[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2019-9499":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T08:53:30.047Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":965,"aliases":966,"duplicate_of":9,"upstream":967,"downstream":968,"duplicates":997,"related":998,"reserved_at":9,"published_at":1007,"modified_at":1008,"state":1009,"summary":1010,"references_raw":1019,"kevs":1067,"epss":1068,"epss_history":1071,"metrics":1334,"affected":1345},"CVE-2019-9499","The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of the data connection with a client. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.",null,[11,660],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-287","Improper Authentication","When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.","weakness","Draft","Class","High",[20,182,261,265,269,273,292,481,543,627],{"id":21,"name":22,"techniques":23},"CAPEC-114","Authentication Abuse",[24],{"id":25,"name":26,"tactics":27,"countermeasures":34},"T1548","Abuse Elevation Control Mechanism",[28,31],{"id":29,"name":30},"TA0030","Defense Evasion",{"id":32,"name":33},"TA0111","Privilege Escalation",[35,40,44,48,52,57,61,65,69,73,77,81,85,89,94,98,103,108,112,116,120,125,129,133,137,141,146,150,154,158,162,166,170,174,178],{"id":36,"name":37,"tactic":38},"D3-CI","Configuration Inventory",{"name":39},"Model",{"id":41,"name":42,"tactic":43},"D3-AM","Access Modeling",{"name":39},{"id":45,"name":46,"tactic":47},"D3-DI","Data Inventory",{"name":39},{"id":49,"name":50,"tactic":51},"D3-NTPM","Network Traffic Policy Mapping",{"name":39},{"id":53,"name":54,"tactic":55},"D3-AEM","Application Exception Monitoring",{"name":56},"Detect",{"id":58,"name":59,"tactic":60},"D3-SCA","System Call Analysis",{"name":56},{"id":62,"name":63,"tactic":64},"D3-SFA","System File Analysis",{"name":56},{"id":66,"name":67,"tactic":68},"D3-FA","File Analysis",{"name":56},{"id":70,"name":71,"tactic":72},"D3-FIM","File Integrity Monitoring",{"name":56},{"id":74,"name":75,"tactic":76},"D3-OPM","Operational Process Monitoring",{"name":56},{"id":78,"name":79,"tactic":80},"D3-DA","Dynamic Analysis",{"name":56},{"id":82,"name":83,"tactic":84},"D3-EFA","Emulated File Analysis",{"name":56},{"id":86,"name":87,"tactic":88},"D3-PSA","Process Spawn Analysis",{"name":56},{"id":90,"name":91,"tactic":92},"D3-FEV","File Eviction",{"name":93},"Evict",{"id":95,"name":96,"tactic":97},"D3-AL","Account Locking",{"name":93},{"id":99,"name":100,"tactic":101},"D3-DF","Decoy File",{"name":102},"Deceive",{"id":104,"name":105,"tactic":106},"D3-FE","File Encryption",{"name":107},"Harden",{"id":109,"name":110,"tactic":111},"D3-AA","Agent Authentication",{"name":107},{"id":113,"name":114,"tactic":115},"D3-CDP","Change Default Password",{"name":107},{"id":117,"name":118,"tactic":119},"D3-SCP","System Configuration Permissions",{"name":107},{"id":121,"name":122,"tactic":123},"D3-RC","Restore Configuration",{"name":124},"Restore",{"id":126,"name":127,"tactic":128},"D3-RF","Restore File",{"name":124},{"id":130,"name":131,"tactic":132},"D3-ULA","Unlock Account",{"name":124},{"id":134,"name":135,"tactic":136},"D3-RUAA","Restore User Account Access",{"name":124},{"id":138,"name":139,"tactic":140},"D3-RD","Restore Database",{"name":124},{"id":142,"name":143,"tactic":144},"D3-SCF","System Call Filtering",{"name":145},"Isolate",{"id":147,"name":148,"tactic":149},"D3-CF","Content Filtering",{"name":145},{"id":151,"name":152,"tactic":153},"D3-LFP","Local File Permissions",{"name":145},{"id":155,"name":156,"tactic":157},"D3-RFAM","Remote File Access Mediation",{"name":145},{"id":159,"name":160,"tactic":161},"D3-CQ","Content Quarantine",{"name":145},{"id":163,"name":164,"tactic":165},"D3-CM","Content Modification",{"name":145},{"id":167,"name":168,"tactic":169},"D3-UAP","User Account Permissions",{"name":145},{"id":171,"name":172,"tactic":173},"D3-EAL","Executable Allowlisting",{"name":145},{"id":175,"name":176,"tactic":177},"D3-EDL","Executable Denylisting",{"name":145},{"id":179,"name":180,"tactic":181},"D3-HBPI","Hardware-based Process Isolation",{"name":145},{"id":183,"name":184,"techniques":185},"CAPEC-115","Authentication