9.3; Cl. 10.1; A.5.27Target6Current6Gap0RES.LL-03Improvement actions are tracked to closure and feed…Cl. 10.1; Cl. 10.2; A.5.27Target7Current7Gap0REC.GV-01Recovery policy, procedures, and roles are documented…Cl. 5.2; A.5.29; A.5.30Target6Current6Gap0REC.GV-02Recovery capabilityCl. 7.1; A.5.29; A.5.30Target6Current6Gap0REC.GV-03Stakeholder engagement frameworkA.5.5; A.5.6; A.5.29; A.5.30; A.6.8Target6Current6Gap0REC.RP-01Recovery strategies and plansCl. 5.2; A.5.29; A.5.30Target6Current6Gap0REC.RP-02Recovery tooling and infrastructureA.5.30; A.8.13; A.8.14Target7Current6Gap1REC.RP-03Personnel competence for recovery roles is established and…Cl. 7.2; A.5.29; A.6.3Target6Current6Gap0REC.RP-04Recovery exercisesA.5.29; A.5.30Target7Current6Gap1REC.RP-05External relationshipsA.5.6; A.5.29; A.5.30Target6Current6Gap0REC.RO-01Recovery is initiated under defined criteria with…A.5.29; A.5.30Target6Current6Gap0REC.RO-02Recovery leadership and cross-functional coordination are…A.5.29; A.5.30Target6Current6Gap0REC.RO-03System, data, and service restoration are executed under…A.5.29; A.5.30; A.8.13Target6Current6Gap0REC.RO-04Specialty recovery scenariosA.5.29; A.5.30Target6Current6Gap0REC.RV-01Pre-recovery validationA.5.29; A.5.30; A.8.13Target6Current6Gap0REC.RV-02Post-restoration integrity verificationA.5.29; A.5.30; A.8.16Target6Current6Gap0REC.RV-03Heightened post-recovery monitoring is maintained for a…A.5.29; A.5.30; A.8.16Target6Current5Gap1REC.RC-01Internal communicationCl. 7.4; A.5.29; A.6.8Target6Current6Gap0REC.RC-02Regulatory communications during recoveryA.5.5; A.5.29; A.6.8Target7Current7Gap0REC.RC-03Customer communication and service-restoration updates are…A.5.29; A.6.8Target6Current6Gap0REC.RC-04Supplier and third-party coordination during recovery is…A.5.6; A.5.22; A.5.29; A.6.8Target7Current6Gap1REC.RC-05Public communication and external messaging during recovery…A.5.29; A.6.8Target6Current6Gap0REC.LL-01Post-recovery reviews are conducted for material recoveries…Cl. 10.1; Cl. 10.2; A.5.27Target6Current6Gap0REC.LL-02Programme-level effectivenessCl. 9.1; Cl. 9.3; Cl. 10.1; A.5.27Target6Current6Gap0REC.LL-03Improvement actions are tracked to closure and feed…Cl. 10.1; Cl. 10.2; A.5.27Target7Current7Gap0APS.GV-01AppSec policies are documentedCl. 5.2; A.5.1; A.5.2Target6Current6Gap0APS.GV-02AppSec procedures are documentedCl. 8.1; A.5.37; A.8.32Target6Current5Gap1APS.GV-03Secure Software Development Lifecycle (SDLC) standards are…A.5.37; A.8.25; A.8.27; A.8.28Target6Current6Gap0APS.GV-04AppSec compliance with policiesCl. 9.2; Cl. 10.1; Cl. 10.2; A.5.36Target6Current5Gap1APS.AM-01Applications are inventoried and classifiedA.5.9; A.8.9Target6Current6Gap0APS.AM-02Source code repositories are inventoriedA.5.9; A.5.15; A.8.4Target6Current6Gap0APS.AM-03Secrets are inventoriedA.5.17; A.8.24Target6Current5Gap1APS.AM-04Application data flows and integrations are documentedA.5.9; A.5.14; A.8.16Target6Current6Gap0APS.DS-01Security requirements are defined for applications based on…A.5.8; A.5.31; A.8.25; A.8.27Target6Current5Gap1APS.DS-02Threat modeling is performed iteratively for applications…A.5.7; A.8.25; A.8.27Target7Current7Gap0APS.DS-03Security architecture reviews are performed for new…A.5.8; A.8.25; A.8.27; A.8.29Target6Current6Gap0APS.DS-04Privacy by design and Data Protection Impact Assessments…A.5.34; A.8.25Target6Current5Gap1APS.DS-05Secure design patterns and reusable security components are…A.8.25; A.8.27; A.8.28Target7Current7Gap0APS.SD-01Access control is applied to development assetsA.5.15; A.5.18; A.8.2; A.8.3; A.8.4Target7Current6Gap1APS.SD-02Cryptography is applied to protect data within applications…A.5.17; A.8.24Target6Current5Gap1APS.SD-03Input is validated and exceptions are handled securely…A.8.26; A.8.28Target7Current7Gap0APS.SD-04Security is addressed from the start of development (OWASP…A.5.8; A.8.25Target7Current6Gap1APS.SD-05Configurations are secure by default (OWASP C5) OWASP Top…A.8.9; A.8.25; A.8.27Target7Current7Gap0APS.SD-06Components are kept secure (OWASP C6) OWASP Top 10…A.8.8; A.8.30; A.8.32Target7Current7Gap0APS.SD-07Digital identities are secured (OWASP C7) OWASP Top 10…A.5.16; A.5.17; A.8.5Target6Current5Gap1APS.SD-08Browser security features are leveraged (OWASP C8) OWASP…A.8.26; A.8.28Target6Current6Gap0APS.SD-09Security logging and monitoring are implemented (OWASP C9)…A.8.15; A.8.16Target6Current6Gap0APS.SD-10Server-side request forgery is prevented (OWASP C10) OWASP…A.8.23; A.8.26; A.8.28Target6Current6Gap0APS.SD-11Secrets are sourced from secure secrets managementA.5.17; A.8.4; A.8.24Target6Current6Gap0APS.SD-12Secure coding standards are documented and appliedA.8.28; A.8.32Target6Current6Gap0APS.SC-01Third-party components and dependencies are inventoried and…A.5.9; A.8.8; A.8.30Target7Current6Gap1APS.SC-02Third-party component selection follows defined security…A.5.19; A.5.20; A.8.30Target6Current5Gap1APS.SC-03Build pipeline and deployment infrastructure integrity and…A.8.4; A.8.9; A.8.25; A.8.32Target7Current5Gap2APS.SC-04Container images and registries are managed for security…A.8.9; A.8.30; A.8.32Target6Current5Gap1APS.VM-01Application code testing is performedA.8.8; A.8.25; A.8.28Target7Current6Gap1APS.VM-02Application runtime testing is performedA.8.8; A.8.29Target6Current5Gap1APS.VM-03Infrastructure-as-Code (IaC) security scanning is performedA.8.9; A.8.25; A.8.32Target6Current5Gap1APS.VM-04Penetration testing is performed for in-scope applicationsA.8.8; A.8.29Target6Current6Gap0APS.VM-05Application vulnerabilities are trackedA.8.8; A.8.32Target6Current6Gap0APS.VM-06Bug bounty or coordinated vulnerability disclosure is…A.5.7; A.8.8Target6Current6Gap0APS.OP-01Application release and deployment processes apply secure…A.5.37; A.8.31; A.8.32Target7Current6Gap1APS.OP-02Runtime application protection is applied where appropriateA.8.21; A.8.23; A.8.26Target6Current6Gap0APS.OP-03AppSec incident response procedures are documented and…A.5.24; A.5.26Target6Current5Gap1APS.OP-04Application BCP / DR procedures are documented and…A.5.29; A.5.30; A.8.14Target6Current6Gap0APS.OP-05Application decommissioning and end-of-life procedures…A.5.11; A.7.14; A.8.10Target7Current7Gap0APS.TA-01AppSec training is provided to developmentA.6.3; A.8.28Target6Current5Gap1APS.TA-02A Security Champion programme is operated to designateA.5.4; A.6.3Target6Current5Gap1AIT.GV-01Third-Party AI policies are documentedCl. 5.2; A.5.1; A.5.2Target6Current6Gap0AIT.GV-02Third-Party AI procedures are documentedCl. 8.1; A.5.37; A.8.32Target6Current6Gap0AIT.GV-03Vendor responsibility frameworkCl. 4.2; A.5.19; A.5.20; A.5.31Target6Current6Gap0AIT.GV-04Third-Party AI compliance with policiesCl. 9.2; Cl. 10.1; Cl. 10.2; A.5.36Target6Current5Gap1AIT.VR-01Third-party AI vendors are evaluated against the Vendor…A.5.19; A.5.21; A.5.23Target6Current6Gap0AIT.VR-02Information security requirements are included in…A.5.20; A.5.21Target7Current7Gap0AIT.VR-03Vendor sub-processors and AI supply chain are identified…A.5.21; A.5.22Target6Current6Gap0AIT.VR-04Vendor security and ethical posture is reassessed at…A.5.22Target6Current6Gap0AIT.AM-01Third-party AI tools and services are inventoriedA.5.9Target6Current4Gap2AIT.AM-02Third-party AI assets are classified and tagged with AI…A.5.12; A.5.13Target6Current4Gap2AIT.AM-03Shadow AI — unauthorised third-party AI use — is detected…A.5.9; A.5.15; A.8.16Target6Current4Gap2AIT.AM-04Embedded AI capabilities within existing SaaS suppliers are…A.5.22Target6Current4Gap2AIT.AG-01Agentic AI tool authorisation scope is documented and…A.5.15; A.5.18; A.8.2; A.8.3Target6Current6Gap0AIT.AG-02Human-in-the-loop authorisation is applied to sensitive…A.5.15; A.5.18Target6Current4Gap2AIT.AG-03Agentic AI activity is logged at action granularityA.8.15; A.8.16Target7Current5Gap2AIT.AG-04Agentic AI prompt injectionA.8.23; A.8.26Target6Current6Gap0AIT.AG-05Agentic AI vendor selection follows elevated criteriaA.5.19; A.5.20; A.5.21Target7Current5Gap2AIT.AG-06Emergency suspension and revocation capability for…A.5.25; A.5.26; A.8.16Target7Current1Gap6AIT.US-01Approved third-party AI toolsA.5.10; A.5.15Target6Current5Gap1AIT.US-02Data exposure to third-party AI tools is governed per AI…A.5.10; A.5.12; A.5.14; A.5.33; A.8.12Target7Current6Gap1AIT.US-03AI tool output handling and verification requirements are…A.5.10; A.5.27Target6Current6Gap0AIT.US-04Personal and company account separation is enforced for…A.5.15; A.5.16; A.5.17; A.8.5Target6Current6Gap0AIT.MO-01Third-party AI usage telemetry is collected and analysedA.8.15; A.8.16Target6Current6Gap0AIT.MO-02Third-party AI provider security postureA.5.22; A.8.15Target6Current5Gap1AIT.MO-03Vendor business, ethical, and regulatory changes are…A.5.22; A.5.31Target7Current7Gap0AIT.MO-04Anomalous usage patterns and abuse indicators are detectedA.5.7; A.8.15; A.8.16Target6Current6Gap0AIT.IR-01Third-party AI-specific incident response playbooks are…A.5.24; A.5.26Target6Current6Gap0AIT.IR-02Third-party AI incidents are escalated and managed per the…A.5.24; A.5.26Target6Current5Gap1AIT.IR-03Vendor-initiated breach and security notifications are…A.5.22; A.5.24Target7Current7Gap0AIT.RT-01Third-party AI tool retirement is performed when approval…A.5.11; A.5.20; A.8.10Target7Current6Gap1AIT.RT-02Data return, deletion, and account closure are verified at…A.5.11; A.8.10Target7Current7Gap0AIT.RT-03Retirement outcomes inform Vendor Responsibility Framework…A.5.27; Cl. 10.1Target6Current5Gap1AII.GV-01AI security policies are documentedCl. 5.2; A.5.1; A.5.2Target6Current6Gap0AII.GV-02AI security procedures are documentedCl. 8.1; A.5.37; A.8.32Target6Current6Gap0AII.GV-03Secure AI Development Lifecycle (AI SDLC) standards are…A.5.37; A.8.25; A.8.27; A.8.28Target6Current6Gap0AII.GV-04AI security compliance with policiesCl. 9.2; Cl. 10.1; Cl. 10.2; A.5.36Target6Current5Gap1AII.AM-01In-house AI systems are inventoried and classifiedA.5.9Target6Current5Gap1AII.AM-02AI models and model artifacts are inventoriedA.5.9; A.5.15; A.5.18; A.8.4Target6Current6Gap0AII.AM-03Training datasets and AI data assets are inventoriedA.5.9; A.5.12; A.5.13Target6Current5Gap1AII.AM-04System prompts and AI instructions are inventoriedA.5.9; A.5.15; A.8.4Target6Current3Gap3AII.AM-05AI data flows and integrations are documentedA.5.9; A.5.14; A.8.16Target6Current5Gap1AII.DS-01AI security requirements are defined based on AI risk and…A.5.8; A.5.31; A.8.25; A.8.27Target7Current6Gap1AII.DS-02AI threat modeling is performed iteratively for AI systems…A.5.7; A.8.25; A.8.27Target6Current6Gap0AII.DS-03Security architecture reviews are performed for new AI…A.5.8; A.8.25; A.8.27; A.8.29Target7Current6Gap1AII.DS-04Privacy by Design and Data Protection Impact Assessments…A.5.34; A.8.25Target7Current7Gap0AII.DS-05Secure AI design patterns and reusable security components…A.8.25; A.8.27; A.8.28Target6Current6Gap0AII.SD-01Training data security and integrity controls are appliedA.5.12; A.5.13; A.8.4; A.8.24Target7Current6Gap1AII.SD-02Model training and fine-tuning security controls are…A.5.15; A.5.18; A.8.4; A.8.9; A.8.31; A.8.32Target6Current6Gap0AII.SD-03System prompts and AI instructions are developed and…A.5.10; A.5.12; A.5.15; A.8.4; A.8.26; A.8.28Target6Current6Gap0AII.SD-04Inference input validation and output handling are appliedA.5.10; A.8.26; A.8.28Target6Current6Gap0AII.SD-05Model artifact integrity and safe loading controls are…A.8.4; A.8.24; A.8.30; A.8.32Target7Current7Gap0AII.SD-06ML pipeline security controls are appliedA.8.4; A.8.9; A.8.25; A.8.31; A.8.32Target6Current6Gap0AII.SD-07Adversarial robustness defences are implemented where…A.5.7; A.8.25; A.8.28Target6Current6Gap0AII.SD-08AI-specific secrets and credentials are managedA.5.17; A.8.4; A.8.24Target6Current6Gap0AII.SD-09Secure AI coding standards and code review are appliedA.8.28; A.8.32Target6Current5Gap1AII.SC-01AI components, models, and dependencies are inventoried and…A.5.9; A.8.8; A.8.30Target7Current6Gap1AII.SC-02Base model and pre-trained model selection follows defined…A.5.19; A.5.20; A.5.21; A.8.30Target6Current6Gap0AII.SC-03Training dataset provenance and licensing are verified…A.5.9; A.5.19; A.5.20; A.5.31Target6Current5Gap1AII.SC-04AI build pipeline and ML infrastructure integrity are…A.8.4; A.8.9; A.8.25; A.8.31; A.8.32Target6Current6Gap0AII.VM-01AI code and component testing is performedA.8.8; A.8.25; A.8.28; A.8.29Target6Current6Gap0AII.VM-02AI runtime testing is performedA.8.8; A.8.29Target7Current7Gap0AII.VM-03AI red teaming is performed for in-scope AI systemsA.8.8; A.8.29Target6Current6Gap0AII.VM-04AI vulnerabilities are trackedA.8.8; A.8.32Target6Current5Gap1AII.VM-05AI bug bounty or coordinated vulnerability disclosure is…A.5.7; A.8.8Target6Current6Gap0AII.VM-06A versioned security evaluation suite gates promotion of AI…A.8.29; A.8.31; A.8.32Target7Current2Gap5AII.OP-01AI release and deployment processes apply secure release…A.5.37; A.8.31; A.8.32Target6Current6Gap0AII.OP-02Runtime AI protection is appliedA.8.21; A.8.23; A.8.26Target6Current6Gap0AII.OP-03AI systems are monitoredA.8.15; A.8.16Target7Current6Gap1AII.OP-04AI incident response procedures are documented and…A.5.24; A.5.26Target7Current7Gap0AII.OP-05AI system BCP / DR procedures are documented and maintainedA.5.29; A.5.30; A.8.13; A.8.14Target6Current6Gap0AII.OP-06AI system decommissioning and end-of-life procedures…A.5.11; A.7.14; A.8.10Target6Current5Gap1AII.OP-07AI-generated content transparency and provenance…A.5.34; A.8.10Target6Current1Gap5AII.AG-01Agent authorisation scope is documented and enforcedA.5.15; A.5.18; A.8.2; A.8.3Target6Current4Gap2AII.AG-02Human-in-the-loop authorisation is applied to sensitive…A.5.15; A.5.18Target6Current5Gap1AII.AG-03Agent activity is logged at action granularityA.8.15; A.8.16Target7Current7Gap0AII.AG-04Agent defences against prompt injectionA.8.23; A.8.26Target6Current5Gap1AII.AG-05Agent frameworks, orchestration, and MCP implementations…A.5.9; A.8.4; A.8.25; A.8.28Target7Current7Gap0AII.AG-06Emergency suspension and revocation capability for in-house…A.5.25; A.5.26; A.8.16Target7Current1Gap6AII.TA-01AI security training is provided to AI developmentA.6.3; A.8.28Target6Current6Gap0AII.TA-02An AI Security Champion programme is operated to designateA.5.4; A.6.3Target6Current5Gap1AII.US-01Approved in-house AI tools and use cases are defined and…A.5.10; A.5.15Target6Current5Gap1AII.US-02Data exposure to in-house AI tools is governed per AI…A.5.10; A.5.12; A.5.14; A.5.33; A.8.12Target6Current5Gap1AII.US-03AI tool output handling and verification requirements are…A.5.10; A.5.27Target6Current6Gap0AII.US-04Authentication and account hygiene for in-house AI tools is…A.5.15; A.5.16; A.5.17; A.5.18; A.8.5Target6Current5Gap1

ISO 42001 89

ISO/IEC 42001:2023 - AI Management System (AIMS) certification standard.