Bypass",[186],{"id":25,"name":26,"tactics":187,"countermeasures":190},[188,189],{"id":29,"name":30},{"id":32,"name":33},[191,193,195,197,199,201,203,205,207,209,211,213,215,217,219,221,223,225,227,229,231,233,235,237,239,241,243,245,247,249,251,253,255,257,259],{"id":36,"name":37,"tactic":192},{"name":39},{"id":41,"name":42,"tactic":194},{"name":39},{"id":45,"name":46,"tactic":196},{"name":39},{"id":49,"name":50,"tactic":198},{"name":39},{"id":53,"name":54,"tactic":200},{"name":56},{"id":58,"name":59,"tactic":202},{"name":56},{"id":62,"name":63,"tactic":204},{"name":56},{"id":66,"name":67,"tactic":206},{"name":56},{"id":70,"name":71,"tactic":208},{"name":56},{"id":74,"name":75,"tactic":210},{"name":56},{"id":78,"name":79,"tactic":212},{"name":56},{"id":82,"name":83,"tactic":214},{"name":56},{"id":86,"name":87,"tactic":216},{"name":56},{"id":90,"name":91,"tactic":218},{"name":93},{"id":95,"name":96,"tactic":220},{"name":93},{"id":99,"name":100,"tactic":222},{"name":102},{"id":104,"name":105,"tactic":224},{"name":107},{"id":109,"name":110,"tactic":226},{"name":107},{"id":113,"name":114,"tactic":228},{"name":107},{"id":117,"name":118,"tactic":230},{"name":107},{"id":121,"name":122,"tactic":232},{"name":124},{"id":126,"name":127,"tactic":234},{"name":124},{"id":130,"name":131,"tactic":236},{"name":124},{"id":134,"name":135,"tactic":238},{"name":124},{"id":138,"name":139,"tactic":240},{"name":124},{"id":142,"name":143,"tactic":242},{"name":145},{"id":147,"name":148,"tactic":244},{"name":145},{"id":151,"name":152,"tactic":246},{"name":145},{"id":155,"name":156,"tactic":248},{"name":145},{"id":159,"name":160,"tactic":250},{"name":145},{"id":163,"name":164,"tactic":252},{"name":145},{"id":167,"name":168,"tactic":254},{"name":145},{"id":171,"name":172,"tactic":256},{"name":145},{"id":175,"name":176,"tactic":258},{"name":145},{"id":179,"name":180,"tactic":260},{"name":145},{"id":262,"name":263,"techniques":264},"CAPEC-151","Identity Spoofing",[],{"id":266,"name":267,"techniques":268},"CAPEC-194","Fake the Source of Data",[],{"id":270,"name":271,"techniques":272},"CAPEC-22","Exploiting Trust in Client",[],{"id":274,"name":275,"techniques":276},"CAPEC-57","Utilizing REST's Trust in the System Resource to Obtain Sensitive Data",[277],{"id":278,"name":279,"tactics":280,"countermeasures":287},"T1040","Network Sniffing",[281,284],{"id":282,"name":283},"TA0031","Credential Access",{"id":285,"name":286},"TA0102","Discovery",[288],{"id":289,"name":290,"tactic":291},"D3-DNSTA","DNS Traffic Analysis",{"name":56},{"id":293,"name":294,"techniques":295},"CAPEC-593","Session Hijacking",[296,340,453],{"id":297,"name":298,"tactics":299,"countermeasures":303},"T1185","Browser Session Hijacking",[300],{"id":301,"name":302},"TA0100","Collection",[304,308,312,316,320,324,328,332,336],{"id":305,"name":306,"tactic":307},"D3-UGLPA","User Geolocation Logon Pattern Analysis",{"name":56},{"id":309,"name":310,"tactic":311},"D3-PMAD","Protocol Metadata Anomaly Detection",{"name":56},{"id":313,"name":314,"tactic":315},"D3-CSPP","Client-server Payload Profiling",{"name":56},{"id":317,"name":318,"tactic":319},"D3-PHDURA","Per Host Download-Upload Ratio Analysis",{"name":56},{"id":321,"name":322,"tactic":323},"D3-NTSA","Network Traffic Signature Analysis",{"name":56},{"id":325,"name":326,"tactic":327},"D3-APCA","Application Protocol Command Analysis",{"name":56},{"id":329,"name":330,"tactic":331},"D3-NTCD","Network Traffic Community Deviation",{"name":56},{"id":333,"name":334,"tactic":335},"D3-RTSD","Remote Terminal Session Detection",{"name":56},{"id":337,"name":338,"tactic":339},"D3-NTF","Network Traffic Filtering",{"name":145},{"id":341,"name":342,"tactics":343,"countermeasures":348},"T1550.001","Application Access Token",[344,345],{"id":29,"name":30},{"id":346,"name":347},"TA0109","Lateral Movement",[349,353,357,359,363,365,367,369,371,373,375,377,379,383,387,391,395,399,403,407,411,415,419,423,427,431,435,437,439,443,447,451],{"id":350,"name":351,"tactic":352},"D3-PLA","Process Lineage Analysis",{"name":56},{"id":354,"name":355,"tactic":356},"D3-PSMD","Process Self-Modification Detection",{"name":56},{"id":86,"name":87,"tactic":358},{"name":56},{"id":360,"name":361,"tactic":362},"D3-CCSA","Credential Compromise Scope Analysis",{"name":56},{"id":305,"name":306,"tactic":364},{"name":56},{"id":309,"name":310,"tactic":366},{"name":56},{"id":313,"name":314,"tactic":368},{"name":56},{"id":317,"name":318,"tactic":370},{"name":56},{"id":321,"name":322,"tactic":372},{"name":56},{"id":325,"name":326,"tactic":374},{"name":56},{"id":329,"name":330,"tactic":376},{"name":56},{"id":333,"name":334,"tactic":378},{"name":56},{"id":380,"name":381,"tactic":382},"D3-PT","Process Termination",{"name":93},{"id":384,"name":385,"tactic":386},"D3-PS","Process Suspension",{"name":93},{"id":388,"name":389,"tactic":390},"D3-HR","Host Reboot",{"name":93},{"id":392,"name":393,"tactic":394},"D3-HS","Host Shutdown",{"name":93},{"id":396,"name":397,"tactic":398},"D3-CR","Credential Revocation",{"name":93},{"id":400,"name":401,"tactic":402},"D3-ANCI","Authentication Cache Invalidation",{"name":93},{"id":404,"name":405,"tactic":406},"D3-DUC","Decoy User Credential",{"name":102},{"id":408,"name":409,"tactic":410},"D3-CH","Credential Hardening",{"name":107},{"id":412,"name":413,"tactic":414},"D3-MFA","Multi-factor Authentication",{"name":107},{"id":416,"name":417,"tactic":418},"D3-CRO","Credential Rotation",{"name":107},{"id":420,"name":421,"tactic":422},"D3-TB","Token Binding",{"name":107},{"id":424,"name":425,"tactic":426},"D3-TBA","Token-based Authentication",{"name":107},{"id":428,"name":429,"tactic":430},"D3-RIC","Reissue Credential",{"name":124},{"id":432,"name":433,"tactic":434},"D3-KBPI","Kernel-based Process Isolation",{"name":145},{"id":142,"name":143,"tactic":436},{"name":145},{"id":179,"name":180,"tactic":438},{"name":145},{"id":440,"name":441,"tactic":442},"D3-ABPI","Application-based Process Isolation",{"name":145},{"id":444,"name":445,"tactic":446},"D3-WSAM","Web Session Access Mediation",{"name":145},{"id":448,"name":449,"tactic":450},"D3-CTS","Credential Transmission Scoping",{"name":145},{"id":337,"name":338,"tactic":452},{"name":145},{"id":454,"name":455,"tactics":456,"countermeasures":458},"T1563","Remote Service Session Hijacking",[457],{"id":346,"name":347},[459,461,463,465,467,469,471,473,475,479],{"id":305,"name":306,"tactic":460},{"name":56},{"id":309,"name":310,"tactic":462},{"name":56},{"id":313,"name":314,"tactic":464},{"name":56},{"id":317,"name":318,"tactic":466},{"name":56},{"id":321,"name":322,"tactic":468},{"name":56},{"id":325,"name":326,"tactic":470},{"name":56},{"id":329,"name":330,"tactic":472},{"name":56},{"id":333,"name":334,"tactic":474},{"name":56},{"id":476,"name":477,"tactic":478},"D3-ST","Session Termination",{"name":93},{"id":337,"name":338,"tactic":480},{"name":145},{"id":482,"name":483,"techniques":484},"CAPEC-633","Token Impersonation",[485],{"id":486,"name":487,"tactics":488,"countermeasures":494},"T1134","Access Token Manipulation",[489,490,493],{"id":29,"name":30},{"id":491,"name":492},"TA0005","Stealth",{"id":32,"name":33},[495,497,499,501,503,505,507,509,511,513,515,517,519,521,523,525,527,529,531,533,535,537,539,541],{"id":36,"name":37,"tactic":496},{"name":39},{"id":49,"name":50,"tactic":498},{"name":39},{"id":41,"name":42,"tactic":500},{"name":39},{"id":53,"name":54,"tactic":502},{"name":56},{"id":58,"name":59,"tactic":504},{"name":56},{"id":360,"name":361,"tactic":506},{"name":56},{"id":74,"name":75,"tactic":508},{"name":56},{"id":86,"name":87,"tactic":510},{"name":56},{"id":476,"name":477,"tactic":512},{"name":93},{"id":396,"name":397,"tactic":514},{"name":93},{"id":400,"name":401,"tactic":516},{"name":93},{"id":404,"name":405,"tactic":518},{"name":102},{"id":408,"name":409,"tactic":520},{"name":107},{"id":412,"name":413,"tactic":522},{"name":107},{"id":416,"name":417,"tactic":524},{"name":107},{"id":420,"name":421,"tactic":526},{"name":107},{"id":424,"name":425,"tactic":528},{"name":107},{"id":121,"name":122,"tactic":530},{"name":124},{"id":428,"name":429,"tactic":532},{"name":124},{"id":142,"name":143,"tactic":534},{"name":145},{"id":448,"name":449,"tactic":536},{"name":145},{"id":171,"name":172,"tactic":538},{"name":145},{"id":175,"name":176,"tactic":540},{"name":145},{"id":179,"name":180,"tactic":542},{"name":145},{"id":544,"name":545,"techniques":546},"CAPEC-650","Upload a Web Shell to a Web Server",[547],{"id":548,"name":549,"tactics":550,"countermeasures":554},"T1505.003","Web Shell",[551],{"id":552,"name":553},"TA0110","Persistence",[555,559,563,567,571,573,575,577,579,581,583,585,587,589,591,593,595,597,599,603,605,607,609,611,613,615,617,619,621,623,625],{"id":556,"name":557,"tactic":558},"D3-NNI","Network Node Inventory",{"name":39},{"id":560,"name":561,"tactic":562},"D3-PLM","Physical Link Mapping",{"name":39},{"id":564,"name":565,"tactic":566},"D3-LLM","Logical Link