Mapped Controls
89
Avg Current
5.45
Avg Target
6.25
Avg Gap
0.80
Controls Below Target
40
GOV.RM-01Information security risk management methodology and…Cl. 6.1; A.5.2Target6Current6Gap0GOV.RM-02Information security risk appetite and risk tolerance are…Cl. 6.1; A.9.4Target6Current6Gap0GOV.RR-08A cross-functional AI governance forum is established with…Cl. 5.3; A.3.2Target6Current2Gap4GOV.OV-01Information security key performance and key risk…Cl. 9.1; A.9.3Target6Current6Gap0DET.GV-03Detection coverage is mapped against MITRE ATT&CK…A.8.4Target6Current6Gap0AIT.GV-01Third-Party AI policies are documentedA.2.2; A.2.3; A.2.4; A.10.2Target6Current6Gap0AIT.GV-02Third-Party AI procedures are documentedA.2.2; A.6.1Target6Current6Gap0AIT.GV-03Vendor responsibility frameworkA.5.2; A.5.4; A.5.5; A.10.2; A.10.3Target6Current6Gap0AIT.GV-04Third-Party AI compliance with policiesA.2.4; A.6.2.6Target6Current5Gap1AIT.VR-01Third-party AI vendors are evaluated against the Vendor…A.5.2; A.10.2; A.10.3Target6Current6Gap0AIT.VR-02Information security requirements are included in…A.10.3Target7Current7Gap0AIT.VR-03Vendor sub-processors and AI supply chain are identified…A.10.3; A.10.4Target6Current6Gap0AIT.VR-04Vendor security and ethical posture is reassessed at…A.10.3; A.6.2.6Target6Current6Gap0AIT.AM-01Third-party AI tools and services are inventoriedA.4.2; A.10.2Target6Current4Gap2AIT.AM-02Third-party AI assets are classified and tagged with AI…A.5.2; A.5.3; A.6.2.2Target6Current4Gap2AIT.AM-03Shadow AI — unauthorised third-party AI use — is detected…A.4.2; A.9.2Target6Current4Gap2AIT.AM-04Embedded AI capabilities within existing SaaS suppliers are…A.10.3; A.6.2.6Target6Current4Gap2AIT.AG-01Agentic AI tool authorisation scope is documented and…A.6.2.5; A.9.2; A.9.3Target6Current6Gap0AIT.AG-02Human-in-the-loop authorisation is applied to sensitive…A.6.2.6; A.9.2; A.9.3Target6Current4Gap2AIT.AG-03Agentic AI activity is logged at action granularityA.6.2.8; A.8.4Target7Current5Gap2AIT.AG-04Agentic AI prompt injectionA.6.2.5; A.6.2.6Target6Current6Gap0AIT.AG-05Agentic AI vendor selection follows elevated criteriaA.5.4; A.10.2; A.10.3Target7Current5Gap2AIT.AG-06Emergency suspension and revocation capability for…A.6.2.6; A.8.4Target7Current1Gap6AIT.US-01Approved third-party AI toolsA.9.2; A.9.4Target6Current5Gap1AIT.US-02Data exposure to third-party AI tools is governed per AI…A.7.3; A.7.4; A.9.2Target7Current6Gap1AIT.US-03AI tool output handling and verification requirements are…A.6.2.6; A.8.2; A.9.2Target6Current6Gap0AIT.US-04Personal and company account separation is enforced for…A.9.2Target6Current6Gap0AIT.MO-01Third-party AI usage telemetry is collected and analysedA.6.2.6; A.6.2.8Target6Current6Gap0AIT.MO-02Third-party AI provider security postureA.10.3; A.6.2.6Target6Current5Gap1AIT.MO-03Vendor business, ethical, and regulatory changes are…A.10.3Target7Current7Gap0AIT.MO-04Anomalous usage patterns and abuse indicators are detectedA.6.2.6; A.6.2.8Target6Current6Gap0AIT.IR-01Third-party AI-specific incident response playbooks are…A.8.4; A.6.2.6Target6Current6Gap0AIT.IR-02Third-party AI incidents are escalated and managed per the…A.8.4; A.10.3Target6Current5Gap1AIT.IR-03Vendor-initiated breach and security notifications are…A.8.4; A.10.3Target7Current7Gap0AIT.RT-01Third-party AI tool retirement is performed when approval…A.6.2.6; A.10.3Target7Current6Gap1AIT.RT-02Data return, deletion, and account closure are verified at…A.6.2.6; A.7.6Target7Current7Gap0AIT.RT-03Retirement outcomes inform Vendor Responsibility Framework…A.6.2.6; A.10.3Target6Current5Gap1AII.GV-01AI security policies are documentedA.2.2; A.2.3; A.2.4; A.3.2Target6Current6Gap0AII.GV-02AI security procedures are documentedA.2.2; A.6.1Target6Current6Gap0AII.GV-03Secure AI Development Lifecycle (AI SDLC) standards are…A.6.1; A.6.2.1; A.6.2.2; A.6.2.3Target6Current6Gap0AII.GV-04AI security compliance with policiesA.2.4; A.5.2; A.6.2.6Target6Current5Gap1AII.AM-01In-house AI systems are inventoried and classifiedA.4.2; A.4.5; A.6.2.2Target6Current5Gap1AII.AM-02AI models and model artifacts are inventoriedA.4.4; A.6.2.7; A.7.5Target6Current6Gap0AII.AM-03Training datasets and AI data assets are inventoriedA.7.2; A.7.3; A.7.4; A.7.5; A.7.6Target6Current5Gap1AII.AM-04System prompts and AI instructions are inventoriedA.6.2.3; A.6.2.7Target6Current3Gap3AII.AM-05AI data flows and integrations are documentedA.6.2.6; A.7.5; A.8.4Target6Current5Gap1AII.DS-01AI security requirements are defined based on AI risk and…A.5.2; A.6.2.1; A.6.2.2Target7Current6Gap1AII.DS-02AI threat modeling is performed iteratively for AI systems…A.5.2; A.6.2.2Target6Current6Gap0AII.DS-03Security architecture reviews are performed for new AI…A.6.2.2; A.6.2.3Target7Current6Gap1AII.DS-04Privacy by Design and Data Protection Impact Assessments…A.5.2; A.5.3; A.5.4; A.5.5Target7Current7Gap0AII.DS-05Secure AI design patterns and reusable security components…A.6.2.3; A.6.2.7Target6Current6Gap0AII.SD-01Training data security and integrity controls are appliedA.7.2; A.7.3; A.7.4; A.7.5Target7Current6Gap1AII.SD-02Model training and fine-tuning security controls are…A.6.2.3; A.6.2.4; A.6.2.7; A.7.6Target6Current6Gap0AII.SD-03System prompts and AI instructions are developed and…A.6.2.3; A.6.2.7Target6Current6Gap0AII.SD-04Inference input validation and output handling are appliedA.6.2.5; A.6.2.6; A.8.2Target6Current6Gap0AII.SD-05Model artifact integrity and safe loading controls are…A.6.2.7; A.7.5Target7Current7Gap0AII.SD-06ML pipeline security controls are appliedA.6.2.3; A.6.2.4Target6Current6Gap0AII.SD-07Adversarial robustness defences are implemented where…A.6.2.3; A.6.2.4Target6Current6Gap0AII.SD-08AI-specific secrets and credentials are managedA.4.4Target6Current6Gap0AII.SD-09Secure AI coding standards and code review are appliedA.6.2.3; A.6.2.4Target6Current5Gap1AII.SC-01AI components, models, and dependencies are inventoried and…A.4.2; A.4.5; A.7.5; A.10.3Target7Current6Gap1AII.SC-02Base model and pre-trained model selection follows defined…A.5.4; A.10.2; A.10.3; A.10.4Target6Current6Gap0AII.SC-03Training dataset provenance and licensing are verified…A.7.2; A.7.3; A.7.5; A.10.3Target6Current5Gap1AII.SC-04AI build pipeline and ML infrastructure integrity are…A.4.4; A.4.5; A.6.2.3; A.6.2.4Target6Current6Gap0AII.VM-01AI code and component testing is performedA.6.2.4Target6Current6Gap0AII.VM-02AI runtime testing is performedA.6.2.4Target7Current7Gap0AII.VM-03AI red teaming is performed for in-scope AI systemsA.6.2.4Target6Current6Gap0AII.VM-04AI vulnerabilities are trackedA.6.2.6Target6Current5Gap1AII.VM-05AI bug bounty or coordinated vulnerability disclosure is…A.8.3; A.8.4Target6Current6Gap0AII.VM-06A versioned security evaluation suite gates promotion of AI…A.6.2.4; A.6.2.5; A.8.4Target7Current2Gap5AII.OP-01AI release and deployment processes apply secure release…A.6.2.5; A.6.2.6Target6Current6Gap0AII.OP-02Runtime AI protection is appliedA.6.2.5; A.6.2.6Target6Current6Gap0AII.OP-03AI systems are monitoredA.6.2.6; A.6.2.8Target7Current6Gap1AII.OP-04AI incident response procedures are documented and…A.6.2.6; A.8.4Target7Current7Gap0AII.OP-05AI system BCP / DR procedures are documented and maintainedA.6.2.6; A.7.6Target6Current6Gap0AII.OP-06AI system decommissioning and end-of-life procedures…A.6.2.6; A.7.6Target6Current5Gap1AII.OP-07AI-generated content transparency and provenance…A.8.2; A.8.5Target6Current1Gap5AII.AG-01Agent authorisation scope is documented and enforcedA.6.2.5; A.9.2; A.9.3Target6Current4Gap2AII.AG-02Human-in-the-loop authorisation is applied to sensitive…A.6.2.6; A.9.2; A.9.3Target6Current5Gap1AII.AG-03Agent activity is logged at action granularityA.6.2.8; A.8.4Target7Current7Gap0AII.AG-04Agent defences against prompt injectionA.6.2.5; A.6.2.6Target6Current5Gap1AII.AG-05Agent frameworks, orchestration, and MCP implementations…A.6.2.3; A.6.2.7Target7Current7Gap0AII.AG-06Emergency suspension and revocation capability for in-house…A.6.2.6; A.8.4Target7Current1Gap6AII.TA-01AI security training is provided to AI developmentA.3.2; A.4.6Target6Current6Gap0AII.TA-02An AI Security Champion programme is operated to designateA.3.2; A.4.6Target6Current5Gap1AII.US-01Approved in-house AI tools and use cases are defined and…A.9.2; A.9.4Target6Current5Gap1AII.US-02Data exposure to in-house AI tools is governed per AI…A.7.3; A.7.4; A.9.2Target6Current5Gap1AII.US-03AI tool output handling and verification requirements are…A.6.2.6; A.8.2; A.9.2Target6Current6Gap0AII.US-04Authentication and account hygiene for in-house AI tools is…A.9.2Target6Current5Gap1

EU AI Act 90

EU Artificial Intelligence Act - risk-based regulation for AI systems placed on the EU market.

Mapped Controls
90
Avg Current
5.44
Avg Target
6.24
Avg Gap
0.80
Controls Below Target
41
GOV.LE-01A legal, statutory, regulatory, and contractual…Ch. V (GPAI, applicability-assessed)Target6Current6Gap0GOV.RM-01Information security risk management methodology and…Art. 9Target6Current6Gap0GOV.RM-02Information security risk appetite and risk tolerance are…Art. 9; Art. 14Target6Current6Gap0GOV.RR-08A cross-functional AI governance forum is established with…Art. 4; Art. 17; Art. 26Target6Current2Gap4GOV.OV-01Information security key performance and key risk…Art. 14; Art. 26Target6Current6Gap0PRO.TA-02General information security training is provided to all…Art. 4 (AI literacy)Target6Current5Gap1AIT.GV-01Third-Party AI policies are documentedArt. 5; Art. 26Target6Current6Gap0AIT.GV-02Third-Party AI procedures are documentedArt. 26Target6Current6Gap0AIT.GV-03Vendor responsibility frameworkArt. 5; Art. 26; Art. 27 (FRIA)Target6Current6Gap0AIT.GV-04Third-Party AI compliance with policiesArt. 5 (Prohibited practices); Art. 26 (Obligations of deployers); Art. 27 (FRIA); Art. 72Target6Current5Gap1AIT.VR-01Third-party AI vendors are evaluated against the Vendor…Art. 5; Art. 26; Art. 27Target6Current6Gap0AIT.VR-02Information security requirements are included in…Art. 25; Art. 26Target7Current7Gap0AIT.VR-03Vendor sub-processors and AI supply chain are identified…Art. 25Target6Current6Gap0AIT.VR-04Vendor security and ethical posture is reassessed at…Art. 26; Art. 72Target6Current6Gap0AIT.AM-01Third-party AI tools and services are inventoriedArt. 26Target6Current4Gap2AIT.AM-02Third-party AI assets are classified and tagged with AI…Art. 5; Art. 6; Art. 26; Art. 50Target6Current4Gap2AIT.AM-03Shadow AI — unauthorised third-party AI use — is detected…Art. 5; Art. 26Target6Current4Gap2AIT.AM-04Embedded AI capabilities within existing SaaS suppliers are…Art. 26; Art. 50Target6Current4Gap2AIT.AG-01Agentic AI tool authorisation scope is documented and…Art. 14; Art. 26Target6Current6Gap0AIT.AG-02Human-in-the-loop authorisation is applied to sensitive…Art. 14; Art. 22; Art. 26Target6Current4Gap2AIT.AG-03Agentic AI activity is logged at action granularityArt. 12; Art. 26Target7Current5Gap2AIT.AG-04Agentic AI prompt injectionArt. 15; Art. 26Target6Current6Gap0AIT.AG-05Agentic AI vendor selection follows elevated criteriaArt. 26; Art. 27Target7Current5Gap2AIT.AG-06Emergency suspension and revocation capability for…Art. 14(4); Art. 26Target7Current1Gap6AIT.US-01Approved third-party AI toolsArt. 5; Art. 26Target6Current5Gap1AIT.US-02Data exposure to third-party AI tools is governed per AI…Art. 26Target7Current6Gap1AIT.US-03AI tool output handling and verification requirements are…Art. 14; Art. 26; Art. 50Target6Current6Gap0AIT.US-04Personal and company account separation is enforced for…Art. 26Target6Current6Gap0AIT.MO-01Third-party AI usage telemetry is collected and analysedArt. 12; Art. 26; Art. 72Target6Current6Gap0AIT.MO-02Third-party AI provider security postureArt. 26; Art. 72Target6Current5Gap1AIT.MO-03Vendor business, ethical, and regulatory changes are…Art. 26Target7Current7Gap0AIT.MO-04Anomalous usage patterns and abuse indicators are detectedArt. 26; Art. 72Target6Current6Gap0AIT.IR-01Third-party AI-specific incident response playbooks are…Art. 26; Art. 73Target6Current6Gap0AIT.IR-02Third-party AI incidents are escalated and managed per the…Art. 26; Art. 73Target6Current5Gap1AIT.IR-03Vendor-initiated breach and security notifications are…Art. 26; Art. 73Target7Current7Gap0AIT.RT-01Third-party AI tool retirement is performed when approval…Art. 26Target7Current6Gap1AIT.RT-02Data return, deletion, and account closure are verified at…Art. 26Target7Current7Gap0AIT.RT-03Retirement outcomes inform Vendor Responsibility Framework…Art. 26Target6Current5Gap1AII.GV-01AI security policies are documentedArt. 5; Art. 9; Art. 16Target6Current6Gap0AII.GV-02AI security procedures are documentedArt. 9; Art. 16Target6Current6Gap0AII.GV-03Secure AI Development Lifecycle (AI SDLC) standards are…Art. 9; Art. 15; Art. 17Target6Current6Gap0AII.GV-04AI security compliance with policiesArt. 5; Art. 9; Art. 11; Art. 15; Art. 17; Art. 72Target6Current5Gap1AII.AM-01In-house AI systems are inventoried and classifiedArt. 6; Art. 11; Art. 26Target6Current5Gap1AII.AM-02AI models and model artifacts are inventoriedArt. 11; Art. 12; Annex IVTarget6Current6Gap0AII.AM-03Training datasets and AI data assets are inventoriedArt. 10; Art. 11Target6Current5Gap1AII.AM-04System prompts and AI instructions are inventoriedArt. 13; Art. 15Target6Current3Gap3AII.AM-05AI data flows and integrations are documentedArt. 11; Art. 12Target6Current5Gap1AII.DS-01AI security requirements are defined based on AI risk and…Art. 9; Art. 15; Art. 27Target7Current6Gap1AII.DS-02AI threat modeling is performed iteratively for AI systems…Art. 9Target6Current6Gap0AII.DS-03Security architecture reviews are performed for new AI…Art. 9; Art. 15Target7Current6Gap1AII.DS-04Privacy by Design and Data Protection Impact Assessments…Art. 26; Art. 27Target7Current7Gap0AII.DS-05Secure AI design patterns and reusable security components…Art. 9; Art. 15Target6Current6Gap0AII.SD-01Training data security and integrity controls are appliedArt. 10; Art. 15Target7Current6Gap1AII.SD-02Model training and fine-tuning security controls are…Art. 11; Art. 12; Art. 15Target6Current6Gap0AII.SD-03System prompts and AI instructions are developed and…Art. 13; Art. 15Target6Current6Gap0AII.SD-04Inference input validation and output handling are appliedArt. 13; Art. 14; Art. 15; Art. 50Target6Current6Gap0AII.SD-05Model artifact integrity and safe loading controls are…Art. 15Target7Current7Gap0AII.SD-06ML pipeline security controls are appliedArt. 15; Art. 17Target6Current6Gap0AII.SD-07Adversarial robustness defences are implemented where…Art. 9; Art. 15Target6Current6Gap0AII.SD-08AI-specific secrets and credentials are managedArt. 15Target6Current6Gap0AII.SD-09Secure AI coding standards and code review are appliedArt. 15; Art. 17Target6Current5Gap1AII.SC-01AI components, models, and dependencies are inventoried and…Art. 11; Art. 25; Annex IVTarget7Current6Gap1AII.SC-02Base model and pre-trained model selection follows defined…Art. 25; Art. 53; Art. 55Target6Current6Gap0AII.SC-03Training dataset provenance and licensing are verified…Art. 10; Art. 53(1)(c)Target6Current5Gap1AII.SC-04AI build pipeline and ML infrastructure integrity are…Art. 15; Art. 17Target6Current6Gap0AII.VM-01AI code and component testing is performedArt. 15Target6Current6Gap0AII.VM-02AI runtime testing is performedArt. 9; Art. 15Target7Current7Gap0AII.VM-03AI red teaming is performed for in-scope AI systemsArt. 9; Art. 15; Art. 55(1)(d)Target6Current6Gap0AII.VM-04AI vulnerabilities are trackedArt. 15; Art. 72Target6Current5Gap1AII.VM-05AI bug bounty or coordinated vulnerability disclosure is…Art. 73Target6Current6Gap0AII.VM-06A versioned security evaluation suite gates promotion of AI…Art. 9; Art. 15; Art. 17; Art. 72Target7Current2Gap5AII.OP-01AI release and deployment processes apply secure release…Art. 16; Art. 17; Art. 26; Art. 43Target6Current6Gap0AII.OP-02Runtime AI protection is appliedArt. 14; Art. 15; Art. 26Target6Current6Gap0AII.OP-03AI systems are monitoredArt. 12; Art. 15; Art. 26; Art. 72Target7Current6Gap1AII.OP-04AI incident response procedures are documented and…Art. 26; Art. 73Target7Current7Gap0AII.OP-05AI system BCP / DR procedures are documented and maintainedArt. 15Target6Current6Gap0AII.OP-06AI system decommissioning and end-of-life procedures…Art. 16; Art. 17; Art. 26Target6Current5Gap1AII.OP-07AI-generated content transparency and provenance…Art. 50; Recital 133Target6Current1Gap5AII.AG-01Agent authorisation scope is documented and enforcedArt. 14; Art. 26Target6Current4Gap2AII.AG-02Human-in-the-loop authorisation is applied to sensitive…Art. 14; Art. 22; Art. 26Target6Current5Gap1AII.AG-03Agent activity is logged at action granularityArt. 12; Art. 26Target7Current7Gap0AII.AG-04Agent defences against prompt injectionArt. 15; Art. 26Target6Current5Gap1AII.AG-05Agent frameworks, orchestration, and MCP implementations…Art. 15Target7Current7Gap0AII.AG-06Emergency suspension and revocation capability for in-house…Art. 14(4); Art. 15Target7Current1Gap6AII.TA-01AI security training is provided to AI developmentArt. 4; Art. 26Target6Current6Gap0AII.TA-02An AI Security Champion programme is operated to designateArt. 4; Art. 26Target6Current5Gap1AII.US-01Approved in-house AI tools and use cases are defined and…Art. 5; Art. 26Target6Current5Gap1AII.US-02Data exposure to in-house AI tools is governed per AI…Art. 26Target6Current5Gap1AII.US-03AI tool output handling and verification requirements are…Art. 14; Art. 26; Art. 50Target6Current6Gap0AII.US-04Authentication and account hygiene for in-house AI tools is…Art. 26Target6Current5Gap1

EU GDPR 162

EU General Data Protection Regulation - personal data protection law.