Mapping",{"name":39},{"id":568,"name":569,"tactic":570},"D3-EHB","Endpoint Health Beacon",{"name":56},{"id":66,"name":67,"tactic":572},{"name":56},{"id":70,"name":71,"tactic":574},{"name":56},{"id":78,"name":79,"tactic":576},{"name":56},{"id":82,"name":83,"tactic":578},{"name":56},{"id":350,"name":351,"tactic":580},{"name":56},{"id":354,"name":355,"tactic":582},{"name":56},{"id":86,"name":87,"tactic":584},{"name":56},{"id":90,"name":91,"tactic":586},{"name":93},{"id":380,"name":381,"tactic":588},{"name":93},{"id":384,"name":385,"tactic":590},{"name":93},{"id":388,"name":389,"tactic":592},{"name":93},{"id":392,"name":393,"tactic":594},{"name":93},{"id":99,"name":100,"tactic":596},{"name":102},{"id":104,"name":105,"tactic":598},{"name":107},{"id":600,"name":601,"tactic":602},"D3-RNA","Restore Network Access",{"name":124},{"id":126,"name":127,"tactic":604},{"name":124},{"id":147,"name":148,"tactic":606},{"name":145},{"id":151,"name":152,"tactic":608},{"name":145},{"id":155,"name":156,"tactic":610},{"name":145},{"id":159,"name":160,"tactic":612},{"name":145},{"id":163,"name":164,"tactic":614},{"name":145},{"id":171,"name":172,"tactic":616},{"name":145},{"id":175,"name":176,"tactic":618},{"name":145},{"id":432,"name":433,"tactic":620},{"name":145},{"id":142,"name":143,"tactic":622},{"name":145},{"id":179,"name":180,"tactic":624},{"name":145},{"id":440,"name":441,"tactic":626},{"name":145},{"id":628,"name":629,"techniques":630},"CAPEC-94","Adversary in the Middle (AiTM)",[631],{"id":632,"name":633,"tactics":634,"countermeasures":637},"T1557","Adversary-in-the-Middle",[635,636],{"id":282,"name":283},{"id":301,"name":302},[638,640,642,644,646,648,650,652,654,658],{"id":305,"name":306,"tactic":639},{"name":56},{"id":309,"name":310,"tactic":641},{"name":56},{"id":313,"name":314,"tactic":643},{"name":56},{"id":317,"name":318,"tactic":645},{"name":56},{"id":321,"name":322,"tactic":647},{"name":56},{"id":325,"name":326,"tactic":649},{"name":56},{"id":329,"name":330,"tactic":651},{"name":56},{"id":333,"name":334,"tactic":653},{"name":56},{"id":655,"name":656,"tactic":657},"D3-CAA","Connection Attempt Analysis",{"name":56},{"id":337,"name":338,"tactic":659},{"name":145},{"_key":661,"id":661,"name":662,"description":663,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":664},"CWE-346","Origin Validation Error","The product does not properly verify that the source of data or communication is valid.",[665,669,698,710,714,824,828,832,836,840,844,848,852,953,957,961],{"id":666,"name":667,"techniques":668},"CAPEC-111","JSON Hijacking (aka JavaScript Hijacking)",[],{"id":670,"name":671,"techniques":672},"CAPEC-141","Cache Poisoning",[673],{"id":674,"name":675,"tactics":676,"countermeasures":679},"T1557.002","ARP Cache Poisoning",[677,678],{"id":282,"name":283},{"id":301,"name":302},[680,682,684,686,688,690,692,694,696],{"id":305,"name":306,"tactic":681},{"name":56},{"id":309,"name":310,"tactic":683},{"name":56},{"id":313,"name":314,"tactic":685},{"name":56},{"id":317,"name":318,"tactic":687},{"name":56},{"id":321,"name":322,"tactic":689},{"name":56},{"id":325,"name":326,"tactic":691},{"name":56},{"id":329,"name":330,"tactic":693},{"name":56},{"id":333,"name":334,"tactic":695},{"name":56},{"id":337,"name":338,"tactic":697},{"name":145},{"id":699,"name":700,"techniques":701},"CAPEC-142","DNS Cache Poisoning",[702],{"id":703,"name":704,"tactics":705,"countermeasures":709},"T1584.002","DNS Server",[706],{"id":707,"name":708},"TA0042","Resource Development",[],{"id":711,"name":712,"techniques":713},"CAPEC-160","Exploit Script-Based APIs",[],{"id":715,"name":716,"techniques":717},"CAPEC-21","Exploitation of Trusted Identifiers",[718,772,800],{"id":486,"name":487,"tactics":719,"countermeasures":723},[720,721,722],{"id":29,"name":30},{"id":491,"name":492},{"id":32,"name":33},[724,726,728,730,732,734,736,738,740,742,744,746,748,750,752,754,756,758,760,762,764,766,768,770],{"id":36,"name":37,"tactic":725},{"name":39},{"id":49,"name":50,"tactic":727},{"name":39},{"id":41,"name":42,"tactic":729},{"name":39},{"id":53,"name":54,"tactic":731},{"name":56},{"id":58,"name":59,"tactic":733},{"name":56},{"id":360,"name":361,"tactic":735},{"name":56},{"id":74,"name":75,"tactic":737},{"name":56},{"id":86,"name":87,"tactic":739},{"name":56},{"id":476,"name":477,"tactic":741},{"name":93},{"id":396,"name":397,"tactic":743},{"name":93},{"id":400,"name":401,"tactic":745},{"