Mapped Controls
162
Avg Current
5.77
Avg Target
6.22
Avg Gap
0.44
Controls Below Target
57
GOV.OC-02Internal and external issues relevant to information…Art. 24Target6Current6Gap0GOV.OC-03Interested partiesArt. 13; Art. 14; Art. 28Target6Current6Gap0GOV.OC-04Critical dependencies and mission-critical capabilities are…Art. 32(1)(b)Target6Current6Gap0GOV.LE-01A legal, statutory, regulatory, and contractual…Art. 5; Art. 24; Art. 37 (DPO)Target6Current6Gap0GOV.LE-02Regulatory engagementArt. 33; Art. 34; Art. 36Target6Current6Gap0GOV.LE-04Records and information lifecycle obligationsArt. 5(1)(e); Art. 17; Art. 30Target6Current6Gap0GOV.RM-01Information security risk management methodology and…Art. 32Target6Current6Gap0GOV.RM-03Information security risks are identifiedArt. 24; Art. 32; Art. 35Target6Current6Gap0GOV.RM-04Risk treatment optionsArt. 24; Art. 32Target6Current6Gap0GOV.RR-02Information security roles and responsibilities for Company…Art. 32(4)Target6Current6Gap0GOV.RR-04Personnel screening commensurate with role sensitivity is…Art. 6; Art. 9; Art. 10Target6Current6Gap0GOV.RR-05Confidentiality and non-disclosure obligations are…Art. 28; Art. 32(4)Target6Current6Gap0GOV.RR-08A cross-functional AI governance forum is established with…Art. 24; Art. 37–39Target6Current2Gap4GOV.PO-01Information security policy architectureArt. 24(2)Target6Current6Gap0GOV.RE-01Information security resourcing requirementsArt. 32; Art. 38Target6Current6Gap0GOV.OV-01Information security key performance and key risk…Art. 32Target6Current6Gap0GOV.OV-02ISMS performance is evaluated against defined objectivesArt. 32(1)(d)Target6Current6Gap0GOV.OV-05Continual improvement of the ISMS is governed through…Art. 32(1)(d)Target7Current6Gap1GOV.AC-02Independent reviews of information security are conducted…Art. 32(1)(d); Art. 39(1)(b)Target6Current5Gap1GOV.AC-03External audits and certification assessmentsArt. 39(1)(b); Art. 58Target6Current6Gap0IDE.DI-01Data inventory and records of processing policyArt. 5; Art. 24; Art. 30Target6Current6Gap0IDE.DI-02Data assets are inventoried by categoryArt. 5; Art. 24; Art. 30Target6Current6Gap0IDE.DI-03Personal data and special-category data are identifiedArt. 6; Art. 8; Art. 9; Art. 10Target6Current5Gap1IDE.DI-04Records of processing activitiesArt. 28; Art. 30; Art. 37; Art. 39Target6Current6Gap0IDE.DI-05Data flows across the asset estateArt. 28; Art. 30; Art. 44; Art. 45; Art. 46; Art. 47; Art. 49Target6Current5Gap1IDE.DI-06Data discovery activities are performed to detect…Art. 5; Art. 32Target6Current5Gap1IDE.BI-02Critical business functions and the assetsArt. 32(1)(b)Target6Current6Gap0IDE.BI-04Business impact tolerancesArt. 32(1)(b); Art. 32(1)(c)Target6Current6Gap0IDE.RA-01The information security risk assessment programmeArt. 32(1)Target6Current6Gap0IDE.RA-03Information security risks are analysed for likelihood and…Art. 32(1); Art. 32(2)Target7Current7Gap0IDE.RA-04Project-level, change-level, and onboarding-level risk…Art. 35; Art. 36Target6Current5Gap1IDE.SC-01Supply chain risk management policyArt. 28Target6Current6Gap0IDE.SC-03Pre-engagement supplier due diligenceArt. 28(1)Target6Current6Gap0IDE.SC-04Supplier contracts and onboarding establish information…Art. 28(3); Art. 28(4); Art. 32Target7Current7Gap0IDE.SC-05Supplier security posture is monitored throughout the…Art. 28(3)(h)Target7Current7Gap0IDE.SC-06Supplier termination and offboarding are governed by…Art. 28(3)(g)Target6Current5Gap1PRO.AA-01Identity and access management policyArt. 32(4)Target6Current6Gap0PRO.AA-03Authentication mechanisms are commensurate with sensitivityArt. 32(1)(b)Target6Current6Gap0PRO.AA-04Access is granted on the principles of least privilege and…Art. 5(1)(f); Art. 32(4)Target6Current5Gap1PRO.AA-05Privileged access is governed under additional safeguardsArt. 32(4)Target6Current5Gap1PRO.AA-06Federated identityArt. 28; Art. 32(4)Target7Current7Gap0PRO.AA-07Authentication credentialsArt. 32(1)(b)Target7Current6Gap1PRO.DS-01Data security policyArt. 5; Art. 25; Art. 32Target6Current6Gap0PRO.DS-02Data handling requirements per classificationArt. 5(1)(f); Art. 32Target6Current5Gap1PRO.DS-03Data at rest is protected through encryption proportionate…Art. 32(1)(a)Target6Current6Gap0PRO.DS-04Data in transit is protected through encryption…Art. 32(1)(a)Target6Current6Gap0PRO.DS-05Data leakage prevention is applied across endpointsArt. 5(1)(f); Art. 32Target6Current6Gap0PRO.DS-06Data masking, pseudonymisation, and tokenisation are…Art. 4(5); Art. 25; Art. 32(1)(a)Target6Current6Gap0PRO.DS-07Data retention, archival, and lawful disposal are governed…Art. 5(1)(e); Art. 17; Art. 30Target7Current7Gap0PRO.DS-08Data backup is performedArt. 32(1)(b); Art. 32(1)(c)Target6Current5Gap1PRO.CR-01Cryptography policyArt. 32(1)(a)Target6Current6Gap0PRO.CR-02Cryptographic algorithmsArt. 32(1)(a)Target6Current6Gap0PRO.CR-03Key management — generation, storage, distribution…Art. 32(1)(a)Target6Current6Gap0PRO.CR-05Cryptographic agility and post-quantum readiness are…Art. 32(1)(a); Art. 32(2)Target6Current6Gap0PRO.EM-03Email protocol-level safeguardsArt. 32(1)(a)Target6Current6Gap0PRO.EP-04Endpoint encryption is applied to in-scope devices…Art. 32(1)(a)Target7Current7Gap0PRO.IR-08Resilience mechanismsArt. 32(1)(b); Art. 32(1)(c)Target6Current6Gap0PRO.VM-02Vulnerability discoveryArt. 32(1)(d)Target6Current6Gap0PRO.VM-04Vulnerabilities are remediated through patchingArt. 32(1)(d)Target6Current5Gap1PRO.TA-02General information security training is provided to all…Art. 32(4); Art. 39(1)(b)Target6Current5Gap1PRO.TA-03Role-specific information security training is provided to…Art. 39(1)(b)Target6Current5Gap1DET.GV-04Detection effectivenessArt. 32(1)(d)Target6Current6Gap0DET.LM-04Log integrity is protectedArt. 5(2); Art. 32(1)(b)Target6Current6Gap0DET.LM-05Sensitive data accessArt. 32(1)(b); Art. 32(4)Target7Current6Gap1DET.CM-04Data, application, and messaging monitoring captures DLP…Art. 32(1)(b); Art. 32(1)(d)Target7Current7Gap0DET.CM-06Insider threat and user behaviour analytics monitor for…Art. 5(1)(c); Art. 32(1)(b); Art. 88Target6Current6Gap0DET.DE-04Detection content effectivenessArt. 32(1)(d)Target7Current7Gap0DET.EA-03Investigation procedures define evidence handlingArt. 32(1)(b); Art. 88Target6Current6Gap0DET.EA-04Confirmed incidents are escalated to incident response per…Art. 33; Art. 34Target7Current7Gap0RES.GV-03Stakeholder engagement frameworkArt. 33; Art. 34Target6Current6Gap0RES.PR-04Exercises — tabletop, technical, full simulation — are…Art. 32(1)(d)Target6Current6Gap0RES.IR-01Incidents are declaredArt. 33; Art. 34Target6Current6Gap0RES.IR-06Specialty incident classesArt. 33; Art. 34Target7Current6Gap1RES.AN-01Forensic analysis and evidence handling are performed under…Art. 33(3)Target6Current6Gap0RES.AN-02Incident scope, impact, and affected assets are determined…Art. 33(3)Target6Current6Gap0RES.IC-02Regulatory notificationsArt. 33; Art. 34; Art. 36Target7Current7Gap0RES.IC-03Customer notification and engagement are conducted where…Art. 34Target6Current6Gap0RES.LL-02Programme-level effectivenessArt. 32(1)(d)Target6Current6Gap0RES.LL-03Improvement actions are tracked to closure and feed…Art. 32(1)(d)Target7Current7Gap0REC.GV-03Stakeholder engagement frameworkArt. 33; Art. 34Target6Current6Gap0REC.RP-01Recovery strategies and plansArt. 32(1)(b); Art. 32(1)(c)Target6Current6Gap0REC.RP-02Recovery tooling and infrastructureArt. 32(1)(b); Art. 32(1)(c)Target7Current6Gap1REC.RP-04Recovery exercisesArt. 32(1)(d)Target7Current6Gap1REC.RO-01Recovery is initiated under defined criteria with…Art. 32(1)(c)Target6Current6Gap0REC.RO-03System, data, and service restoration are executed under…Art. 32(1)(b); Art. 32(1)(c)Target6Current6Gap0REC.RO-04Specialty recovery scenariosArt. 32(1)(b); Art. 32(1)(c)Target6Current6Gap0REC.RV-01Pre-recovery validationArt. 32(1)(b); Art. 32(1)(c)Target6Current6Gap0REC.RV-02Post-restoration integrity verificationArt. 32(1)(b); Art. 32(1)(c)Target6Current6Gap0REC.RC-02Regulatory communications during recoveryArt. 33; Art. 33(4); Art. 34Target7Current7Gap0REC.RC-03Customer communication and service-restoration updates are…Art. 34Target6Current6Gap0REC.LL-02Programme-level effectivenessArt. 32(1)(d)Target6Current6Gap0REC.LL-03Improvement actions are tracked to closure and feed…Art. 32(1)(d)Target7Current7Gap0APS.GV-01AppSec policies are documentedArt. 24(2); Art. 25Target6Current6Gap0APS.GV-02AppSec procedures are documentedArt. 32(1)Target6Current5Gap1APS.GV-04AppSec compliance with policiesArt. 24(2)Target6Current5Gap1APS.AM-04Application data flows and integrations are documentedArt. 30; Art. 44-50 (cross-border transfers)Target6Current6Gap0APS.DS-01Security requirements are defined for applications based on…Art. 24; Art. 25; Art. 32Target6Current5Gap1APS.DS-04Privacy by design and Data Protection Impact Assessments…Art. 25; Art. 35; Art. 36Target6Current5Gap1APS.SD-02Cryptography is applied to protect data within applications…Art. 32(1)(a)Target6Current5Gap1APS.SD-09Security logging and monitoring are implemented (OWASP C9)…Art. 32(1)(d); Art. 33 (log evidence for breach notification)Target6Current6Gap0APS.OP-03AppSec incident response procedures are documented and…Art. 33; Art. 34Target6Current5Gap1APS.OP-05Application decommissioning and end-of-life procedures…Art. 5(1)(e); Art. 17Target7Current7Gap0AIT.GV-01Third-Party AI policies are documentedArt. 24; Art. 25Target6Current6Gap0AIT.GV-02Third-Party AI procedures are documentedArt. 32(1)Target6Current6Gap0AIT.GV-03Vendor responsibility frameworkArt. 24; Art. 28Target6Current6Gap0AIT.GV-04Third-Party AI compliance with policiesArt. 24(2); Art. 35 (DPIA where personal data processed)Target6Current5Gap1AIT.VR-01Third-party AI vendors are evaluated against the Vendor…Art. 28Target6Current6Gap0AIT.VR-02Information security requirements are included in…Art. 28Target7Current7Gap0AIT.VR-03Vendor sub-processors and AI supply chain are identified…Art. 28(2); Art. 28(4)Target6Current6Gap0AIT.VR-04Vendor security and ethical posture is reassessed at…Art. 28Target6Current6Gap0AIT.AM-01Third-party AI tools and services are inventoriedArt. 30Target6Current4Gap2AIT.AM-02Third-party AI assets are classified and tagged with AI…Art. 35Target6Current4Gap2AIT.AM-03Shadow AI — unauthorised third-party AI use — is detected…Art. 24; Art. 32Target6Current4Gap2AIT.AM-04Embedded AI capabilities within existing SaaS suppliers are…Art. 28; Art. 32Target6Current4Gap2AIT.AG-01Agentic AI tool authorisation scope is documented and…Art. 22; Art. 25Target6Current6Gap0AIT.AG-02Human-in-the-loop authorisation is applied to sensitive…Art. 22Target6Current4Gap2AIT.AG-03Agentic AI activity is logged at action granularityArt. 30; Art. 32Target7Current5Gap2AIT.AG-04Agentic AI prompt injectionArt. 32Target6Current6Gap0AIT.AG-05Agentic AI vendor selection follows elevated criteriaArt. 28Target7Current5Gap2AIT.US-01Approved third-party AI toolsArt. 24Target6Current5Gap1AIT.US-02Data exposure to third-party AI tools is governed per AI…Art. 5; Art. 6; Art. 28; Art. 32Target7Current6Gap1AIT.US-03AI tool output handling and verification requirements are…Art. 22Target6Current6Gap0AIT.US-04Personal and company account separation is enforced for…Art. 32Target6Current6Gap0AIT.MO-01Third-party AI usage telemetry is collected and analysedArt. 32Target6Current6Gap0AIT.MO-02Third-party AI provider security postureArt. 28Target6Current5Gap1AIT.MO-03Vendor business, ethical, and regulatory changes are…Art. 28Target7Current7Gap0AIT.MO-04Anomalous usage patterns and abuse indicators are detectedArt. 32Target6Current6Gap0AIT.IR-01Third-party AI-specific incident response playbooks are…Art. 33; Art. 34Target6Current6Gap0AIT.IR-02Third-party AI incidents are escalated and managed per the…Art. 33; Art. 34Target6Current5Gap1AIT.IR-03Vendor-initiated breach and security notifications are…Art. 28; Art. 33Target7Current7Gap0AIT.RT-01Third-party AI tool retirement is performed when approval…Art. 28(3)(g)Target7Current6Gap1AIT.RT-02Data return, deletion, and account closure are verified at…Art. 17; Art. 28(3)(g)Target7Current7Gap0AIT.RT-03Retirement outcomes inform Vendor Responsibility Framework…Art. 24(2)Target6Current5Gap1AII.GV-01AI security policies are documentedArt. 24; Art. 25Target6Current6Gap0AII.GV-02AI security procedures are documentedArt. 32(1)Target6Current6Gap0AII.GV-04AI security compliance with policiesArt. 24(2); Art. 35Target6Current5Gap1AII.AM-01In-house AI systems are inventoried and classifiedArt. 30Target6Current5Gap1AII.AM-03Training datasets and AI data assets are inventoriedArt. 5; Art. 6; Art. 30; Art. 32Target6Current5Gap1AII.AM-05AI data flows and integrations are documentedArt. 30; Art. 44-50Target6Current5Gap1AII.DS-01AI security requirements are defined based on AI risk and…Art. 24; Art. 25; Art. 32Target7Current6Gap1AII.DS-04Privacy by Design and Data Protection Impact Assessments…Art. 25; Art. 35; Art. 36Target7Current7Gap0AII.SD-01Training data security and integrity controls are appliedArt. 5; Art. 6; Art. 32Target7Current6Gap1AII.SD-02Model training and fine-tuning security controls are…Art. 32Target6Current6Gap0AII.SD-04Inference input validation and output handling are appliedArt. 22Target6Current6Gap0AII.SD-08AI-specific secrets and credentials are managedArt. 32Target6Current6Gap0AII.SC-01AI components, models, and dependencies are inventoried and…Art. 30Target7Current6Gap1AII.SC-02Base model and pre-trained model selection follows defined…Art. 28Target6Current6Gap0AII.SC-03Training dataset provenance and licensing are verified…Art. 5; Art. 6; Art. 28Target6Current5Gap1AII.OP-02Runtime AI protection is appliedArt. 32Target6Current6Gap0AII.OP-03AI systems are monitoredArt. 32Target7Current6Gap1AII.OP-04AI incident response procedures are documented and…Art. 33; Art. 34Target7Current7Gap0AII.OP-05AI system BCP / DR procedures are documented and maintainedArt. 32Target6Current6Gap0AII.OP-06AI system decommissioning and end-of-life procedures…Art. 5(1)(e); Art. 17Target6Current5Gap1AII.OP-07AI-generated content transparency and provenance…Art. 5(1)(a); Art. 13; Art. 14Target6Current1Gap5AII.AG-01Agent authorisation scope is documented and enforcedArt. 22; Art. 25Target6Current4Gap2AII.AG-02Human-in-the-loop authorisation is applied to sensitive…Art. 22Target6Current5Gap1AII.AG-03Agent activity is logged at action granularityArt. 30; Art. 32Target7Current7Gap0AII.AG-04Agent defences against prompt injectionArt. 32Target6Current5Gap1AII.US-01Approved in-house AI tools and use cases are defined and…Art. 24Target6Current5Gap1AII.US-02Data exposure to in-house AI tools is governed per AI…Art. 5; Art. 6; Art. 28; Art. 32Target6Current5Gap1AII.US-03AI tool output handling and verification requirements are…Art. 22Target6Current6Gap0AII.US-04Authentication and account hygiene for in-house AI tools is…Art. 32Target6Current5Gap1

NIS 2 341

NIS 2 Directive (EU 2022/2555) - cybersecurity baseline for essential and important entities.

Mapped Controls
341
Avg Current
5.76
Avg Target
6.22
Avg Gap
0.46
Controls Below Target
115
GOV.OC-01ISMS scope is definedArt. 21(1)Target6Current6Gap0GOV.OC-02Internal and external issues relevant to information…Art. 21(1)Target6Current6Gap0GOV.OC-03Interested partiesArt. 21(1); Art. 23Target6Current6Gap0GOV.OC-04Critical dependencies and mission-critical capabilities are…Art. 21(1); Art. 21(2)(c)Target6Current6Gap0GOV.LE-01A legal, statutory, regulatory, and contractual…Art. 21(1)Target6Current6Gap0GOV.LE-02Regulatory engagementArt. 23Target6Current6Gap0GOV.LE-03Intellectual property rightsArt. 21(1)Target6Current5Gap1GOV.LE-04Records and information lifecycle obligationsArt. 21(1)Target6Current6Gap0GOV.RM-01Information security risk management methodology and…Art. 21(2)(a)Target6Current6Gap0GOV.RM-02Information security risk appetite and risk tolerance are…Art. 20; Art. 21(2)(a)Target6Current6Gap0GOV.RM-03Information security risks are identifiedArt. 21(2)(a)Target6Current6Gap0GOV.RM-04Risk treatment optionsArt. 21(2)(a)Target6Current6Gap0GOV.RM-05Information security risk management is integrated with…Art. 20; Art. 21(1)Target6Current6Gap0GOV.RR-01Information security leadershipArt. 20Target6Current6Gap0GOV.RR-02Information security roles and responsibilities for Company…Art. 21(2)(g)Target6Current6Gap0GOV.RR-03Segregation of duties for security-sensitive activities is…Art. 21(2)(i)Target6Current5Gap1GOV.RR-04Personnel screening commensurate with role sensitivity is…Art. 21(2)(i)Target6Current6Gap0GOV.RR-05Confidentiality and non-disclosure obligations are…Art. 21(2)(i)Target6Current6Gap0GOV.RR-06Workforce conduct expectations and the disciplinary process…Art. 21(2)(i)Target6Current6Gap0GOV.RR-07Personnel onboardingArt. 21(2)(i)Target6Current5Gap1GOV.RR-08A cross-functional AI governance forum is established with…Art. 20; Art. 21(2)(i)Target6Current2Gap4GOV.PO-01Information security policy architectureArt. 21(2)(a)Target6Current6Gap0GOV.PO-02Information security policies and supporting documents are…Art. 21(2)(a)Target6Current6Gap0GOV.PO-03Information security policies are communicated to personnel…Art. 21(2)(a); Art. 21(2)(g)Target6Current6Gap0GOV.PO-04Exceptions to information security policies are formally…Art. 21(2)(a)Target6Current6Gap0GOV.RE-01Information security resourcing requirementsArt. 20; Art. 21(1)Target6Current6Gap0GOV.RE-02Competence requirements for information security personnel…Art. 20; Art. 21(2)(g)Target6Current6Gap0GOV.RE-03External expertiseArt. 21(2)(d)Target6Current6Gap0GOV.OV-01Information security key performance and key risk…Art. 21(1)Target6Current6Gap0GOV.OV-02ISMS performance is evaluated against defined objectivesArt. 20; Art. 21(1)Target6Current6Gap0GOV.OV-03Board of Directors and Executive Team are updated on…Art. 20Target6Current5Gap1GOV.OV-04Management review of the ISMS is conducted at defined…Art. 20; Art. 21(1)Target6Current6Gap0GOV.OV-05Continual improvement of the ISMS is governed through…Art. 21(1)Target7Current6Gap1GOV.OV-06Per-Control maturity is scored against the Company's…Art. 21(1)Target7Current7Gap0GOV.AC-01Internal audit programme for the ISMS is established with…Art. 21(1)Target6Current6Gap0GOV.AC-02Independent reviews of information security are conducted…Art. 21(1)Target6Current5Gap1GOV.AC-03External audits and certification assessmentsArt. 21(1); Art. 24Target6Current6Gap0GOV.AC-04Audit findings, observations, and recommendations are…Art. 21(1)Target6Current6Gap0IDE.AM-01Asset management policyArt. 21(2)(i)Target6Current6Gap0IDE.AM-02Assets are classified using the Company's classification…Art. 21(2)(i)Target6Current6Gap0IDE.AM-03Service assets — including domain management, cloud…Art. 21(2)(i)Target6Current5Gap1IDE.AM-04Application assetsArt. 21(2)(i)Target6Current5Gap1IDE.AM-05Network assets — including network components, segments…Art. 21(2)(i)Target6Current6Gap0IDE.AM-06Endpoint assets — including company-managed devices — are…Art. 21(2)(i)Target6Current6Gap0IDE.AM-07Asset integrationsArt. 21(2)(i)Target6Current4Gap2IDE.AM-08Assets are managed throughout their lifecycleArt. 21(2)(i)Target6Current6Gap0IDE.DI-01Data inventory and records of processing policyArt. 21(2)(i)Target6Current6Gap0IDE.DI-02Data assets are inventoried by categoryArt. 21(2)(i)Target6Current6Gap0IDE.DI-03Personal data and special-category data are identifiedArt. 21(2)(i)Target6Current5Gap1IDE.DI-04Records of processing activitiesArt. 21(2)(i)Target6Current6Gap0IDE.DI-05Data flows across the asset estateArt. 21(2)(i)Target6Current5Gap1IDE.DI-06Data discovery activities are performed to detect…Art. 21(2)(i)Target6Current5Gap1IDE.BI-01Business impact analysis policyArt. 21(2)(c)Target6Current6Gap0IDE.BI-02Critical business functions and the assetsArt. 21(2)(c)Target6Current6Gap0IDE.BI-03Crown-jewel assetsArt. 21(2)(c); Art. 21(2)(e)Target6Current6Gap0IDE.BI-04Business impact tolerancesArt. 21(2)(c)Target6Current6Gap0IDE.BI-05Business impact analysis outputs inform protection…Art. 21(2)(c); Art. 21(2)(f)Target6Current6Gap0IDE.ES-01External attack surface management policyArt. 21(2)(e); Art. 21(2)(i)Target6Current6Gap0IDE.ES-02Internet-exposed assetsArt. 21(2)(i)Target7Current6Gap1IDE.ES-03Shadow IT and unmanaged assets are detected and reconciled…Art. 21(2)(i)Target6Current6Gap0IDE.ES-04Brand-related external exposureArt. 21(2)(e); Art. 21(2)(i)Target6Current4Gap2IDE.ES-05External attack surface findings are prioritisedArt. 21(2)(e)Target7Current6Gap1IDE.RA-01The information security risk assessment programmeArt. 21(2)(a)Target6Current6Gap0IDE.RA-02Threat inputs from IDE.TMArt. 21(2)(a); Art. 21(2)(e)Target7Current6Gap1IDE.RA-03Information security risks are analysed for likelihood and…Art. 21(2)(a)Target7Current7Gap0IDE.RA-04Project-level, change-level, and onboarding-level risk…Art. 21(2)(a); Art. 21(2)(d)Target6Current5Gap1IDE.RA-05Risk assessment outputs are recordedArt. 21(2)(a)Target7Current7Gap0IDE.TM-01Threat management policyArt. 21(2)(e); Art. 29Target6Current6Gap0IDE.TM-02External and internal threat intelligence is collected from…Art. 21(2)(e); Art. 29Target6Current4Gap2IDE.TM-03The threat landscape and threat actor profile relevant to…Art. 21(2)(e); Art. 29Target6Current6Gap0IDE.TM-04AI-specific threat intelligence sourcesArt. 21(2)(e)Target6Current4Gap2IDE.TM-05Threat intelligence outputs are disseminated to risk…Art. 21(2)(e); Art. 29Target7Current5Gap2IDE.SC-01Supply chain risk management policyArt. 21(2)(d)Target6Current6Gap0IDE.SC-02Suppliers and other third parties are inventoriedArt. 21(2)(d)Target7Current7Gap0IDE.SC-03Pre-engagement supplier due diligenceArt. 21(2)(d)Target6Current6Gap0IDE.SC-04Supplier contracts and onboarding establish information…Art. 21(2)(d)Target7Current7Gap0IDE.SC-05Supplier security posture is monitored throughout the…Art. 21(2)(d)Target7Current7Gap0IDE.SC-06Supplier termination and offboarding are governed by…Art. 21(2)(d)Target6Current5Gap1IDE.SC-07Supply chain risk management outcomes inform improvement of…Art. 21(2)(d); Art. 21(2)(f)Target7Current7Gap0PRO.AA-01Identity and access management policyArt. 21(2)(i)Target6Current6Gap0PRO.AA-02Identities are managed throughout their lifecycleArt. 21(2)(i)Target7Current7Gap0PRO.AA-03Authentication mechanisms are commensurate with sensitivityArt. 21(2)(j)Target6Current6Gap0PRO.AA-04Access is granted on the principles of least privilege and…Art. 21(2)(i)Target6Current5Gap1PRO.AA-05Privileged access is governed under additional safeguardsArt. 21(2)(i); Art. 21(2)(j)Target6Current5Gap1PRO.AA-06Federated identityArt. 21(2)(d); Art. 21(2)(i)Target7Current7Gap0PRO.AA-07Authentication credentialsArt. 21(2)(j)Target7Current6Gap1PRO.DS-01Data security policyArt. 21(2)(h); Art. 21(2)(i)Target6Current6Gap0PRO.DS-02Data handling requirements per classificationArt. 21(2)(i)Target6Current5Gap1PRO.DS-03Data at rest is protected through encryption proportionate…Art. 21(2)(h)Target6Current6Gap0PRO.DS-04Data in transit is protected through encryption…Art. 21(2)(h); Art. 21(2)(j)Target6Current6Gap0PRO.DS-05Data leakage prevention is applied across endpointsArt. 21(2)(i)Target6Current6Gap0PRO.DS-06Data masking, pseudonymisation, and tokenisation are…Art. 21(2)(h)Target6Current6Gap0PRO.DS-07Data retention, archival, and lawful disposal are governed…Art. 21(2)(i)Target7Current7Gap0PRO.DS-08Data backup is performedArt. 21(2)(c)Target6Current5Gap1PRO.CR-01Cryptography policyArt. 21(2)(h)Target6Current6Gap0PRO.CR-02Cryptographic algorithmsArt. 21(2)(h)Target6Current6Gap0PRO.CR-03Key management — generation, storage, distribution…Art. 21(2)(h)Target6Current6Gap0PRO.CR-04Public key infrastructure and digital certificates are…Art. 21(2)(h)Target6Current6Gap0PRO.CR-05Cryptographic agility and post-quantum readiness are…Art. 21(2)(h)Target6Current6Gap0PRO.PS-01Platform and configuration security policyArt. 21(2)(e); Art. 21(2)(i)Target6Current6Gap0PRO.PS-02Operating system and platform configurations are hardened…Art. 21(2)(e); Art. 21(2)(i)Target6Current6Gap0PRO.PS-03Cloud platform and SaaS configurations are governed under…Art. 21(2)(e); Art. 21(2)(i)Target6Current5Gap1PRO.PS-04Software installationArt. 21(2)(e); Art. 21(2)(i)Target6Current6Gap0PRO.PS-05Configuration changes to platforms and infrastructure are…Art. 21(2)(e); Art. 21(2)(i)Target6Current6Gap0PRO.PS-06Anti-malware and platform-level threat protection are…Art. 21(2)(e); Art. 21(2)(i)Target6Current6Gap0PRO.NS-01Network security policyArt. 21(2)(e); Art. 21(2)(i)Target6Current6Gap0PRO.NS-02Network segmentation isolates environmentsArt. 21(2)(e); Art. 21(2)(i)Target6Current4Gap2PRO.NS-03Perimeter protectionArt. 21(2)(e); Art. 21(2)(i)Target7Current7Gap0PRO.NS-04Domain Name SystemArt. 21(2)(e); Art. 21(2)(i)Target6Current6Gap0PRO.NS-05Remote access and VPN are governed under defined standardsArt. 21(2)(i); Art. 21(2)(j)Target6Current6Gap0PRO.EM-01Email and messaging security policyArt. 21(2)(e); Art. 21(2)(j)Target6Current5Gap1PRO.EM-02Email security serviceArt. 21(2)(e); Art. 21(2)(j)Target6Current5Gap1PRO.EM-03Email protocol-level safeguardsArt. 21(2)(h); Art. 21(2)(j)Target6Current6Gap0PRO.EM-04Messaging and collaboration platform securityArt. 21(2)(e); Art. 21(2)(i); Art. 21(2)(j)Target6Current5Gap1PRO.EM-05Impersonation, lookalike-domain, and brand-related email…Art. 21(2)(e); Art. 21(2)(j)Target7Current7Gap0PRO.EP-01Endpoint security policyArt. 21(2)(e); Art. 21(2)(i)Target6Current6Gap0PRO.EP-02Endpoint protectionArt. 21(2)(e)Target6Current5Gap1PRO.EP-03Mobile device management is applied to company-managed and…Art. 21(2)(i); Art. 21(2)(j)Target6Current4Gap2PRO.EP-04Endpoint encryption is applied to in-scope devices…Art. 21(2)(h)Target7Current7Gap0PRO.EP-05Endpoint lifecycleArt. 21(2)(i)Target7Current6Gap1PRO.IR-01Physical and environmental protection policyArt. 21(2)(c); Art. 21(2)(i)Target6Current6Gap0PRO.IR-02Physical access to facilitiesArt. 21(2)(i)Target7Current7Gap0PRO.IR-03Environmental threatsArt. 21(2)(c)Target6Current4Gap2PRO.IR-04Equipment siting, maintenance, and supporting utilities are…Art. 21(2)(c); Art. 21(2)(d)Target6Current6Gap0PRO.IR-05Remote working and offsite use of Company assets are…Art. 21(2)(g); Art. 21(2)(i)Target6Current6Gap0PRO.IR-06Clear desk, clear screen, and storage media handling are…Art. 21(2)(i)Target7Current7Gap0PRO.IR-07Infrastructure capacity and resource adequacy are monitoredArt. 21(2)(c); Art. 21(2)(i)Target6Current4Gap2PRO.IR-08Resilience mechanismsArt. 21(2)(c)Target6Current6Gap0PRO.VM-01Vulnerability management policyArt. 21(2)(e)Target6Current6Gap0PRO.VM-02Vulnerability discoveryArt. 21(2)(e)Target6Current6Gap0PRO.VM-03Vulnerabilities are prioritised based on severityArt. 21(2)(e)Target7Current7Gap0PRO.VM-04Vulnerabilities are remediated through patchingArt. 21(2)(e)Target6Current5Gap1PRO.VM-05Vulnerability exceptions are formally requestedArt. 21(2)(e)Target7Current6Gap1PRO.VM-06Coordinated vulnerability disclosure and external…Art. 12; Art. 21(2)(e); Art. 23Target6Current6Gap0PRO.TA-01Training and awareness policyArt. 20(2); Art. 21(2)(g)Target6Current6Gap0PRO.TA-02General information security training is provided to all…Art. 21(2)(g)Target6Current5Gap1PRO.TA-03Role-specific information security training is provided to…Art. 20(2); Art. 21(2)(g)Target6Current5Gap1PRO.TA-04Phishing and social engineering simulation programmes are…Art. 21(2)(g)Target6Current4Gap2PRO.TA-05Security champion networks are established across functions…Art. 21(2)(g)Target6Current5Gap1PRO.TA-06Training effectiveness is measuredArt. 21(2)(g)Target6Current4Gap2DET.GV-01Detection and monitoring policyArt. 21(2)(b); Art. 21(2)(e)Target6Current6Gap0DET.GV-02Detection capabilityArt. 21(2)(b); Art. 21(2)(e)Target6Current5Gap1DET.GV-03Detection coverage is mapped against MITRE ATT&CK…Art. 21(2)(e)Target6Current6Gap0DET.GV-04Detection effectivenessArt. 21(2)(e); Art. 21(2)(f)Target6Current6Gap0DET.LM-01Logging policy, scope, and standards are documented…Art. 21(2)(b); Art. 21(2)(e)Target6Current6Gap0DET.LM-02Logs are generated across in-scope assets covering…Art. 21(2)(b); Art. 21(2)(e)Target7Current6Gap1DET.LM-03Logs are aggregated to a central platform with sufficient…Art. 21(2)(b); Art. 21(2)(e)Target6Current6Gap0DET.LM-04Log integrity is protectedArt. 21(2)(b); Art. 21(2)(e)Target6Current6Gap0DET.LM-05Sensitive data accessArt. 21(2)(i); Art. 21(2)(j)Target7Current6Gap1DET.CM-01Monitoring scope, signal sources, and tooling are defined…Art. 21(2)(b); Art. 21(2)(e)Target6Current6Gap0DET.CM-02Endpoint and identity monitoring captures EDRArt. 21(2)(b); Art. 21(2)(e); Art. 21(2)(i)Target7Current6Gap1DET.CM-03Network and cloud workload monitoring captures perimeterArt. 21(2)(b); Art. 21(2)(e)Target7Current7Gap0DET.CM-04Data, application, and messaging monitoring captures DLP…Art. 21(2)(b); Art. 21(2)(e); Art. 21(2)(j)Target7Current7Gap0DET.CM-05Physical and environmental monitoring captures facility…Art. 21(2)(c); Art. 21(2)(i)Target6Current6Gap0DET.CM-06Insider threat and user behaviour analytics monitor for…Art. 21(2)(b); Art. 21(2)(g); Art. 21(2)(i)Target6Current6Gap0DET.DE-01Detection content lifecycleArt. 21(2)(e)Target6Current6Gap0DET.DE-02Detection content is informed by threat intelligence per…Art. 21(2)(b); Art. 21(2)(e)Target6Current6Gap0DET.DE-03Detection content is version-controlledArt. 21(2)(e)Target6Current6Gap0DET.DE-04Detection content effectivenessArt. 21(2)(e); Art. 21(2)(f)Target7Current7Gap0DET.EA-01Alert triage processesArt. 21(2)(b); Art. 21(2)(e)Target6Current6Gap0DET.EA-02Alerts are correlated across signal sources to identify…Art. 21(2)(b); Art. 21(2)(e)Target6Current6Gap0DET.EA-03Investigation procedures define evidence handlingArt. 21(2)(b); Art. 23Target6Current6Gap0DET.EA-04Confirmed incidents are escalated to incident response per…Art. 21(2)(b); Art. 23Target7Current7Gap0DET.TH-01Threat hunting programmeArt. 21(2)(b); Art. 21(2)(e)Target6Current6Gap0DET.TH-02Hunts are informed by threat intelligence per IDE.TMArt. 21(2)(b); Art. 21(2)(e)Target6Current6Gap0DET.TH-03Hunt outcomes — confirmed threats, new detection content…Art. 21(2)(b); Art. 21(2)(e); Art. 21(2)(f)Target6Current5Gap1RES.GV-01Information Security incident response policyArt. 21(2)(b); Art. 23Target6Current6Gap0RES.GV-02Incident response capabilityArt. 21(2)(b)Target6Current6Gap0RES.GV-03Stakeholder engagement frameworkArt. 21(2)(b); Art. 23Target6Current6Gap0RES.PR-01Incident response plans and playbooksArt. 21(2)(b); Art. 23Target6Current5Gap1RES.PR-02Response tooling — forensic acquisition, investigation…Art. 21(2)(b)Target6Current6Gap0RES.PR-03Personnel competence for response roles is established and…Art. 21(2)(b); Art. 21(2)(g)Target6Current6Gap0RES.PR-04Exercises — tabletop, technical, full simulation — are…Art. 21(2)(b); Art. 21(2)(f)Target6Current6Gap0RES.PR-05External relationshipsArt. 21(2)(b); Art. 21(2)(d); Art. 23; Art. 29Target7Current7Gap0RES.IR-01Incidents are declaredArt. 21(2)(b); Art. 23Target6Current6Gap0RES.IR-02Incident leadership and cross-functional coordination are…Art. 20; Art. 21(2)(b)Target6Current6Gap0RES.IR-03Containment actions are executed to limit incident impact…Art. 21(2)(b)Target6Current6Gap0RES.IR-04Eradication actions remove the threat presence and restore…Art. 21(2)(b)Target6Current6Gap0RES.IR-05Recovery coordination with REC ensures restoration of…Art. 21(2)(b); Art. 21(2)(c)Target6Current6Gap0RES.IR-06Specialty incident classesArt. 21(2)(b); Art. 21(2)(d); Art. 23Target7Current6Gap1RES.AN-01Forensic analysis and evidence handling are performed under…Art. 21(2)(b)Target6Current6Gap0RES.AN-02Incident scope, impact, and affected assets are determined…Art. 21(2)(b); Art. 23Target6Current6Gap0RES.AN-03Root cause is identified and documented for material…Art. 21(2)(b); Art. 21(2)(f)Target7Current7Gap0RES.AN-04Threat actor attribution is assessed where evidence…Art. 21(2)(b); Art. 21(2)(e)Target7Current6Gap1RES.IC-01Internal communicationArt. 20; Art. 21(2)(b)Target6Current6Gap0RES.IC-02Regulatory notificationsArt. 21(2)(b); Art. 23Target7Current7Gap0RES.IC-03Customer notification and engagement are conducted where…Art. 21(2)(b); Art. 23Target6Current6Gap0RES.IC-04Supplier and third-party coordination is conducted where…Art. 21(2)(b); Art. 21(2)(d); Art. 23Target6Current6Gap0RES.IC-05Public communicationArt. 21(2)(b); Art. 23(7)Target6Current6Gap0RES.LL-01Post-incident reviews are conducted for material incidents…Art. 21(2)(b); Art. 21(2)(f)Target6Current6Gap0RES.LL-02Programme-level effectivenessArt. 21(2)(b); Art. 21(2)(f)Target6Current6Gap0RES.LL-03Improvement actions are tracked to closure and feed…Art. 21(2)(b); Art. 21(2)(f)Target7Current7Gap0REC.GV-01Recovery policy, procedures, and roles are documented…Art. 21(2)(c)Target6Current6Gap0REC.GV-02Recovery capabilityArt. 21(2)(c)Target6Current6Gap0REC.GV-03Stakeholder engagement frameworkArt. 21(2)(c); Art. 23Target6Current6Gap0REC.RP-01Recovery strategies and plansArt. 21(2)(c)Target6Current6Gap0REC.RP-02Recovery tooling and infrastructureArt. 21(2)(c)Target7Current6Gap1REC.RP-03Personnel competence for recovery roles is established and…Art. 21(2)(c); Art. 21(2)(g)Target6Current6Gap0REC.RP-04Recovery exercisesArt. 21(2)(c); Art. 21(2)(f)Target7Current6Gap1REC.RP-05External relationshipsArt. 21(2)(c); Art. 21(2)(d)Target6Current6Gap0REC.RO-01Recovery is initiated under defined criteria with…Art. 21(2)(c)Target6Current6Gap0REC.RO-02Recovery leadership and cross-functional coordination are…Art. 20; Art. 21(2)(c)Target6Current6Gap0REC.RO-03System, data, and service restoration are executed under…Art. 21(2)(c)Target6Current6Gap0REC.RO-04Specialty recovery scenariosArt. 21(2)(c); Art. 21(2)(d)Target6Current6Gap0REC.RV-01Pre-recovery validationArt. 21(2)(c)Target6Current6Gap0REC.RV-02Post-restoration integrity verificationArt. 21(2)(b); Art. 21(2)(c)Target6Current6Gap0REC.RV-03Heightened post-recovery monitoring is maintained for a…Art. 21(2)(b); Art. 21(2)(c)Target6Current5Gap1REC.RC-01Internal communicationArt. 20; Art. 21(2)(c)Target6Current6Gap0REC.RC-02Regulatory communications during recoveryArt. 21(2)(c); Art. 23Target7Current7Gap0REC.RC-03Customer communication and service-restoration updates are…Art. 21(2)(c)Target6Current6Gap0REC.RC-04Supplier and third-party coordination during recovery is…Art. 21(2)(c); Art. 21(2)(d)Target7Current6Gap1REC.RC-05Public communication and external messaging during recovery…Art. 21(2)(c); Art. 23(7)Target6Current6Gap0REC.LL-01Post-recovery reviews are conducted for material recoveries…Art. 21(2)(c); Art. 21(2)(f)Target6Current6Gap0REC.LL-02Programme-level effectivenessArt. 21(2)(c); Art. 21(2)(f)Target6Current6Gap0REC.LL-03Improvement actions are tracked to closure and feed…Art. 21(2)(c); Art. 21(2)(f)Target7Current7Gap0APS.GV-01AppSec policies are documentedArt. 21(1); Art. 21(2)(e)Target6Current6Gap0APS.GV-02AppSec procedures are documentedArt. 21(1); Art. 21(2)(e)Target6Current5Gap1APS.GV-03Secure Software Development Lifecycle (SDLC) standards are…Art. 21(2)(e)Target6Current6Gap0APS.GV-04AppSec compliance with policiesArt. 21(2)(f)Target6Current5Gap1APS.AM-01Applications are inventoried and classifiedArt. 21(2)(i)Target6Current6Gap0APS.AM-02Source code repositories are inventoriedArt. 21(2)(e); Art. 21(2)(i)Target6Current6Gap0APS.AM-03Secrets are inventoriedArt. 21(2)(h); Art. 21(2)(i)Target6Current5Gap1APS.AM-04Application data flows and integrations are documentedArt. 21(2)(i)Target6Current6Gap0APS.DS-01Security requirements are defined for applications based on…Art. 21(2)(e)Target6Current5Gap1APS.DS-02Threat modeling is performed iteratively for applications…Art. 21(2)(a); Art. 21(2)(e)Target7Current7Gap0APS.DS-03Security architecture reviews are performed for new…Art. 21(2)(e)Target6Current6Gap0APS.DS-04Privacy by design and Data Protection Impact Assessments…Art. 21(2)(e)Target6Current5Gap1APS.DS-05Secure design patterns and reusable security components are…Art. 21(2)(e)Target7Current7Gap0APS.SD-01Access control is applied to development assetsArt. 21(2)(i)Target7Current6Gap1APS.SD-02Cryptography is applied to protect data within applications…Art. 21(2)(h)Target6Current5Gap1APS.SD-03Input is validated and exceptions are handled securely…Art. 21(2)(e)Target7Current7Gap0APS.SD-04Security is addressed from the start of development (OWASP…Art. 21(2)(e)Target7Current6Gap1APS.SD-05Configurations are secure by default (OWASP C5) OWASP Top…Art. 21(2)(e)Target7Current7Gap0APS.SD-06Components are kept secure (OWASP C6) OWASP Top 10…Art. 21(2)(d); Art. 21(2)(e)Target7Current7Gap0APS.SD-07Digital identities are secured (OWASP C7) OWASP Top 10…Art. 21(2)(i); Art. 21(2)(j)Target6Current5Gap1APS.SD-08Browser security features are leveraged (OWASP C8) OWASP…Art. 21(2)(e)Target6Current6Gap0APS.SD-09Security logging and monitoring are implemented (OWASP C9)…Art. 21(2)(b); Art. 21(2)(i)Target6Current6Gap0APS.SD-10Server-side request forgery is prevented (OWASP C10) OWASP…Art. 21(2)(e); Art. 21(2)(i)Target6Current6Gap0APS.SD-11Secrets are sourced from secure secrets managementArt. 21(2)(h); Art. 21(2)(i)Target6Current6Gap0APS.SD-12Secure coding standards are documented and appliedArt. 21(2)(e)Target6Current6Gap0APS.SC-01Third-party components and dependencies are inventoried and…Art. 21(2)(d); Art. 21(2)(e)Target7Current6Gap1APS.SC-02Third-party component selection follows defined security…Art. 21(2)(d)Target6Current5Gap1APS.SC-03Build pipeline and deployment infrastructure integrity and…Art. 21(2)(d); Art. 21(2)(e); Art. 21(2)(i)Target7Current5Gap2APS.SC-04Container images and registries are managed for security…Art. 21(2)(d); Art. 21(2)(e)Target6Current5Gap1APS.VM-01Application code testing is performedArt. 21(2)(e); Art. 21(2)(f)Target7Current6Gap1APS.VM-02Application runtime testing is performedArt. 21(2)(e); Art. 21(2)(f)Target6Current5Gap1APS.VM-03Infrastructure-as-Code (IaC) security scanning is performedArt. 21(2)(e); Art. 21(2)(i)Target6Current5Gap1APS.VM-04Penetration testing is performed for in-scope applicationsArt. 21(2)(e); Art. 21(2)(f)Target6Current6Gap0APS.VM-05Application vulnerabilities are trackedArt. 21(2)(e); Art. 21(2)(f)Target6Current6Gap0APS.VM-06Bug bounty or coordinated vulnerability disclosure is…Art. 12; Art. 21(2)(e)Target6Current6Gap0APS.OP-01Application release and deployment processes apply secure…Art. 21(2)(e)Target7Current6Gap1APS.OP-02Runtime application protection is applied where appropriateArt. 21(2)(e); Art. 21(2)(i); Art. 21(2)(j)Target6Current6Gap0APS.OP-03AppSec incident response procedures are documented and…Art. 21(2)(b); Art. 23 (incident reporting)Target6Current5Gap1APS.OP-04Application BCP / DR procedures are documented and…Art. 21(2)(c)Target6Current6Gap0APS.OP-05Application decommissioning and end-of-life procedures…Art. 21(2)(i)Target7Current7Gap0APS.TA-01AppSec training is provided to developmentArt. 21(2)(g)Target6Current5Gap1APS.TA-02A Security Champion programme is operated to designateArt. 21(2)(g)Target6Current5Gap1AIT.GV-01Third-Party AI policies are documentedArt. 21(1); Art. 21(2)(e)Target6Current6Gap0AIT.GV-02Third-Party AI procedures are documentedArt. 21(1); Art. 21(2)(e)Target6Current6Gap0AIT.GV-03Vendor responsibility frameworkArt. 21(2)(d)Target6Current6Gap0AIT.GV-04Third-Party AI compliance with policiesArt. 21(2)(f)Target6Current5Gap1AIT.VR-01Third-party AI vendors are evaluated against the Vendor…Art. 21(2)(d)Target6Current6Gap0AIT.VR-02Information security requirements are included in…Art. 21(2)(d)Target7Current7Gap0AIT.VR-03Vendor sub-processors and AI supply chain are identified…Art. 21(2)(d)Target6Current6Gap0AIT.VR-04Vendor security and ethical posture is reassessed at…Art. 21(2)(d); Art. 21(2)(f)Target6Current6Gap0AIT.AM-01Third-party AI tools and services are inventoriedArt. 21(2)(d); Art. 21(2)(i)Target6Current4Gap2AIT.AM-02Third-party AI assets are classified and tagged with AI…Art. 21(2)(e)Target6Current4Gap2AIT.AM-03Shadow AI — unauthorised third-party AI use — is detected…Art. 21(2)(i)Target6Current4Gap2AIT.AM-04Embedded AI capabilities within existing SaaS suppliers are…Art. 21(2)(d)Target6Current4Gap2AIT.AG-01Agentic AI tool authorisation scope is documented and…Art. 21(2)(i)Target6Current6Gap0AIT.AG-02Human-in-the-loop authorisation is applied to sensitive…Art. 21(2)(i)Target6Current4Gap2AIT.AG-03Agentic AI activity is logged at action granularityArt. 21(2)(b); Art. 21(2)(i)Target7Current5Gap2AIT.AG-04Agentic AI prompt injectionArt. 21(2)(e); Art. 21(2)(i)Target6Current6Gap0AIT.AG-05Agentic AI vendor selection follows elevated criteriaArt. 21(2)(d)Target7Current5Gap2AIT.AG-06Emergency suspension and revocation capability for…Art. 21(2)(b); Art. 21(2)(i)Target7Current1Gap6AIT.US-01Approved third-party AI toolsArt. 21(2)(i)Target6Current5Gap1AIT.US-02Data exposure to third-party AI tools is governed per AI…Art. 21(2)(h); Art. 21(2)(i)Target7Current6Gap1AIT.US-03AI tool output handling and verification requirements are…Art. 21(2)(i)Target6Current6Gap0AIT.US-04Personal and company account separation is enforced for…Art. 21(2)(i); Art. 21(2)(j)Target6Current6Gap0AIT.MO-01Third-party AI usage telemetry is collected and analysedArt. 21(2)(b); Art. 21(2)(i)Target6Current6Gap0AIT.MO-02Third-party AI provider security postureArt. 21(2)(d)Target6Current5Gap1AIT.MO-03Vendor business, ethical, and regulatory changes are…Art. 21(2)(d)Target7Current7Gap0AIT.MO-04Anomalous usage patterns and abuse indicators are detectedArt. 21(2)(b)Target6Current6Gap0AIT.IR-01Third-party AI-specific incident response playbooks are…Art. 21(2)(b); Art. 23Target6Current6Gap0AIT.IR-02Third-party AI incidents are escalated and managed per the…Art. 21(2)(b); Art. 23Target6Current5Gap1AIT.IR-03Vendor-initiated breach and security notifications are…Art. 21(2)(d); Art. 23Target7Current7Gap0AIT.RT-01Third-party AI tool retirement is performed when approval…Art. 21(2)(d)Target7Current6Gap1AIT.RT-02Data return, deletion, and account closure are verified at…Art. 21(2)(d); Art. 21(2)(i)Target7Current7Gap0AIT.RT-03Retirement outcomes inform Vendor Responsibility Framework…Art. 21(2)(f)Target6Current5Gap1AII.GV-01AI security policies are documentedArt. 21(1); Art. 21(2)(e)Target6Current6Gap0AII.GV-02AI security procedures are documentedArt. 21(1); Art. 21(2)(e)Target6Current6Gap0AII.GV-03Secure AI Development Lifecycle (AI SDLC) standards are…Art. 21(2)(e)Target6Current6Gap0AII.GV-04AI security compliance with policiesArt. 21(2)(f)Target6Current5Gap1AII.AM-01In-house AI systems are inventoried and classifiedArt. 21(2)(i)Target6Current5Gap1AII.AM-02AI models and model artifacts are inventoriedArt. 21(2)(i)Target6Current6Gap0AII.AM-03Training datasets and AI data assets are inventoriedArt. 21(2)(i)Target6Current5Gap1AII.AM-04System prompts and AI instructions are inventoriedArt. 21(2)(i)Target6Current3Gap3AII.AM-05AI data flows and integrations are documentedArt. 21(2)(i)Target6Current5Gap1AII.DS-01AI security requirements are defined based on AI risk and…Art. 21(2)(e)Target7Current6Gap1AII.DS-02AI threat modeling is performed iteratively for AI systems…Art. 21(2)(a); Art. 21(2)(e)Target6Current6Gap0AII.DS-03Security architecture reviews are performed for new AI…Art. 21(2)(e)Target7Current6Gap1AII.DS-04Privacy by Design and Data Protection Impact Assessments…Art. 21(2)(e)Target7Current7Gap0AII.DS-05Secure AI design patterns and reusable security components…Art. 21(2)(e)Target6Current6Gap0AII.SD-01Training data security and integrity controls are appliedArt. 21(2)(h); Art. 21(2)(i)Target7Current6Gap1AII.SD-02Model training and fine-tuning security controls are…Art. 21(2)(e); Art. 21(2)(i)Target6Current6Gap0AII.SD-03System prompts and AI instructions are developed and…Art. 21(2)(e); Art. 21(2)(i)Target6Current6Gap0AII.SD-04Inference input validation and output handling are appliedArt. 21(2)(e); Art. 21(2)(i)Target6Current6Gap0AII.SD-05Model artifact integrity and safe loading controls are…Art. 21(2)(e); Art. 21(2)(i)Target7Current7Gap0AII.SD-06ML pipeline security controls are appliedArt. 21(2)(d); Art. 21(2)(e); Art. 21(2)(i)Target6Current6Gap0AII.SD-07Adversarial robustness defences are implemented where…Art. 21(2)(e)Target6Current6Gap0AII.SD-08AI-specific secrets and credentials are managedArt. 21(2)(h); Art. 21(2)(i)Target6Current6Gap0AII.SD-09Secure AI coding standards and code review are appliedArt. 21(2)(e)Target6Current5Gap1AII.SC-01AI components, models, and dependencies are inventoried and…Art. 21(2)(d); Art. 21(2)(e)Target7Current6Gap1AII.SC-02Base model and pre-trained model selection follows defined…Art. 21(2)(d)Target6Current6Gap0AII.SC-03Training dataset provenance and licensing are verified…Art. 21(2)(d)Target6Current5Gap1AII.SC-04AI build pipeline and ML infrastructure integrity are…Art. 21(2)(d); Art. 21(2)(e); Art. 21(2)(i)Target6Current6Gap0AII.VM-01AI code and component testing is performedArt. 21(2)(e); Art. 21(2)(f)Target6Current6Gap0AII.VM-02AI runtime testing is performedArt. 21(2)(e); Art. 21(2)(f)Target7Current7Gap0AII.VM-03AI red teaming is performed for in-scope AI systemsArt. 21(2)(e); Art. 21(2)(f)Target6Current6Gap0AII.VM-04AI vulnerabilities are trackedArt. 21(2)(e)Target6Current5Gap1AII.VM-05AI bug bounty or coordinated vulnerability disclosure is…Art. 12; Art. 21(2)(e); Art. 23Target6Current6Gap0AII.VM-06A versioned security evaluation suite gates promotion of AI…Art. 21(2)(e)Target7Current2Gap5AII.OP-01AI release and deployment processes apply secure release…Art. 21(2)(e)Target6Current6Gap0AII.OP-02Runtime AI protection is appliedArt. 21(2)(e); Art. 21(2)(i); Art. 21(2)(j)Target6Current6Gap0AII.OP-03AI systems are monitoredArt. 21(2)(b); Art. 21(2)(i)Target7Current6Gap1AII.OP-04AI incident response procedures are documented and…Art. 21(2)(b); Art. 23Target7Current7Gap0AII.OP-05AI system BCP / DR procedures are documented and maintainedArt. 21(2)(c)Target6Current6Gap0AII.OP-06AI system decommissioning and end-of-life procedures…Art. 21(2)(i)Target6Current5Gap1AII.OP-07AI-generated content transparency and provenance…Art. 21(2)(i)Target6Current1Gap5AII.AG-01Agent authorisation scope is documented and enforcedArt. 21(2)(i)Target6Current4Gap2AII.AG-02Human-in-the-loop authorisation is applied to sensitive…Art. 21(2)(i)Target6Current5Gap1AII.AG-03Agent activity is logged at action granularityArt. 21(2)(b); Art. 21(2)(i)Target7Current7Gap0AII.AG-04Agent defences against prompt injectionArt. 21(2)(e); Art. 21(2)(i)Target6Current5Gap1AII.AG-05Agent frameworks, orchestration, and MCP implementations…Art. 21(2)(e); Art. 21(2)(i)Target7Current7Gap0AII.AG-06Emergency suspension and revocation capability for in-house…Art. 21(2)(b); Art. 21(2)(i)Target7Current1Gap6AII.TA-01AI security training is provided to AI developmentArt. 21(2)(g)Target6Current6Gap0AII.TA-02An AI Security Champion programme is operated to designateArt. 21(2)(g)Target6Current5Gap1AII.US-01Approved in-house AI tools and use cases are defined and…Art. 21(2)(i)Target6Current5Gap1AII.US-02Data exposure to in-house AI tools is governed per AI…Art. 21(2)(h); Art. 21(2)(i)Target6Current5Gap1AII.US-03AI tool output handling and verification requirements are…Art. 21(2)(i)Target6Current6Gap0AII.US-04Authentication and account hygiene for in-house AI tools is…Art. 21(2)(i); Art. 21(2)(j)Target6Current5Gap1