name":93},{"id":404,"name":405,"tactic":747},{"name":102},{"id":408,"name":409,"tactic":749},{"name":107},{"id":412,"name":413,"tactic":751},{"name":107},{"id":416,"name":417,"tactic":753},{"name":107},{"id":420,"name":421,"tactic":755},{"name":107},{"id":424,"name":425,"tactic":757},{"name":107},{"id":121,"name":122,"tactic":759},{"name":124},{"id":428,"name":429,"tactic":761},{"name":124},{"id":142,"name":143,"tactic":763},{"name":145},{"id":448,"name":449,"tactic":765},{"name":145},{"id":171,"name":172,"tactic":767},{"name":145},{"id":175,"name":176,"tactic":769},{"name":145},{"id":179,"name":180,"tactic":771},{"name":145},{"id":773,"name":774,"tactics":775,"countermeasures":777},"T1528","Steal Application Access Token",[776],{"id":282,"name":283},[778,780,782,784,786,788,790,792,794,796,798],{"id":360,"name":361,"tactic":779},{"name":56},{"id":396,"name":397,"tactic":781},{"name":93},{"id":400,"name":401,"tactic":783},{"name":93},{"id":404,"name":405,"tactic":785},{"name":102},{"id":408,"name":409,"tactic":787},{"name":107},{"id":412,"name":413,"tactic":789},{"name":107},{"id":416,"name":417,"tactic":791},{"name":107},{"id":420,"name":421,"tactic":793},{"name":107},{"id":424,"name":425,"tactic":795},{"name":107},{"id":428,"name":429,"tactic":797},{"name":124},{"id":448,"name":449,"tactic":799},{"name":145},{"id":801,"name":802,"tactics":803,"countermeasures":805},"T1539","Steal Web Session Cookie",[804],{"id":282,"name":283},[806,808,810,812,814,816,818,820,822],{"id":360,"name":361,"tactic":807},{"name":56},{"id":396,"name":397,"tactic":809},{"name":93},{"id":400,"name":401,"tactic":811},{"name":93},{"id":404,"name":405,"tactic":813},{"name":102},{"id":408,"name":409,"tactic":815},{"name":107},{"id":412,"name":413,"tactic":817},{"name":107},{"id":416,"name":417,"tactic":819},{"name":107},{"id":428,"name":429,"tactic":821},{"name":124},{"id":448,"name":449,"tactic":823},{"name":145},{"id":825,"name":826,"techniques":827},"CAPEC-384","Application API Message Manipulation via Man-in-the-Middle",[],{"id":829,"name":830,"techniques":831},"CAPEC-385","Transaction or Event Tampering via Application API Manipulation",[],{"id":833,"name":834,"techniques":835},"CAPEC-386","Application API Navigation Remapping",[],{"id":837,"name":838,"techniques":839},"CAPEC-387","Navigation Remapping To Propagate Malicious Content",[],{"id":841,"name":842,"techniques":843},"CAPEC-388","Application API Button Hijacking",[],{"id":845,"name":846,"techniques":847},"CAPEC-510","SaaS User Request Forgery",[],{"id":849,"name":850,"techniques":851},"CAPEC-59","Session Credential Falsification through Prediction",[],{"id":853,"name":854,"techniques":855},"CAPEC-60","Reusing Session IDs (aka Session Replay)",[856,886],{"id":857,"name":858,"tactics":859,"countermeasures":863},"T1134.001","Token Impersonation/Theft",[860,861,862],{"id":29,"name":30},{"id":491,"name":492},{"id":32,"name":33},[864,866,868,870,872,874,876,878,880,882,884],{"id":360,"name":361,"tactic":865},{"name":56},{"id":396,"name":397,"tactic":867},{"name":93},{"id":400,"name":401,"tactic":869},{"name":93},{"id":404,"name":405,"tactic":871},{"name":102},{"id":408,"name":409,"tactic":873},{"name":107},{"id":412,"name":413,"tactic":875},{"name":107},{"id":416,"name":417,"tactic":877},{"name":107},{"id":420,"name":421,"tactic":879},{"name":107},{"id":424,"name":425,"tactic":881},{"name":107},{"id":428,"name":429,"tactic":883},{"name":124},{"id":448,"name":449,"tactic":885},{"name":145},{"id":887,"name":888,"tactics":889,"countermeasures":892},"T1550.004","Web Session Cookie",[890,891],{"id":29,"name":30},{"id":346,"name":347},[893,895,897,899,901,903,905,907,909,911,913,915,917,919,921,923,925,927,929,931,933,935,937,939,941,943,945,947,949,951],{"id":305,"name":306,"tactic":894},{"name":56},{"id":309,"name":310,"tactic":896},{"name":56},{"id":313,"name":314,"tactic":898},{"name":56},{"id":317,"name":318,"tactic":900},{"name":56},{"id":321,"name":322,"tactic":902},{"name":56},{"id":325,"name":326,"tactic":904},{"name":56},{"id":329,"name":330,"tactic":906},{"name":56},{"id":333,"name":334,"tactic":908},{"name":56},{"id":350,"name":351,"tactic":910},{"name":56},{"id":354,"name":355,"tactic":912},{"name":56},{"id":86,"name":87,"tactic":914},{"name":56},{"id":360,"name":361,"tactic":916},{"name":56},{"id":380,"name":381,"tactic":918},{"name":93},{"id":384,"name":385