EU CRA 44

EU Cyber Resilience Act - security requirements for products with digital elements.

Mapped Controls
44
Avg Current
5.80
Avg Target
6.30
Avg Gap
0.50
Controls Below Target
21
APS.GV-01AppSec policies are documentedArt. 13(1); Art. 14Target6Current6Gap0APS.GV-02AppSec procedures are documentedArt. 13(1); Art. 13(7)Target6Current5Gap1APS.GV-03Secure Software Development Lifecycle (SDLC) standards are…Annex I (essential cybersecurity requirements); Art. 13 (manufacturer obligations during development)Target6Current6Gap0APS.GV-04AppSec compliance with policiesArt. 13(8) (conformity assessment); Annex VII (technical documentation)Target6Current5Gap1APS.AM-01Applications are inventoried and classifiedArt. 13(2) (product identification); Annex VII (technical documentation)Target6Current6Gap0APS.AM-02Source code repositories are inventoriedArt. 13(2) (record-keeping); Art. 13(7) (vulnerability handling)Target6Current6Gap0APS.AM-03Secrets are inventoriedArt. 13(2); Art. 13(7) (vulnerability handling for exposed secrets)Target6Current5Gap1APS.AM-04Application data flows and integrations are documentedArt. 13; Annex I (data processing security)Target6Current6Gap0APS.DS-01Security requirements are defined for applications based on…Art. 13; Annex I (essential cybersecurity requirements)Target6Current5Gap1APS.DS-02Threat modeling is performed iteratively for applications…Art. 13(2) (cybersecurity risk assessment of products)Target7Current7Gap0APS.DS-03Security architecture reviews are performed for new…Art. 13; Annex I (essential cybersecurity requirements)Target6Current6Gap0APS.DS-04Privacy by design and Data Protection Impact Assessments…Art. 13(3) (secure default configurations)Target6Current5Gap1APS.DS-05Secure design patterns and reusable security components are…Art. 13(3) (secure-by-design / secure-by-default)Target7Current7Gap0APS.SD-01Access control is applied to development assetsArt. 13(2); Art. 13(3) (secure defaults including access controls)Target7Current6Gap1APS.SD-02Cryptography is applied to protect data within applications…Art. 13; Annex I (cryptographic protection of data)Target6Current5Gap1APS.SD-03Input is validated and exceptions are handled securely…Annex I (vulnerability-free applications, input protection)Target7Current7Gap0APS.SD-04Security is addressed from the start of development (OWASP…Art. 13(1); Art. 13(2) (security throughout the lifecycle)Target7Current6Gap1APS.SD-05Configurations are secure by default (OWASP C5) OWASP Top…Art. 13(3) (secure default configurations)Target7Current7Gap0APS.SD-06Components are kept secure (OWASP C6) OWASP Top 10…Art. 13(5) (vulnerability handling for components)Target7Current7Gap0APS.SD-07Digital identities are secured (OWASP C7) OWASP Top 10…Art. 13; Annex I (authentication)Target6Current5Gap1APS.SD-08Browser security features are leveraged (OWASP C8) OWASP…Annex I (browser-side protection of users)Target6Current6Gap0APS.SD-09Security logging and monitoring are implemented (OWASP C9)…Art. 13; Annex I (logging of security-relevant events)Target6Current6Gap0APS.SD-10Server-side request forgery is prevented (OWASP C10) OWASP…Annex I (input handling, network protection)Target6Current6Gap0APS.SD-11Secrets are sourced from secure secrets managementArt. 13(2); Art. 13(7)Target6Current6Gap0APS.SD-12Secure coding standards are documented and appliedArt. 13(1); Art. 13(2) (manufacturer obligations including code-quality controls)Target6Current6Gap0APS.SC-01Third-party components and dependencies are inventoried and…Art. 13(2); Annex I (component documentation); Annex VII (technical documentation)Target7Current6Gap1APS.SC-02Third-party component selection follows defined security…Art. 13(2) (cybersecurity risk assessment including third-party components)Target6Current5Gap1APS.SC-03Build pipeline and deployment infrastructure integrity and…Art. 13(2) (integrity and supply chain controls); Annex ITarget7Current5Gap2APS.SC-04Container images and registries are managed for security…Art. 13; Annex I (integrity and protection)Target6Current5Gap1APS.VM-01Application code testing is performedArt. 13(2) (cybersecurity risk assessment); Art. 13(5) (vulnerability handling)Target7Current6Gap1APS.VM-02Application runtime testing is performedArt. 13(2) (cybersecurity risk assessment); Art. 13(5) (vulnerability handling)Target6Current5Gap1APS.VM-03Infrastructure-as-Code (IaC) security scanning is performedArt. 13(2); Art. 13(3) (secure default configurations)Target6Current5Gap1APS.VM-04Penetration testing is performed for in-scope applicationsArt. 13(2) (cybersecurity risk assessment of products)Target6Current6Gap0APS.VM-05Application vulnerabilities are trackedArt. 13(5) (vulnerability handling); Art. 14 (reporting obligations including 24-hour ENISA notification for actively exploited vulnerabilities)Target6Current6Gap0APS.VM-06Bug bounty or coordinated vulnerability disclosure is…Art. 13(7) (coordinated vulnerability disclosure); Art. 14 (reporting obligations to ENISA)Target6Current6Gap0APS.OP-01Application release and deployment processes apply secure…Art. 13; Art. 13(2) (release of products in compliant state)Target7Current6Gap1APS.OP-02Runtime application protection is applied where appropriateArt. 13; Annex I (runtime protection of products)Target6Current6Gap0APS.OP-03AppSec incident response procedures are documented and…Art. 14 (reporting obligations: 24-hour early warning, 72-hour update, 14-day final report)Target6Current5Gap1APS.OP-04Application BCP / DR procedures are documented and…Art. 13; Annex I (resilience requirements)Target6Current6Gap0APS.OP-05Application decommissioning and end-of-life procedures…Art. 13(8) (declared support periods); end-of-support communicationTarget7Current7Gap0APS.TA-01AppSec training is provided to developmentArt. 13 (manufacturer competence to deliver essential requirements)Target6Current5Gap1APS.TA-02A Security Champion programme is operated to designateArt. 13 (manufacturer competence)Target6Current5Gap1AII.OP-04AI incident response procedures are documented and…Art. 14 (reporting obligations where AI products are EU-marketed)Target7Current7Gap0AII.OP-06AI system decommissioning and end-of-life procedures…Art. 13(8) (declared support periods where AI products are EU-marketed)Target6Current5Gap1

TISAX 335

TISAX (Trusted Information Security Assessment Exchange) - automotive-sector security framework based on ISA 6.

Mapped Controls
335
Avg Current
5.79
Avg Target
6.22
Avg Gap
0.44
Controls Below Target
111
GOV.OC-01ISMS scope is defined1.1.1Target6Current6Gap0GOV.OC-02Internal and external issues relevant to information…1.1.1Target6Current6Gap0GOV.OC-03Interested parties1.1.1Target6Current6Gap0GOV.OC-04Critical dependencies and mission-critical capabilities are…1.6.3Target6Current6Gap0GOV.LE-01A legal, statutory, regulatory, and contractual…7.1.1Target6Current6Gap0GOV.LE-02Regulatory engagement7.1.1Target6Current6Gap0GOV.LE-03Intellectual property rights7.1.1Target6Current5Gap1GOV.LE-04Records and information lifecycle obligations7.1.1; 7.1.2Target6Current6Gap0GOV.RM-01Information security risk management methodology and…1.4.1Target6Current6Gap0GOV.RM-02Information security risk appetite and risk tolerance are…1.4.1Target6Current6Gap0GOV.RM-03Information security risks are identified1.4.1Target6Current6Gap0GOV.RM-04Risk treatment options1.4.1Target6Current6Gap0GOV.RM-05Information security risk management is integrated with…1.4.1Target6Current6Gap0GOV.RR-01Information security leadership1.2.1; 1.2.2Target6Current6Gap0GOV.RR-02Information security roles and responsibilities for Company…1.2.2; 2.1.2Target6Current6Gap0GOV.RR-03Segregation of duties for security-sensitive activities is…1.2.2Target6Current5Gap1GOV.RR-04Personnel screening commensurate with role sensitivity is…2.1.1Target6Current6Gap0GOV.RR-05Confidentiality and non-disclosure obligations are…2.1.2; 6.1.2Target6Current6Gap0GOV.RR-06Workforce conduct expectations and the disciplinary process…2.1.2Target6Current6Gap0GOV.RR-07Personnel onboarding2.1.1; 2.1.2Target6Current5Gap1GOV.RR-08A cross-functional AI governance forum is established with…1.2.1; 1.2.2Target6Current2Gap4GOV.PO-01Information security policy architecture1.1.1Target6Current6Gap0GOV.PO-02Information security policies and supporting documents are…1.1.1Target6Current6Gap0GOV.PO-03Information security policies are communicated to personnel…1.1.1; 2.1.3Target6Current6Gap0GOV.PO-04Exceptions to information security policies are formally…1.1.1; 1.4.1Target6Current6Gap0GOV.RE-01Information security resourcing requirements1.2.1Target6Current6Gap0GOV.RE-02Competence requirements for information security personnel…2.1.1; 2.1.3Target6Current6Gap0GOV.RE-03External expertise1.2.4; 6.1.1Target6Current6Gap0GOV.OV-01Information security key performance and key risk…1.2.1Target6Current6Gap0GOV.OV-02ISMS performance is evaluated against defined objectives1.2.1; 1.5.1Target6Current6Gap0GOV.OV-03Board of Directors and Executive Team are updated on…1.1.1; 1.2.1Target6Current5Gap1GOV.OV-04Management review of the ISMS is conducted at defined…1.2.1Target6Current6Gap0GOV.OV-05Continual improvement of the ISMS is governed through…1.2.1; 1.5.1Target7Current6Gap1GOV.OV-06Per-Control maturity is scored against the Company's…1.2.1; 1.5.1Target7Current7Gap0GOV.AC-01Internal audit programme for the ISMS is established with…1.5.2Target6Current6Gap0GOV.AC-02Independent reviews of information security are conducted…1.5.2Target6Current5Gap1GOV.AC-03External audits and certification assessments1.5.2Target6Current6Gap0GOV.AC-04Audit findings, observations, and recommendations are…1.5.1; 1.5.2Target6Current6Gap0IDE.AM-01Asset management policy1.3.1Target6Current6Gap0IDE.AM-02Assets are classified using the Company's classification…1.3.2Target6Current6Gap0IDE.AM-03Service assets — including domain management, cloud…1.3.1; 1.3.3Target6Current5Gap1IDE.AM-04Application assets1.3.1; 1.3.4Target6Current5Gap1IDE.AM-05Network assets — including network components, segments…1.3.1Target6Current6Gap0IDE.AM-06Endpoint assets — including company-managed devices — are…1.3.1; 3.1.4Target6Current6Gap0IDE.AM-07Asset integrations1.3.1Target6Current4Gap2IDE.AM-08Assets are managed throughout their lifecycle1.3.3; 1.3.4Target6Current6Gap0IDE.DI-01Data inventory and records of processing policy1.3.1; 7.1.2Target6Current6Gap0IDE.DI-02Data assets are inventoried by category1.3.1; 1.3.2Target6Current6Gap0IDE.DI-03Personal data and special-category data are identified7.1.2Target6Current5Gap1IDE.DI-04Records of processing activities7.1.2Target6Current6Gap0IDE.DI-05Data flows across the asset estate7.1.2Target6Current5Gap1IDE.DI-06Data discovery activities are performed to detect…1.3.1; 7.1.2Target6Current5Gap1IDE.BI-01Business impact analysis policy1.6.3Target6Current6Gap0IDE.BI-02Critical business functions and the assets1.6.3; 5.2.8Target6Current6Gap0IDE.BI-03Crown-jewel assets1.3.2; 1.6.3Target6Current6Gap0IDE.BI-04Business impact tolerances1.6.3; 5.2.8Target6Current6Gap0IDE.BI-05Business impact analysis outputs inform protection…1.6.3; 5.2.8Target6Current6Gap0IDE.ES-01External attack surface management policy1.3.3; 1.3.4Target6Current6Gap0IDE.ES-02Internet-exposed assets1.3.1; 5.2.6Target7Current6Gap1IDE.ES-03Shadow IT and unmanaged assets are detected and reconciled…1.3.3; 1.3.4Target6Current6Gap0IDE.ES-04Brand-related external exposure1.3.1Target6Current4Gap2IDE.ES-05External attack surface findings are prioritised5.2.5; 5.2.6Target7Current6Gap1IDE.RA-01The information security risk assessment programme1.4.1Target6Current6Gap0IDE.RA-02Threat inputs from IDE.TM1.4.1; 5.2.5Target7Current6Gap1IDE.RA-03Information security risks are analysed for likelihood and…1.4.1Target7Current7Gap0IDE.RA-04Project-level, change-level, and onboarding-level risk…1.2.3; 1.4.1Target6Current5Gap1IDE.RA-05Risk assessment outputs are recorded1.4.1Target7Current7Gap0IDE.SC-01Supply chain risk management policy6.1.1Target6Current6Gap0IDE.SC-02Suppliers and other third parties are inventoried1.3.3; 6.1.1Target7Current7Gap0IDE.SC-03Pre-engagement supplier due diligence1.3.3; 6.1.1Target6Current6Gap0IDE.SC-04Supplier contracts and onboarding establish information…6.1.1; 6.1.2Target7Current7Gap0IDE.SC-05Supplier security posture is monitored throughout the…6.1.1Target7Current7Gap0IDE.SC-06Supplier termination and offboarding are governed by…5.3.3Target6Current5Gap1IDE.SC-07Supply chain risk management outcomes inform improvement of…6.1.1Target7Current7Gap0PRO.AA-01Identity and access management policy4.1.1; 4.2.1Target6Current6Gap0PRO.AA-02Identities are managed throughout their lifecycle4.1.1; 4.1.3Target7Current7Gap0PRO.AA-03Authentication mechanisms are commensurate with sensitivity4.1.2; 4.1.3Target6Current6Gap0PRO.AA-04Access is granted on the principles of least privilege and…4.2.1Target6Current5Gap1PRO.AA-05Privileged access is governed under additional safeguards4.2.1Target6Current5Gap1PRO.AA-06Federated identity4.1.1; 4.1.2Target7Current7Gap0PRO.AA-07Authentication credentials4.1.3Target7Current6Gap1PRO.DS-01Data security policy5.1.1; 7.1.2Target6Current6Gap0PRO.DS-02Data handling requirements per classification1.3.2; 5.1.2Target6Current5Gap1PRO.DS-03Data at rest is protected through encryption proportionate…5.1.1Target6Current6Gap0PRO.DS-04Data in transit is protected through encryption…5.1.1; 5.1.2Target6Current6Gap0PRO.DS-05Data leakage prevention is applied across endpoints5.1.2Target6Current6Gap0PRO.DS-06Data masking, pseudonymisation, and tokenisation are…7.1.2Target6Current6Gap0PRO.DS-07Data retention, archival, and lawful disposal are governed…7.1.2Target7Current7Gap0PRO.DS-08Data backup is performed5.2.9Target6Current5Gap1PRO.CR-01Cryptography policy5.1.1Target6Current6Gap0PRO.CR-02Cryptographic algorithms5.1.1Target6Current6Gap0PRO.CR-03Key management — generation, storage, distribution…5.1.1Target6Current6Gap0PRO.CR-04Public key infrastructure and digital certificates are…5.1.1Target6Current6Gap0PRO.CR-05Cryptographic agility and post-quantum readiness are…5.1.1Target6Current6Gap0PRO.PS-01Platform and configuration security policy5.2.1Target6Current6Gap0PRO.PS-02Operating system and platform configurations are hardened…5.2.1Target6Current6Gap0PRO.PS-03Cloud platform and SaaS configurations are governed under…1.3.3; 5.3.4Target6Current5Gap1PRO.PS-04Software installation1.3.4; 5.2.1Target6Current6Gap0PRO.PS-05Configuration changes to platforms and infrastructure are…5.2.1Target6Current6Gap0PRO.PS-06Anti-malware and platform-level threat protection are…5.2.3Target6Current6Gap0PRO.NS-01Network security policy5.2.7; 5.3.2Target6Current6Gap0PRO.NS-02Network segmentation isolates environments5.2.7Target6Current4Gap2PRO.NS-03Perimeter protection5.2.7Target7Current7Gap0PRO.NS-04Domain Name System5.2.7Target6Current6Gap0PRO.NS-05Remote access and VPN are governed under defined standards2.1.4; 5.2.7Target6Current6Gap0PRO.EM-01Email and messaging security policy5.1.2Target6Current5Gap1PRO.EM-02Email security service5.1.2; 5.2.3Target6Current5Gap1PRO.EM-03Email protocol-level safeguards5.1.1; 5.1.2Target6Current6Gap0PRO.EM-04Messaging and collaboration platform security1.3.3; 5.1.2; 5.3.4Target6Current5Gap1PRO.EM-05Impersonation, lookalike-domain, and brand-related email…1.6.1; 5.1.2Target7Current7Gap0PRO.EP-01Endpoint security policy3.1.4Target6Current6Gap0PRO.EP-02Endpoint protection3.1.4; 5.2.3Target6Current5Gap1PRO.EP-03Mobile device management is applied to company-managed and…2.1.4; 3.1.4Target6Current4Gap2PRO.EP-04Endpoint encryption is applied to in-scope devices…3.1.4; 5.1.1Target7Current7Gap0PRO.EP-05Endpoint lifecycle1.3.3; 3.1.4Target7Current6Gap1PRO.IR-01Physical and environmental protection policy3.1.1Target6Current6Gap0PRO.IR-02Physical access to facilities3.1.1Target7Current7Gap0PRO.IR-03Environmental threats3.1.1Target6Current4Gap2PRO.IR-04Equipment siting, maintenance, and supporting utilities are…3.1.1; 3.1.3Target6Current6Gap0PRO.IR-05Remote working and offsite use of Company assets are…2.1.4; 3.1.4Target6Current6Gap0PRO.IR-06Clear desk, clear screen, and storage media handling are…3.1.3Target7Current7Gap0PRO.IR-07Infrastructure capacity and resource adequacy are monitored5.2.8Target6Current4Gap2PRO.IR-08Resilience mechanisms1.6.3; 5.2.8Target6Current6Gap0PRO.VM-01Vulnerability management policy5.2.5Target6Current6Gap0PRO.VM-02Vulnerability discovery5.2.5; 5.2.6Target6Current6Gap0PRO.VM-03Vulnerabilities are prioritised based on severity5.2.5Target7Current7Gap0PRO.VM-04Vulnerabilities are remediated through patching5.2.5Target6Current5Gap1PRO.VM-05Vulnerability exceptions are formally requested5.2.5Target7Current6Gap1PRO.VM-06Coordinated vulnerability disclosure and external…5.2.5Target6Current6Gap0PRO.TA-01Training and awareness policy2.1.3Target6Current6Gap0PRO.TA-02General information security training is provided to all…2.1.3Target6Current5Gap1PRO.TA-03Role-specific information security training is provided to…2.1.1; 2.1.3Target6Current5Gap1PRO.TA-04Phishing and social engineering simulation programmes are…2.1.3Target6Current4Gap2PRO.TA-05Security champion networks are established across functions…2.1.3Target6Current5Gap1PRO.TA-06Training effectiveness is measured2.1.3Target6Current4Gap2DET.GV-01Detection and monitoring policy1.6.1; 5.2.4Target6Current6Gap0DET.GV-02Detection capability1.6.1; 1.6.2; 5.2.4Target6Current5Gap1DET.GV-03Detection coverage is mapped against MITRE ATT&CK…1.6.1Target6Current6Gap0DET.GV-04Detection effectiveness5.2.6; 1.6.1Target6Current6Gap0DET.LM-01Logging policy, scope, and standards are documented…5.2.4Target6Current6Gap0DET.LM-02Logs are generated across in-scope assets covering…5.2.4Target7Current6Gap1DET.LM-03Logs are aggregated to a central platform with sufficient…5.2.4Target6Current6Gap0DET.LM-04Log integrity is protected5.2.4Target6Current6Gap0DET.LM-05Sensitive data access5.2.4Target7Current6Gap1DET.CM-01Monitoring scope, signal sources, and tooling are defined…5.2.4Target6Current6Gap0DET.CM-02Endpoint and identity monitoring captures EDR5.2.4Target7Current6Gap1DET.CM-03Network and cloud workload monitoring captures perimeter5.2.4Target7Current7Gap0DET.CM-04Data, application, and messaging monitoring captures DLP…5.1.2; 5.2.4Target7Current7Gap0DET.CM-05Physical and environmental monitoring captures facility…3.1.1; 5.2.4Target6Current6Gap0DET.CM-06Insider threat and user behaviour analytics monitor for…2.1.2; 5.2.4Target6Current6Gap0DET.DE-01Detection content lifecycle1.6.1; 5.2.4Target6Current6Gap0DET.DE-02Detection content is informed by threat intelligence per…1.6.1; 5.2.4Target6Current6Gap0DET.DE-03Detection content is version-controlled5.2.1; 5.2.4Target6Current6Gap0DET.DE-04Detection content effectiveness1.6.1; 5.2.4Target7Current7Gap0DET.EA-01Alert triage processes1.6.1; 1.6.2Target6Current6Gap0DET.EA-02Alerts are correlated across signal sources to identify…1.6.1; 5.2.4Target6Current6Gap0DET.EA-03Investigation procedures define evidence handling1.6.1; 1.6.2Target6Current6Gap0DET.EA-04Confirmed incidents are escalated to incident response per…1.6.1; 1.6.2Target7Current7Gap0DET.TH-01Threat hunting programme1.6.1; 5.2.4Target6Current6Gap0DET.TH-02Hunts are informed by threat intelligence per IDE.TM1.6.1; 5.2.4Target6Current6Gap0DET.TH-03Hunt outcomes — confirmed threats, new detection content…1.6.1; 5.2.4Target6Current5Gap1RES.GV-01Information Security incident response policy1.6.1; 1.6.2Target6Current6Gap0RES.GV-02Incident response capability1.6.1; 1.6.2Target6Current6Gap0RES.GV-03Stakeholder engagement framework1.6.1; 1.6.2Target6Current6Gap0RES.PR-01Incident response plans and playbooks1.6.1; 1.6.2; 1.6.3Target6Current5Gap1RES.PR-02Response tooling — forensic acquisition, investigation…1.6.1; 1.6.2Target6Current6Gap0RES.PR-03Personnel competence for response roles is established and…1.6.1; 2.1.3Target6Current6Gap0RES.PR-04Exercises — tabletop, technical, full simulation — are…1.6.1; 1.6.2; 1.6.3Target6Current6Gap0RES.PR-05External relationships1.6.1Target7Current7Gap0RES.IR-01Incidents are declared1.6.1; 1.6.2Target6Current6Gap0RES.IR-02Incident leadership and cross-functional coordination are…1.6.1; 1.6.2; 1.6.3Target6Current6Gap0RES.IR-03Containment actions are executed to limit incident impact…1.6.1; 1.6.2Target6Current6Gap0RES.IR-04Eradication actions remove the threat presence and restore…1.6.1; 1.6.2Target6Current6Gap0RES.IR-05Recovery coordination with REC ensures restoration of…1.6.1; 1.6.2; 1.6.3Target6Current6Gap0RES.IR-06Specialty incident classes1.6.1; 1.6.2; 1.6.3; 6.1.1Target7Current6Gap1RES.AN-01Forensic analysis and evidence handling are performed under…1.6.1; 1.6.2Target6Current6Gap0RES.AN-02Incident scope, impact, and affected assets are determined…1.6.1; 1.6.2Target6Current6Gap0RES.AN-03Root cause is identified and documented for material…1.6.1; 1.6.2Target7Current7Gap0RES.AN-04Threat actor attribution is assessed where evidence…1.6.1; 1.6.2Target7Current6Gap1RES.IC-01Internal communication1.6.1; 1.6.2Target6Current6Gap0RES.IC-02Regulatory notifications1.6.1; 1.6.2Target7Current7Gap0RES.IC-03Customer notification and engagement are conducted where…1.6.1; 1.6.2Target6Current6Gap0RES.IC-04Supplier and third-party coordination is conducted where…1.6.1; 1.6.2; 6.1.1Target6Current6Gap0RES.IC-05Public communication1.6.1; 1.6.2Target6Current6Gap0RES.LL-01Post-incident reviews are conducted for material incidents…1.6.1; 1.6.2Target6Current6Gap0RES.LL-02Programme-level effectiveness1.6.1; 1.6.2Target6Current6Gap0RES.LL-03Improvement actions are tracked to closure and feed…1.6.1; 1.6.2Target7Current7Gap0REC.GV-01Recovery policy, procedures, and roles are documented…1.6.3; 5.2.8Target6Current6Gap0REC.GV-02Recovery capability1.6.3; 5.2.8Target6Current6Gap0REC.GV-03Stakeholder engagement framework1.6.3; 5.2.8Target6Current6Gap0REC.RP-01Recovery strategies and plans1.6.3; 5.2.8Target6Current6Gap0REC.RP-02Recovery tooling and infrastructure5.2.8; 5.2.9Target7Current6Gap1REC.RP-03Personnel competence for recovery roles is established and…1.6.3; 2.1.3Target6Current6Gap0REC.RP-04Recovery exercises1.6.3; 5.2.8Target7Current6Gap1REC.RP-05External relationships1.6.3; 5.2.8Target6Current6Gap0REC.RO-01Recovery is initiated under defined criteria with…1.6.3; 5.2.8Target6Current6Gap0REC.RO-02Recovery leadership and cross-functional coordination are…1.6.3; 5.2.8Target6Current6Gap0REC.RO-03System, data, and service restoration are executed under…1.6.3; 5.2.8; 5.2.9Target6Current6Gap0REC.RO-04Specialty recovery scenarios1.6.3; 5.2.8; 6.1.1Target6Current6Gap0REC.RV-01Pre-recovery validation1.6.3; 5.2.9Target6Current6Gap0REC.RV-02Post-restoration integrity verification1.6.3; 5.2.8Target6Current6Gap0REC.RV-03Heightened post-recovery monitoring is maintained for a…1.6.3; 5.2.4Target6Current5Gap1REC.RC-01Internal communication1.6.3; 5.2.8Target6Current6Gap0REC.RC-02Regulatory communications during recovery1.6.3Target7Current7Gap0REC.RC-03Customer communication and service-restoration updates are…1.6.3Target6Current6Gap0REC.RC-04Supplier and third-party coordination during recovery is…1.6.3; 6.1.1Target7Current6Gap1REC.RC-05Public communication and external messaging during recovery…1.6.3Target6Current6Gap0REC.LL-01Post-recovery reviews are conducted for material recoveries…1.6.3; 5.2.8Target6Current6Gap0REC.LL-02Programme-level effectiveness1.6.3; 5.2.8Target6Current6Gap0REC.LL-03Improvement actions are tracked to closure and feed…1.6.3; 5.2.8Target7Current7Gap0APS.GV-01AppSec policies are documented1.1.1Target6Current6Gap0APS.GV-02AppSec procedures are documented1.1.1Target6Current5Gap1APS.GV-03Secure Software Development Lifecycle (SDLC) standards are…1.3.3Target6Current6Gap0APS.GV-04AppSec compliance with policies1.6.1Target6Current5Gap1APS.AM-01Applications are inventoried and classified1.3.1Target6Current6Gap0APS.AM-02Source code repositories are inventoried1.3.1; 1.5.1Target6Current6Gap0APS.AM-03Secrets are inventoried1.4.1; 1.5.1Target6Current5Gap1APS.AM-04Application data flows and integrations are documented1.3.1Target6Current6Gap0APS.DS-01Security requirements are defined for applications based on…1.3.3Target6Current5Gap1APS.DS-02Threat modeling is performed iteratively for applications…1.4.1Target7Current7Gap0APS.DS-03Security architecture reviews are performed for new…1.3.3Target6Current6Gap0APS.DS-04Privacy by design and Data Protection Impact Assessments…1.6.1Target6Current5Gap1APS.DS-05Secure design patterns and reusable security components are…1.3.3Target7Current7Gap0APS.SD-01Access control is applied to development assets1.5.1Target7Current6Gap1APS.SD-02Cryptography is applied to protect data within applications…1.4.1Target6Current5Gap1APS.SD-03Input is validated and exceptions are handled securely…1.3.3Target7Current7Gap0APS.SD-04Security is addressed from the start of development (OWASP…1.3.3Target7Current6Gap1APS.SD-05Configurations are secure by default (OWASP C5) OWASP Top…1.3.3Target7Current7Gap0APS.SD-06Components are kept secure (OWASP C6) OWASP Top 10…1.3.3; 5.2.1Target7Current7Gap0APS.SD-07Digital identities are secured (OWASP C7) OWASP Top 10…1.5.1Target6Current5Gap1APS.SD-08Browser security features are leveraged (OWASP C8) OWASP…1.3.3Target6Current6Gap0APS.SD-09Security logging and monitoring are implemented (OWASP C9)…1.5.1Target6Current6Gap0APS.SD-10Server-side request forgery is prevented (OWASP C10) OWASP…1.3.3Target6Current6Gap0APS.SD-11Secrets are sourced from secure secrets management1.4.1; 1.5.1Target6Current6Gap0APS.SD-12Secure coding standards are documented and applied1.3.3Target6Current6Gap0APS.SC-01Third-party components and dependencies are inventoried and…1.3.1; 5.2.1Target7Current6Gap1APS.SC-02Third-party component selection follows defined security…5.2.1Target6Current5Gap1APS.SC-03Build pipeline and deployment infrastructure integrity and…1.3.3; 1.5.1Target7Current5Gap2APS.SC-04Container images and registries are managed for security…1.3.3Target6Current5Gap1APS.VM-01Application code testing is performed1.3.3Target7Current6Gap1APS.VM-02Application runtime testing is performed1.3.3Target6Current5Gap1APS.VM-03Infrastructure-as-Code (IaC) security scanning is performed1.3.3Target6Current5Gap1APS.VM-04Penetration testing is performed for in-scope applications1.3.3; 1.6.1Target6Current6Gap0APS.VM-05Application vulnerabilities are tracked1.3.3Target6Current6Gap0APS.VM-06Bug bounty or coordinated vulnerability disclosure is…1.3.3Target6Current6Gap0APS.OP-01Application release and deployment processes apply secure…1.3.3Target7Current6Gap1APS.OP-02Runtime application protection is applied where appropriate1.5.1Target6Current6Gap0APS.OP-03AppSec incident response procedures are documented and…1.6.1Target6Current5Gap1APS.OP-04Application BCP / DR procedures are documented and…1.3.3Target6Current6Gap0APS.OP-05Application decommissioning and end-of-life procedures…1.3.3; 1.3.4Target7Current7Gap0APS.TA-01AppSec training is provided to development2.1.1Target6Current5Gap1APS.TA-02A Security Champion programme is operated to designate1.2.1; 2.1.1Target6Current5Gap1AIT.GV-01Third-Party AI policies are documented1.1.1Target6Current6Gap0AIT.GV-02Third-Party AI procedures are documented1.1.1Target6Current6Gap0AIT.GV-03Vendor responsibility framework5.2.1Target6Current6Gap0AIT.GV-04Third-Party AI compliance with policies1.6.1Target6Current5Gap1AIT.VR-01Third-party AI vendors are evaluated against the Vendor…5.2.1Target6Current6Gap0AIT.VR-02Information security requirements are included in…5.2.2Target7Current7Gap0AIT.VR-03Vendor sub-processors and AI supply chain are identified…5.2.3Target6Current6Gap0AIT.VR-04Vendor security and ethical posture is reassessed at…5.2.3Target6Current6Gap0AIT.AM-01Third-party AI tools and services are inventoried1.3.1Target6Current4Gap2AIT.AM-02Third-party AI assets are classified and tagged with AI…1.3.2Target6Current4Gap2AIT.AM-03Shadow AI — unauthorised third-party AI use — is detected…1.5.1Target6Current4Gap2AIT.AM-04Embedded AI capabilities within existing SaaS suppliers are…5.2.3Target6Current4Gap2AIT.AG-01Agentic AI tool authorisation scope is documented and…1.5.1Target6Current6Gap0AIT.AG-02Human-in-the-loop authorisation is applied to sensitive…1.5.1Target6Current4Gap2AIT.AG-03Agentic AI activity is logged at action granularity1.5.1Target7Current5Gap2AIT.AG-04Agentic AI prompt injection1.5.1Target6Current6Gap0AIT.AG-05Agentic AI vendor selection follows elevated criteria5.2.1Target7Current5Gap2AIT.AG-06Emergency suspension and revocation capability for…1.6.1Target7Current1Gap6AIT.US-01Approved third-party AI tools1.5.1Target6Current5Gap1AIT.US-02Data exposure to third-party AI tools is governed per AI…1.3.2; 1.5.1Target7Current6Gap1AIT.US-03AI tool output handling and verification requirements are…1.3.3Target6Current6Gap0AIT.US-04Personal and company account separation is enforced for…1.5.1Target6Current6Gap0AIT.MO-01Third-party AI usage telemetry is collected and analysed1.5.1Target6Current6Gap0AIT.MO-02Third-party AI provider security posture5.2.3Target6Current5Gap1AIT.MO-03Vendor business, ethical, and regulatory changes are…5.2.3; 1.6.1Target7Current7Gap0AIT.MO-04Anomalous usage patterns and abuse indicators are detected1.5.1Target6Current6Gap0AIT.IR-01Third-party AI-specific incident response playbooks are…1.6.1Target6Current6Gap0AIT.IR-02Third-party AI incidents are escalated and managed per the…1.6.1Target6Current5Gap1AIT.IR-03Vendor-initiated breach and security notifications are…5.2.3Target7Current7Gap0AIT.RT-01Third-party AI tool retirement is performed when approval…5.2.4Target7Current6Gap1AIT.RT-02Data return, deletion, and account closure are verified at…5.2.4Target7Current7Gap0AIT.RT-03Retirement outcomes inform Vendor Responsibility Framework…1.6.1Target6Current5Gap1AII.GV-01AI security policies are documented1.1.1Target6Current6Gap0AII.GV-02AI security procedures are documented1.1.1Target6Current6Gap0AII.GV-03Secure AI Development Lifecycle (AI SDLC) standards are…1.3.3Target6Current6Gap0AII.GV-04AI security compliance with policies1.6.1Target6Current5Gap1AII.AM-01In-house AI systems are inventoried and classified1.3.1Target6Current5Gap1AII.AM-02AI models and model artifacts are inventoried1.3.1; 1.5.1Target6Current6Gap0AII.AM-03Training datasets and AI data assets are inventoried1.3.1Target6Current5Gap1AII.AM-04System prompts and AI instructions are inventoried1.3.1Target6Current3Gap3AII.AM-05AI data flows and integrations are documented1.3.1Target6Current5Gap1AII.DS-01AI security requirements are defined based on AI risk and…1.3.3Target7Current6Gap1AII.DS-02AI threat modeling is performed iteratively for AI systems…1.4.1Target6Current6Gap0AII.DS-03Security architecture reviews are performed for new AI…1.3.3Target7Current6Gap1AII.DS-04Privacy by Design and Data Protection Impact Assessments…1.6.1Target7Current7Gap0AII.DS-05Secure AI design patterns and reusable security components…1.3.3Target6Current6Gap0AII.SD-01Training data security and integrity controls are applied1.3.2; 1.4.1Target7Current6Gap1AII.SD-02Model training and fine-tuning security controls are…1.3.3; 1.5.1Target6Current6Gap0AII.SD-03System prompts and AI instructions are developed and…1.3.3Target6Current6Gap0AII.SD-04Inference input validation and output handling are applied1.3.3Target6Current6Gap0AII.SD-05Model artifact integrity and safe loading controls are…1.4.1Target7Current7Gap0AII.SD-06ML pipeline security controls are applied1.3.3; 1.5.1Target6Current6Gap0AII.SD-07Adversarial robustness defences are implemented where…1.3.3Target6Current6Gap0AII.SD-08AI-specific secrets and credentials are managed1.4.1; 1.5.1Target6Current6Gap0AII.SD-09Secure AI coding standards and code review are applied1.3.3Target6Current5Gap1AII.SC-01AI components, models, and dependencies are inventoried and…1.3.1Target7Current6Gap1AII.SC-02Base model and pre-trained model selection follows defined…5.2.1Target6Current6Gap0AII.SC-03Training dataset provenance and licensing are verified…1.3.1; 5.2.1Target6Current5Gap1AII.SC-04AI build pipeline and ML infrastructure integrity are…1.3.3; 1.5.1Target6Current6Gap0AII.VM-01AI code and component testing is performed1.3.3Target6Current6Gap0AII.VM-02AI runtime testing is performed1.3.3Target7Current7Gap0AII.VM-03AI red teaming is performed for in-scope AI systems1.3.3; 1.6.1Target6Current6Gap0AII.VM-04AI vulnerabilities are tracked1.3.3Target6Current5Gap1AII.VM-05AI bug bounty or coordinated vulnerability disclosure is…1.3.3Target6Current6Gap0AII.VM-06A versioned security evaluation suite gates promotion of AI…1.3.3Target7Current2Gap5AII.OP-01AI release and deployment processes apply secure release…1.3.3Target6Current6Gap0AII.OP-02Runtime AI protection is applied1.5.1Target6Current6Gap0AII.OP-03AI systems are monitored1.5.1Target7Current6Gap1AII.OP-04AI incident response procedures are documented and…1.6.1Target7Current7Gap0AII.OP-05AI system BCP / DR procedures are documented and maintained1.3.3Target6Current6Gap0AII.OP-06AI system decommissioning and end-of-life procedures…1.3.3; 1.3.4Target6Current5Gap1AII.AG-01Agent authorisation scope is documented and enforced1.5.1Target6Current4Gap2AII.AG-02Human-in-the-loop authorisation is applied to sensitive…1.5.1Target6Current5Gap1AII.AG-03Agent activity is logged at action granularity1.5.1Target7Current7Gap0AII.AG-04Agent defences against prompt injection1.5.1Target6Current5Gap1AII.AG-05Agent frameworks, orchestration, and MCP implementations…1.3.3Target7Current7Gap0AII.AG-06Emergency suspension and revocation capability for in-house…1.6.1Target7Current1Gap6AII.TA-01AI security training is provided to AI development2.1.1Target6Current6Gap0AII.TA-02An AI Security Champion programme is operated to designate1.2.1; 2.1.1Target6Current5Gap1AII.US-01Approved in-house AI tools and use cases are defined and…1.5.1Target6Current5Gap1AII.US-02Data exposure to in-house AI tools is governed per AI…1.3.2; 1.5.1Target6Current5Gap1AII.US-03AI tool output handling and verification requirements are…1.3.3Target6Current6Gap0AII.US-04Authentication and account hygiene for in-house AI tools is…1.5.1Target6Current5Gap1