,"tactic":920},{"name":93},{"id":388,"name":389,"tactic":922},{"name":93},{"id":392,"name":393,"tactic":924},{"name":93},{"id":396,"name":397,"tactic":926},{"name":93},{"id":400,"name":401,"tactic":928},{"name":93},{"id":404,"name":405,"tactic":930},{"name":102},{"id":408,"name":409,"tactic":932},{"name":107},{"id":412,"name":413,"tactic":934},{"name":107},{"id":416,"name":417,"tactic":936},{"name":107},{"id":428,"name":429,"tactic":938},{"name":124},{"id":337,"name":338,"tactic":940},{"name":145},{"id":432,"name":433,"tactic":942},{"name":145},{"id":142,"name":143,"tactic":944},{"name":145},{"id":179,"name":180,"tactic":946},{"name":145},{"id":440,"name":441,"tactic":948},{"name":145},{"id":444,"name":445,"tactic":950},{"name":145},{"id":448,"name":449,"tactic":952},{"name":145},{"id":954,"name":955,"techniques":956},"CAPEC-75","Manipulating Writeable Configuration Files",[],{"id":958,"name":959,"techniques":960},"CAPEC-76","Manipulating Web Input to File System Calls",[],{"id":962,"name":963,"techniques":964},"CAPEC-89","Pharming",[],[],[],[],[969,971,973,975,977,979,981,983,985,987,989,991,993,995],{"_key":970},"ALPINE-CVE-2019-9499",{"_key":972},"SUSE-SU-2020:3380-1",{"_key":974},"SUSE-SU-2020:3424-1",{"_key":976},"SUSE-SU-2022:1853-1",{"_key":978},"UBUNTU-CVE-2019-9499",{"_key":980},"USN-3944-1",{"_key":982},"OPENSUSE-SU-2020:0222-1",{"_key":984},"OPENSUSE-SU-2020:2053-1",{"_key":986},"OPENSUSE-SU-2020:2059-1",{"_key":988},"OPENSUSE-SU-2024:10846-1",{"_key":990},"OPENSUSE-SU-2024:11515-1",{"_key":992},"DLA-1867-1",{"_key":994},"DSA-4430-1",{"_key":996},"DEBIAN-CVE-2019-9499",[],[999,1000,1001,1002,1003,1004,1005,1006],{"_key":972},{"_key":974},{"_key":976},{"_key":982},{"_key":984},{"_key":986},{"_key":988},{"_key":990},"2019-04-17T13:31:08.000Z","2024-08-04T21:54:44.100Z","Modified",{"cisa_kev":1011,"cisa_ransomware":1011,"cisa_vendor":9,"epss_severity":1012,"epss_score":1013,"severity":1014,"severity_score":1015,"severity_version":1016,"severity_source":1017,"severity_vector":1018,"severity_status":1009},false,"low",0.00794,"high",8.1,"v3.1","nvd","CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",[1020,1028,1033,1038,1042,1046,1051,1057,1062],{"url":1021,"sources":1022,"tags":1024},"https://w1.fi/security/2019-4/",[1023,1017],"cve.org",[1025,1026,1027],"X Refsource CONFIRM","Patch","Vendor Advisory",{"url":1029,"sources":1030,"tags":1031},"https://www.synology.com/security/advisory/Synology_SA_19_16",[1023,1017],[1025,1032],"Third Party Advisory",{"url":1034,"sources":1035,"tags":1036},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/",[1023,1017],[1027,1037],"X Refsource FEDORA",{"url":1039,"sources":1040,"tags":1041},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/",[1023,1017],[1027,1037],{"url":1043,"sources":1044,"tags":1045},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/",[1023,1017],[1027,1037],{"url":1047,"sources":1048,"tags":1049},"https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc",[1023,1017],[1027,1050,1032],"X Refsource FREEBSD",{"url":1052,"sources":1053,"tags":1054},"https://seclists.org/bugtraq/2019/May/40",[1023,1017],[1055,1056,1032],"Mailing List","X Refsource BUGTRAQ",{"url":1058,"sources":1059,"tags":1060},"https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html",[1023,1017],[1055,1061,1032],"X Refsource MLIST",{"url":1063,"sources":1064,"tags":1065},"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html",[1023,1017],[1027,1066,1055,1032],"X Refsource SUSE",[],{"date":1069,"score":1013,"percentile":1070},"2026-06-03",0.74287,[1072,1076,1079,1082,1085,1088,1090,1093,1095,1098,1101,1104,1107,1110,1113,1117,1120,1123,1126,1129,1131,1133,1136,1138,1141,1144,1146,1149,1153,1156,1158,1161,1164,1167,1169,1172,1175,1178,1181,1184,1187,1190,1193,1196,1199,1202,1205,1208,1211,1214,1217,1220,1223,1226,1229,1231,1233,1236,1239,1242,1245,1248,1251,1254,1257,1260,1263,1266,1268,1271,1274,1277,1280,1283,1286,1289,1291,1294,1298,1301,1304,1307,1310,1313,1316,1318,1321,1324,1326,1330],{"date":1073,"score":1074,"percentile":1075},"2025-11-04",0.01063,0.76953,{"date":1077,"score":1074,"percentile":1078},"2025-11-05",0.76952,{"date":1080,"score":1074,"percentile":1081},"2025-11-06",0.7695,{"date":1083,"score":1074,"percentile":1084},"2025-11-07",0.76964,{"date":1086,"score":1074,"percentile":1087},"2025-11-08",0.76967,{"date":1089,"score":1074