Forecast

Where the ISMS is heading versus committed Target dates. Answers “are we going to make it on time, and where do we need to accelerate?”

On track. Projected to reach Target maturity by Q4 2026 — on or ahead of commitment (Q1 2027).
Committed Target Date
Q1 2027
2027-03-31
Projected Target Date
Q4 2026
2026-11-10
Slip / Lead
+1.3 q
ahead
% Controls on Track
83%
284 of 341
Quarterly Velocity
+0.28
ISMS avg / quarter

Per-Domain Trajectory

Each Domain’s current trajectory against its committed Target date. Slipping or Stagnant Domains drag the company-wide projection.

GOVGovern
On Track
5.79 → 6.05
Projected: Q3 2026
Committed: Q4 2026 (placeholder)
IDEIdentify
Watch
5.76 → 6.24
Projected: Q1 2027
Committed: Q4 2026 (placeholder)
PROProtect
On Track
5.74 → 6.20
Projected: Q4 2026
Committed: Q1 2027 (placeholder)
DETDetect
On Track
6.08 → 6.27
Projected: Q3 2026
Committed: Q3 2026 (placeholder)
RESRespond
On Track
6.12 → 6.23
Projected: Q3 2026
Committed: Q3 2026 (placeholder)
RECRecover
On Track
6.04 → 6.22
Projected: Q3 2026
Committed: Q4 2026 (placeholder)
APSAppSec
On Track
5.79 → 6.29
Projected: Q4 2026
Committed: Q1 2027 (placeholder)
AITAI Third Party
On Track
5.44 → 6.28
Projected: Q2 2027
Committed: Q2 2027 (placeholder)
AIIAI Internally Developed
On Track
5.48 → 6.25
Projected: Q3 2027
Committed: Q3 2027 (placeholder)

Action Lists

Top 5 in each category — the levers to keep ISMS on commitment.

Improving 10

AIT.AG-06Emergency suspension and revocation capability for…+3 growth, gap 6
AII.AG-06Emergency suspension and revocation capability for in-house…+3 growth, gap 6
AII.VM-06A versioned security evaluation suite gates promotion of AI…+3 growth, gap 5
AII.OP-07AI-generated content transparency and provenance…+2 growth, gap 5
GOV.RR-08A cross-functional AI governance forum is established with…+2 growth, gap 4
IDE.ES-04Brand-related external exposure+2 growth, gap 2
PRO.NS-02Network segmentation isolates environments+2 growth, gap 2
PRO.EP-03Mobile device management is applied to company-managed and…+2 growth, gap 2
PRO.IR-03Environmental threats+2 growth, gap 2
PRO.IR-07Infrastructure capacity and resource adequacy are monitored+2 growth, gap 2

Need Acceleration 10

IDE.AM-07Asset integrationsneeds +1.00/q (req 1.00, pace 0.00)
IDE.TM-02External and internal threat intelligence is collected from…needs +1.00/q (req 1.00, pace 0.00)
IDE.TM-04AI-specific threat intelligence sourcesneeds +1.00/q (req 1.00, pace 0.00)
IDE.TM-05Threat intelligence outputs are disseminated to risk…needs +1.00/q (req 1.00, pace 0.00)
DET.GV-02Detection capabilityneeds +1.00/q (req 1.00, pace 0.00)
DET.CM-02Endpoint and identity monitoring captures EDRneeds +1.00/q (req 1.00, pace 0.00)
RES.PR-01Incident response plans and playbooksneeds +1.00/q (req 1.00, pace 0.00)
RES.AN-04Threat actor attribution is assessed where evidence…needs +1.00/q (req 1.00, pace 0.00)
PRO.TA-04Phishing and social engineering simulation programmes are…needs +0.67/q (req 0.67, pace 0.00)
APS.SC-03Build pipeline and deployment infrastructure integrity and…needs +0.67/q (req 0.67, pace 0.00)

Slipping (no movement) 10

AIT.AG-05Agentic AI vendor selection follows elevated criteriagap 2, zero movement
AIT.AM-01Third-party AI tools and services are inventoriedgap 2, zero movement
AIT.AM-02Third-party AI assets are classified and tagged with AI…gap 2, zero movement
APS.SC-03Build pipeline and deployment infrastructure integrity and…gap 2, zero movement
IDE.AM-07Asset integrationsgap 2, zero movement
IDE.TM-02External and internal threat intelligence is collected from…gap 2, zero movement
IDE.TM-04AI-specific threat intelligence sourcesgap 2, zero movement
IDE.TM-05Threat intelligence outputs are disseminated to risk…gap 2, zero movement
PRO.TA-04Phishing and social engineering simulation programmes are…gap 2, zero movement
AII.AG-02Human-in-the-loop authorisation is applied to sensitive…gap 1, zero movement

All Forecast-Below-Target Controls

All Controls Forecast Below Target 81 — click to expand
ID
Statement
Evidence
Target
Current
Gap
Forecast
Growth
F Gap
Emergency suspension and revocation capability for in-house…
2
7
1
6
4
3
3
Emergency suspension and revocation capability for…
2
7
1
6
4
3
3
AI-generated content transparency and provenance…
2
6
1
5
3
2
3
A versioned security evaluation suite gates promotion of AI…
2
7
2
5
5
3
2
A cross-functional AI governance forum is established with…
2
6
2
4
4
2
2
System prompts and AI instructions are inventoried
4
6
3
3
4
1
2
Agentic AI vendor selection follows elevated criteria
4
7
5
2
5
0
2
Third-party AI tools and services are inventoried
4
6
4
2
4
0
2
Third-party AI assets are classified and tagged with AI…
4
6
4
2
4
0
2
Build pipeline and deployment infrastructure integrity and…
2
7
5
2
5
0
2
Asset integrations
4
6
4
2
4
0
2
External and internal threat intelligence is collected from…
2
6
4
2
4
0
2
AI-specific threat intelligence sources
2
6
4
2
4
0
2
Threat intelligence outputs are disseminated to risk…
2
7
5
2
5
0
2
Phishing and social engineering simulation programmes are…
1
6
4
2
4
0
2
Segregation of duties for security-sensitive activities is…
4
6
5
1
4
-1
2
General information security training is provided to all…
1
6
5
1
4
-1
2
Secure Software Development Lifecycle (SDLC) standards are…
4
6
6
0
4
-2
2
Per-Control maturity is scored against the Company's…
1
7
7
0
5
-2
2
Information security leadership
4
6
6
0
4
-2
2
Agentic AI activity is logged at action granularity
4
7
5
2
6
1
1
Shadow AI — unauthorised third-party AI use — is detected…
4
6
4
2
5
1
1
Embedded AI capabilities within existing SaaS suppliers are…
4
6
4
2
5
1
1
Training effectiveness is measured
1
6
4
2
5
1
1
Human-in-the-loop authorisation is applied to sensitive…
2
6
5
1
5
0
1
Agent defences against prompt injection
1
6
5
1
5
0
1
In-house AI systems are inventoried and classified
4
6
5
1
5
0
1
Training datasets and AI data assets are inventoried
4
6
5
1
5
0
1
AI data flows and integrations are documented
4
6
5
1
5
0
1
AI security compliance with policies
4
6
5
1
5
0
1
An AI Security Champion programme is operated to designate
1
6
5
1
5
0
1
Approved in-house AI tools and use cases are defined and…
1
6
5
1
5
0
1
Authentication and account hygiene for in-house AI tools is…
1
6
5
1
5
0
1
AI vulnerabilities are tracked
4
6
5
1
5
0
1
Third-Party AI compliance with policies
4
6
5
1
5
0
1
Third-party AI tool retirement is performed when approval…
1
7
6
1
6
0
1
Approved third-party AI tools
4
6
5
1
5
0
1
Data exposure to third-party AI tools is governed per AI…
4
7
6
1
6
0
1
Security requirements are defined for applications based on…
4
6
5
1
5
0
1
AppSec procedures are documented
4
6
5
1
5
0
1
AppSec compliance with policies
4
6
5
1
5
0
1
Third-party components and dependencies are inventoried and…
4
7
6
1
6
0
1
Access control is applied to development assets
4
7
6
1
6
0
1
AppSec training is provided to development
1
6
5
1
5
0
1
A Security Champion programme is operated to designate
1
6
5
1
5
0
1
Application runtime testing is performed
2
6
5
1
5
0
1
Endpoint and identity monitoring captures EDR
4
7
6
1
6
0
1
Detection capability
4
6
5
1
5
0
1
Independent reviews of information security are conducted…
1
6
5
1
5
0
1
Intellectual property rights
4
6
5
1
5
0
1
Board of Directors and Executive Team are updated on…
2
6
5
1
5
0
1
Continual improvement of the ISMS is governed through…
2
7
6
1
6
0
1
Personnel onboarding
4
6
5
1
5
0
1
Service assets — including domain management, cloud…
4
6
5
1
5
0
1
Application assets
4
6
5
1
5
0
1
Personal data and special-category data are identified
4
6
5
1
5
0
1
Data flows across the asset estate
4
6
5
1
5
0
1
Data discovery activities are performed to detect…
4
6
5
1
5
0
1
Internet-exposed assets
4
7
6
1
6
0
1
Project-level, change-level, and onboarding-level risk…
2
6
5
1
5
0
1
Access is granted on the principles of least privilege and…
4
6
5
1
5
0
1
Privileged access is governed under additional safeguards
4
6
5
1
5
0
1
Authentication credentials
4
7
6
1
6
0
1
Data handling requirements per classification
4
6
5
1
5
0
1
Endpoint lifecycle
2
7
6
1
6
0
1
Cloud platform and SaaS configurations are governed under…
4
6
5
1
5
0
1
Role-specific information security training is provided to…
1
6
5
1
5
0
1
Vulnerability exceptions are formally requested
1
7
6
1
6
0
1
Threat actor attribution is assessed where evidence…
2
7
6
1
6
0
1
Incident response plans and playbooks
4
6
5
1
5
0
1
Hunts are informed by threat intelligence per IDE.TM
1
6
6
0
5
-1
1
Internal audit programme for the ISMS is established with…
1
6
6
0
5
-1
1
Audit findings, observations, and recommendations are…
1
6
6
0
5
-1
1
Exceptions to information security policies are formally…
4
6
6
0
5
-1
1
Information security resourcing requirements
2
6
6
0
5
-1
1
Competence requirements for information security personnel…
2
6
6
0
5
-1
1
External expertise
2
6
6
0
5
-1
1
Information security roles and responsibilities for Company…
4
6
6
0
5
-1
1
Personnel screening commensurate with role sensitivity is…
4
6
6
0
5
-1
1
Confidentiality and non-disclosure obligations are…
4
6
6
0
5
-1
1
Forensic analysis and evidence handling are performed under…
4
6
6
0
5
-1
1