,"percentile":1084},"2025-11-09",{"date":1091,"score":1074,"percentile":1092},"2025-11-10",0.76951,{"date":1094,"score":1074,"percentile":1075},"2025-11-11",{"date":1096,"score":1074,"percentile":1097},"2025-11-12",0.76971,{"date":1099,"score":1074,"percentile":1100},"2025-11-13",0.76979,{"date":1102,"score":1074,"percentile":1103},"2025-11-14",0.76987,{"date":1105,"score":1074,"percentile":1106},"2025-11-15",0.76983,{"date":1108,"score":1074,"percentile":1109},"2025-11-16",0.7698,{"date":1111,"score":1074,"percentile":1112},"2025-11-17",0.76972,{"date":1114,"score":1115,"percentile":1116},"2025-11-18",0.00747,0.70874,{"date":1118,"score":1115,"percentile":1119},"2025-11-19",0.70882,{"date":1121,"score":1115,"percentile":1122},"2025-11-20",0.70891,{"date":1124,"score":1074,"percentile":1125},"2025-11-21",0.77001,{"date":1127,"score":1074,"percentile":1128},"2025-11-22",0.77,{"date":1130,"score":1074,"percentile":1103},"2025-11-23",{"date":1132,"score":1074,"percentile":1103},"2025-11-24",{"date":1134,"score":1074,"percentile":1135},"2025-11-25",0.76993,{"date":1137,"score":1074,"percentile":1128},"2025-11-26",{"date":1139,"score":1074,"percentile":1140},"2025-11-27",0.77003,{"date":1142,"score":1074,"percentile":1143},"2025-11-28",0.76992,{"date":1145,"score":1074,"percentile":1128},"2025-11-29",{"date":1147,"score":1074,"percentile":1148},"2025-11-30",0.76998,{"date":1150,"score":1151,"percentile":1152},"2025-12-01",0.01569,0.81034,{"date":1154,"score":1151,"percentile":1155},"2025-12-02",0.81038,{"date":1157,"score":1151,"percentile":1155},"2025-12-03",{"date":1159,"score":1074,"percentile":1160},"2025-12-04",0.76994,{"date":1162,"score":1074,"percentile":1163},"2025-12-05",0.77002,{"date":1165,"score":1074,"percentile":1166},"2025-12-06",0.77006,{"date":1168,"score":1074,"percentile":1125},"2025-12-07",{"date":1170,"score":1074,"percentile":1171},"2025-12-08",0.77007,{"date":1173,"score":1074,"percentile":1174},"2025-12-09",0.77032,{"date":1176,"score":1074,"percentile":1177},"2025-12-10",0.7706,{"date":1179,"score":1074,"percentile":1180},"2025-12-11",0.77076,{"date":1182,"score":1074,"percentile":1183},"2025-12-12",0.77096,{"date":1185,"score":1074,"percentile":1186},"2025-12-13",0.77095,{"date":1188,"score":1074,"percentile":1189},"2025-12-14",0.77094,{"date":1191,"score":1074,"percentile":1192},"2025-12-15",0.77089,{"date":1194,"score":1074,"percentile":1195},"2025-12-16",0.77101,{"date":1197,"score":1074,"percentile":1198},"2025-12-17",0.77112,{"date":1200,"score":1074,"percentile":1201},"2025-12-18",0.77129,{"date":1203,"score":1074,"percentile":1204},"2025-12-19",0.7714,{"date":1206,"score":1074,"percentile":1207},"2025-12-20",0.77134,{"date":1209,"score":1074,"percentile":1210},"2025-12-21",0.77128,{"date":1212,"score":1074,"percentile":1213},"2025-12-22",0.77123,{"date":1215,"score":1074,"percentile":1216},"2025-12-23",0.77126,{"date":1218,"score":1074,"percentile":1219},"2025-12-24",0.77137,{"date":1221,"score":1074,"percentile":1222},"2025-12-25",0.77156,{"date":1224,"score":1074,"percentile":1225},"2025-12-26",0.77154,{"date":1227,"score":1074,"percentile":1228},"2025-12-27",0.77206,{"date":1230,"score":1074,"percentile":1204},"2025-12-28",{"date":1232,"score":1074,"percentile":1219},"2025-12-29",{"date":1234,"score":1074,"percentile":1235},"2025-12-30",0.77145,{"date":1237,"score":1074,"percentile":1238},"2025-12-31",0.77165,{"date":1240,"score":1151,"percentile":1241},"2026-01-01",0.81171,{"date":1243,"score":1151,"percentile":1244},"2026-01-02",0.81166,{"date":1246,"score":1151,"percentile":1247},"2026-01-03",0.81161,{"date":1249,"score":1074,"percentile":1250},"2026-01-04",0.7717,{"date":1252,"score":1074,"percentile":1253},"2026-01-05",0.77162,{"date":1255,"score":1074,"percentile":1256},"2026-01-06",0.77171,{"date":1258,"score":1074,"percentile":1259},"2026-01-07",0.77178,{"date":1261,"score":1074,"percentile":1262},"2026-01-08",0.77189,{"date":1264,"score":1074,"percentile":1265},"2026-01-09",0.77195,{"date":1267,"score":1074,"percentile":1265},"2026-01-10",{"date":1269,"score":1074,"percentile":1270},"2026-01-11",0.77188,{"date":1272,"score":1074,"percentile":1273},"2026-01-12",0.77177,{"date":1275,"score":1074,"percentile":1276},"2026-01-13",0.77175,{"date":1278,"score":1074,"percentile":1279},"2026-01-14",0.772,{"date":1281,"score":1074,"percentile":1282},"2026-01-15",