ISMS Control Library v4.3.4

Updated 6 June 2026

Healthy Watch Attention
Description: Organisational context for the Information Security Management System — internal and external issues, stakeholders, scope, and critical dependencies — is defined, documented, and maintained
Description: Legal, statutory, regulatory, and contractual obligations bearing on information security are identified, maintained in a structured register, and reflected in the ISMS
Description: Information security risk is identified, assessed, treated, monitored, and reported under a defined methodology aligned with enterprise risk management
Description: Information security accountabilities, responsibilities, segregation of duties, and workforce conduct expectations are defined, communicated, and enforced across all personnel categories
Description: Information security policies, standards, and procedures are structured under a defined architecture, lifecycle, and exception management process
Description: Resources, budget, and personnel competence required to operate the ISMS are determined, secured, and maintained
Description: ISMS performance is monitored, evaluated, reported to leadership, reviewed by management, and continually improved, with per-Control maturity scoring as a structural performance indicator
Description: Independent assurance over the ISMS is provided through internal audits, external audits and certifications, and structured tracking of findings
Description: Technology assets — services, applications, network, and endpoints — are inventoried, classified, related to one another, and managed throughout their lifecycle
Description: Data assets and their processing activities are inventoried, classified, mapped across the asset estate, and maintained to support data protection, regulatory compliance, and operational decisions
Description: Critical business functions, crown-jewel assets, and business impact tolerances are identified, documented, and maintained to inform protection, detection, response, and recovery priorities
Description: The Company's external attack surface — internet-exposed assets, public-facing footprint, and brand-related external exposure — is discovered, inventoried, monitored, and reduced where appropriate
Description: Information security risks are identified, analysed for likelihood and impact, recorded, and handed off into the risk management process for treatment decisioning
Description: The threat landscape relevant to the Company is monitored, intelligence is collected and analysed from internal and external sources, and threat insights are disseminated to inform risk, control, and incident decisions
Description: Suppliers and other third parties are identified, categorised, due-diligenced, contractually bound, monitored, and offboarded under a defined supply chain risk management process
Description: Identities, authentication, and access to Company systems, applications, and data are governed and enforced under defined policies, with privileged access subject to additional safeguards
Description: Data is protected throughout its lifecycle through classification-driven handling, encryption, leakage prevention, masking, retention, secure disposal, and backup
Description: Cryptographic capabilities — algorithms, keys, certificates, and supporting infrastructure — are governed, applied to defined standards, and maintained against evolving threats including post-quantum risks
Description: Operating systems, cloud platforms, and supporting infrastructure are securely configured, hardened against defined baselines, and protected from unauthorised software and configuration drift
Description: Network access, segmentation, perimeter, supporting services, and messaging channels are designed and operated to limit unauthorised connectivity and contain compromise&#10;&#10;
Description: Email, messaging, and collaboration platforms are protected against inbound threats, secured through protocol-level authenticity safeguards, governed under platform baselines, and monitored for impersonation and brand abuse
Description: Endpoint devices — company-managed workstations, mobile devices, and where applicable BYOD — are protected, monitored, and securely configured throughout their lifecycle
Description: Facilities, environmental threats, workplace safeguards, infrastructure capacity, and resilience mechanisms protect Company assets and operations from physical, environmental, and availability risks
Description: Vulnerabilities across infrastructure, platforms, and supporting systems are discovered, prioritised, remediated, and tracked through to closure
Description: Personnel receive information security training and ongoing awareness commensurate with role and risk, with effectiveness measured and improved
Description: Detection policy, programme governance, capability sourcing, coverage measurement, and effectiveness testing are documented, communicated, and maintained
Description: Log generation, collection, retention, and integrity protection are governed to provide the foundation for monitoring, analysis, and forensic investigation
Description: Security-relevant signals from across the asset estate are continuously monitored to detect threats, anomalies, and policy violations
Description: Detection content — rules, signatures, queries, and use cases — is developed, tested, deployed, and maintained under defined engineering practices
Description: Alerts and events are triaged, correlated, investigated, and escalated to incident response under defined processes and service levels
Description: Proactive threat hunting is performed to detect threats that bypass automated detection, informed by threat intelligence and TTP coverage gaps
Description: Information security Incident response policy, programme governance, capability sourcing, and stakeholder engagement framework are documented, communicated, and maintained
Description: Incident response plans, tooling, competence, exercises, and external relationships are established and maintained to ensure operational readiness
Description: Incidents are declared, led, contained, eradicated, and handed off to recovery under defined procedures and service levels
Description: Forensic analysis, scope and impact determination, root cause analysis, and attribution support response decisions and post-incident learning
Description: Internal, regulatory, customer, supplier, and public communications during incidents are governed under defined processes, timeframes, and approval controls
Description: Post-incident reviews, programme effectiveness assessment, and improvement actions are governed to drive continual improvement across the framework
Description: Recovery policy, programme governance, capability sourcing, and stakeholder engagement framework are documented, communicated, and maintained
Description: Recovery strategies, plans, tooling, competence, exercises, and external relationships are established and maintained to ensure operational readiness
Description: Recovery is initiated, led, executed, and completed under defined procedures with prioritised sequencing per IDE.BI
Description: Backups, restored systems, and recovered services are validated for integrity, function, and absence of residual threat before normal operations resume
Description: Internal, regulatory, customer, supplier, and public communications during and after recovery are governed under defined processes, timeframes, and approval controls
Description: Post-recovery reviews, programme effectiveness assessment, and improvement actions are governed to drive continual improvement
Description: Application security governance — policies, procedures, standards, and compliance reviews — is established, maintained, and aligned with the organization's risk strategy
Description: Application assets — applications, source code repositories, secrets, and data flows — are identified and managed consistent with the organization's risk strategy
Description: Application security is established during design through requirements definition, threat modeling, architecture review, privacy assessment, and use of secure design patterns
Description: Applications are developed and built using practices, standards, and controls that prevent introduction of common security defects and align with recognized industry guidance
Description: The software supply chain — third-party components, build pipelines, deployment infrastructure, and container artifacts — is inventoried, secured, and assured for integrity
Description: Application security is verified through testing, and identified vulnerabilities are tracked, prioritized, and addressed
Description: Application security is maintained in production through secure release, runtime protection, incident response, recovery planning, and secure decommissioning
Description: Personnel involved in application development and operations are provided training and supported by a security champion network to perform their application security responsibilities
Description: Third-party AI governance — policies, procedures, vendor responsibility framework, and compliance reviews — is established, maintained, and aligned with the company's security, ethical, and regulatory posture
Description: Third-party AI vendors are evaluated, contracted, and reassessed against the Vendor Responsibility Framework across security, ethical, social, and regulatory dimensions
Description: Third-party AI tools, services, and embedded AI capabilities are inventoried, classified, and tagged with AI Exposure Designation and EU AI Act risk tier
Description: Agentic AI tools — autonomous, multi-step, tool-using AI systems — are governed under elevated security, authorisation, and accountability controls reflecting their higher risk profile
Description: Internal use of approved third-party AI tools is governed across data exposure, output handling, account hygiene, and acceptable use
Description: Third-party AI usage, provider posture, and abuse patterns are monitored to detect adverse events and material changes
Description: Third-party AI–specific security incidents are managed through dedicated playbooks integrated with the master Incident Management process
Description: Third-party AI tool retirement is performed when approval is rescinded, contract ends, or material adverse changes warrant discontinuation, with verified data return, account closure, and lessons learned
Description: Internally developed AI security governance — policies, procedures, secure AI development lifecycle standards, and compliance reviews — is established, maintained, and aligned with the company's security and regulatory posture
Description: Internally developed AI systems and their constituent assets — models, training datasets, system prompts, and data flows — are inventoried, classified, and managed
Description: AI security is established during AI system design through requirements definition, AI-specific threat modeling, architecture review, privacy and fundamental-rights impact assessment, and use of secure AI design patterns.
Description: AI systems are developed and built using practices, standards, and controls that prevent introduction of AI-specific security defects and align with recognized industry guidance
Description: The AI supply chain — third-party AI components, base models, training datasets, build pipelines, and ML infrastructure — is inventoried, secured, and assured for integrity
Description: AI system security is verified through code, runtime, and red-team testing, and identified vulnerabilities are tracked, prioritized, and addressed
Description: AI system security is maintained in production through secure release, runtime protection, AI-specific monitoring, incident response, recovery planning, and secure decommissioning
Description: Internally developed agentic AI systems — autonomous, multi-step, tool-using AI built or substantially adapted by the company — are governed under elevated security, authorisation, and accountability controls reflecting their higher risk profile
Description: Personnel involved in AI development and operations are provided AI security training and supported by an AI security champion network to perform their AI security responsibilities
Description: Internal use of approved internally developed AI tools is governed across data exposure, output handling, account hygiene, and acceptable use

KPI Scoring Model

The 10-level scale, evidence anchors, aggregation rule, and target-setting guidance that determine how Controls are measured and how the Healthy / Watch / Attention thresholds are derived.

10-Level Maturity Scale with Evidence Anchors

LevelBandDescriptionEvidence Anchor
1 - AbsentInitialNo controls exist. The area is not addressed: no approach, no activity, no record. Coverage, Execution, Documentation, Reporting, and Review are all None.No process, no procedure, no records. Asked about the control, the answer is "we don't do this" or "we haven't started".
2 - Ad Hoc / InformalInitialThe control is performed only reactively or informally. Covers two real-world states sharing the same defining weakness — no systematic, documented, owned approach: (a) reactive — activity occurs on demand or in response to an incident; and/or (b) informal-but-routine — activity is performed with some regularity by individuals, but depends on those people, follows no documented process, and has no formally accountable owner. Coverage and Execution are inconsistent or person-dependent; Documentation is inconsistent or absent; Reporting and Review are absent.No documented process and no formally accountable owner. Activity is triggered by demand, incident, or individual habit rather than a defined cadence. Records (if any) live in individuals' notes, inboxes, or heads rather than a system of record. If the activity stopped because one person left, it was Level 2.
3 - PlannedDevelopingA systematic approach has been recognised, defined, and committed to, but is not yet operating. Gaps are identified; improvement is planned and resourced. Execution and Documentation remain inconsistent; Reporting and Review are not yet reliable.A documented intention exists (charter, project plan, roadmap entry) with a named owner, allocated resource, and a target date. Execution has not yet begun, or exists only as a pilot.
4 - ImplementingDevelopingThe systematic approach is being implemented. Process and tooling are partly in place and in use. Coverage and Execution are becoming consistent but are not yet complete; Documentation is consistent; Reporting and Review are still inconsistent.A documented process exists with a named owner and is in use across at least part of scope. Coverage gaps are known and tracked. Review cadence is not yet routine.
5 - ManagedEstablishedThe systematic approach is operational and maintained as business-as-usual. Required process and tools are used consistently. All five attributes are consistent.Process operates to a documented cadence across full scope. Outputs are recorded systematically. Periodic review occurs at the defined cadence. Named accountability exists with role-based backup. Owners can produce evidence on request without preparation effort.
6 - IntegratedEstablishedThe control is consciously aligned with the wider governance system and with strategic, tactical, and operational planning. It appears in roadmaps, objectives, and KPIs/OKRs with forward-looking targets — not just current-state scores. All five attributes remain consistent.Level 5 evidence plus the control appears in at least one of: (a) a current-year executive or board roadmap with a forward target; (b) a non-security business unit's planning document; or (c) a KPI/OKR with a measurable forward trajectory. The forward target must be explicitly documented, quantified, and tracked. A qualitative mention ("we plan to mature this") does not satisfy the anchor.
7 - MeasuredOptimisingThe control is actively analysed for improvement. Metrics and trend analysis are used routinely to identify weaknesses and drive change; improvement is evidence-led rather than opinion-led. All five attributes consistent.Metrics are analysed at a defined cadence. In-year improvement decisions are traceable to data findings — not opinion or audit findings alone. Trend analysis is visible in periodic reporting.
8 - OptimisingOptimisingImprovement is continuous and largely self-sustaining. The area refines its own process and tooling based on data, anticipates change rather than reacting to it, and consistently meets or beats its targets. All five attributes consistent.Process and tooling refinements occur self-directed, based on data, without an external trigger (audit, incident, regulatory pressure). The control regularly meets or exceeds its targets. There is demonstrable anticipation of change — updates ahead of regulatory change or ahead of a threat-landscape shift.
9 - InnovatingLeadingThe control extends the wider system's capability. It identifies and introduces genuinely new functionality, process, or tooling that did not previously exist — raising the ceiling for what the organisation can do, not just doing the existing thing better. All five attributes consistent.The control introduces capability that did not previously exist in the organisation — new process, new tooling, new measurement, or new linkage to a business outcome. The change is internally visible and demonstrably new, distinct from "we improved our existing X".
10 - LeadingLeadingThe control is a recognised business enabler at the external edge of practice. It unlocks new business opportunity, shapes practice beyond the organisation, and is benchmarked against — rather than benchmarking. All five attributes consistent.Externally visible artefacts required: (a) published guidance, case studies, or industry working-group leadership; (b) a formal benchmarking position — the organisation is benchmarked against by others; or (c) recognition by an industry body, regulator, or peer consensus. Level 10 is a recognition of fact, not an aspiration. If asked "are we Level 10?" and the answer involves "we think we are", it is not Level 10.

Target-Setting Guidance

Targets are set per Control. Without guidance, every Control risks being targeted at Level 8-10, which is unrealistic and dilutes the model's analytical signal. Recommended defaults by Control category:

Control categoryDefault target range
Foundational governance Controls — policy documentation, procedure documentation, administrative controls which do not require quantitative analysis for effectiveness6
Operational baseline Controls — event monitoring, identity & access, CTEM, incident response, change management, backup & recovery6-7
Controls protecting critical assets, or controls requiring more detailed analysis for effectiveness7-8
Controls underpinning unique competitive capability or where innovation is a deliberate business outcome8-9
Where innovation or external recognition is a real and resourced business outcome (not standard operations)9-10

— A target above Level 8 should be justified per Control with a written business rationale.

— Controls in general should not have a Level 9-10 Target; setting them as aspirational dilutes the model's signal and shifts focus from achievable improvement.

— Targets are reviewed at the same cadence as the maturity scoring itself.

— A regression in score (Current falls below the prior measurement) is itself a finding that warrants documented explanation — not an automatic failure.

The Five Assessment Attributes

Every level is assessed against five attributes. The overall level is governed by the weakest attribute — all five must reach a level's threshold for the Control to score at that level.

AttributeQuestion it answers
CoverageAcross what proportion of the in-scope estate does the approach apply?
ExecutionIs the activity actually performed, consistently, as defined?
DocumentationIs the approach and its output recorded in a system of record?
ReportingAre results surfaced to those who need them, on a cadence?
ReviewIs the approach periodically examined and improved?

Scoring Protocol — Decision Tree

To make scoring repeatable across assessors, determine the level by answering gate questions in sequence and stopping at the first “no”. The level is the highest band for which all gates are satisfied. Score the five attributes individually first, then apply the gates — the attribute-level data is more diagnostic than the final number.

Step 1Establish the floor
Does any approach, activity, or record exist at all?No → Level 1
Is the activity performed only reactively or informally, with no documented process and no accountable owner?Yes → Level 2
Step 2Test the Developing band
Documented, owned, resourced intention, but the process is not yet operating across scope?Yes → Level 3
Documented process in use across part of scope; Documentation consistent; Review not yet routine?Yes → Level 4
Step 3Test the Established gate (pivotal threshold)

All six checks must be true to reach Level 5. Any box unchecked → the Control stays at Level 4, regardless of how advanced other attributes are.

Process operates to a documented cadence across full scope (Coverage consistent)L5 gate
Activity performed consistently as defined (Execution consistent)L5 gate
Outputs recorded in a system of record (Documentation consistent)L5 gate
Results reported on a cadence (Reporting consistent)L5 gate
Periodic review occurs at the defined cadence (Review consistent)L5 gate
Evidence producible on request without preparation effortL5 gate
Step 4Test Integrated (Level 6)
Control appears in a roadmap / non-security plan / OKR with a quantified, tracked forward target?Yes → Level 6
Step 5Test Optimising (Levels 7–8)
Improvement decisions traceable to metric analysis at a defined cadence?Yes → ≥ Level 7
Refinements self-directed without external trigger and meeting/beating targets and anticipating change?All yes → Level 8
Step 6Test Leading (Levels 9–10) — exceptional
Introduced capability that did not previously exist in the organisation?Yes → ≥ Level 9
External artefacts of recognition / benchmarking (published guidance, being benchmarked against, industry or regulator recognition)?Yes → Level 10

External Crosswalk

A one-line interpretation aid so auditors, customers, and benchmarking surveys can read the scores without translation disputes. Mappings are approximate and for orientation only.

LevelBandCMMI v3.0NIST CSF 2.0 TierBaldrige Cybersecurity
Excellence Builder v1.1
COBIT 2019
1 - AbsentInitial0 Incomplete0 Incomplete
2 - Ad Hoc / InformalInitial1 InitialTier 1 (Partial)Reactive1 Initial
3 - PlannedDeveloping1-2Tier 1-2Reactive-Early2 Managed
4 - ImplementingDeveloping2 ManagedTier 2 (Risk Informed)Early2 Managed
5 - ManagedEstablished3 DefinedTier 2-3Developing3 Defined
6 - IntegratedEstablished3 DefinedTier 3 (Repeatable)Mature4 Quantitatively Managed
7 - MeasuredOptimising4 Quantitatively ManagedTier 3-4Mature-Leading4 Quantitatively Managed
8 - OptimisingOptimising5 OptimizingTier 4 (Adaptive)Leading5 Optimising
9 - InnovatingLeading(beyond model)(beyond model)Exemplary(beyond model)
10 - LeadingLeading(beyond model)(beyond model)Exemplary(beyond model)

Baldrige caps its six-level scale at Exemplary and does not distinguish novelty (Level 9) from external recognition (Level 10); both map to Exemplary. CMMI v3.0 deliberately caps at five levels, partly to avoid incentivising novelty-for-its-own-sake.