0.77203,{"date":1284,"score":1074,"percentile":1285},"2026-01-16",0.77212,{"date":1287,"score":1074,"percentile":1288},"2026-01-17",0.77213,{"date":1290,"score":1074,"percentile":1228},"2026-01-18",{"date":1292,"score":1074,"percentile":1293},"2026-01-19",0.77202,{"date":1295,"score":1296,"percentile":1297},"2026-01-20",0.01092,0.77481,{"date":1299,"score":1296,"percentile":1300},"2026-01-21",0.77487,{"date":1302,"score":1296,"percentile":1303},"2026-01-22",0.77494,{"date":1305,"score":1296,"percentile":1306},"2026-01-23",0.77522,{"date":1308,"score":1296,"percentile":1309},"2026-01-24",0.77533,{"date":1311,"score":1296,"percentile":1312},"2026-01-25",0.77525,{"date":1314,"score":1296,"percentile":1315},"2026-01-26",0.7752,{"date":1317,"score":1296,"percentile":1306},"2026-01-27",{"date":1319,"score":1296,"percentile":1320},"2026-01-28",0.77526,{"date":1322,"score":1296,"percentile":1323},"2026-01-29",0.77521,{"date":1325,"score":1296,"percentile":1312},"2026-01-30",{"date":1327,"score":1328,"percentile":1329},"2026-01-31",0.01072,0.77326,{"date":1331,"score":1332,"percentile":1333},"2026-02-01",0.01581,0.81288,[1335],{"source":1017,"cvss_v2_0":1336,"cvss_v3_0":9,"cvss_v3_1":1341,"cvss_v4_0":9},{"baseScore":1337,"baseSeverity":9,"vectorString":1338,"impactScore":1339,"exploitabilityScore":1340},6.8,"AV:N/AC:M/Au:N/C:P/I:P/A:P",6.4,8.6,{"baseScore":1015,"baseSeverity":1342,"vectorString":1018,"impactScore":1343,"exploitabilityScore":1344},"HIGH",9.8,5.6,[1346,1355,1365,1402,1412,1417,1424,1430,1441,1447,1454,1460,1465],{"ecosystem":9,"name":1347,"vendor":1348,"product":1349,"cpe_part":1350,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":1351},"debian linux","debian","debian_linux","o",[1352],{"version":1353,"is_range":1011,"range_type":1354,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"8.0","cpe",{"ecosystem":9,"name":1356,"vendor":1357,"product":1356,"cpe_part":1350,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":1358},"fedora","fedoraproject",[1359,1361,1363],{"version":1360,"is_range":1011,"range_type":1354,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"28",{"version":1362,"is_range":1011,"range_type":1354,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"29",{"version":1364,"is_range":1011,"range_type":1354,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"30",{"ecosystem":9,"name":1366,"vendor":1366,"product":1366,"cpe_part":1350,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":1367},"freebsd",[1368,1374,1376,1378,1380,1382,1384,1386,1388,1390,1392,1394,1396,1398,1400],{"version":1369,"is_range":1370,"range_type":1354,"version_start":1371,"version_start_type":1372,"version_end":1373,"version_end_type":1372,"fixed_in":9},"gte11.0_lte11.1",true,"11.0","including","11.1",{"version":1375,"is_range":1011,"range_type":1354,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"11.2",{"version":1377,"is_range":1011,"range_type":1354,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"11.2:p13",{"version":1379,"is_range":1011,"range_type":1354,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"11.2:p2",{"version":1381,"is_range":1011,"range_type":1354,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"11.2:p3",{"version":1383,"is_range":1011,"range_type":1354,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"11.2:p4",{"version":1385,"is_range":1011,"range_type":1354,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"11.2:p5",{"version":1387,"is_range":1011,"range_type":1354,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"11.2:p6",{"version":1389,"is_range":1011,"range_type":1354,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"11.2:p7",{"version":1391,"is_range":1011,"range_type":1354,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"11.2:p8",{"version":1393,"is_range":1011,"range_type":1354,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"11.2:p9",{"version":1395,"is_range":1011,"range_type":1354,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"12.0",{"version":1397,"is_range":1011,"range_type":1354,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"12.0:p1",{"version":1399,"is_range":1011,"range_type":1354,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"12.0:p2",{"version":1401,"is_range":1011,"range_type":1354,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"12.0:p3",{"ecosystem":9,"name":1403,"vendor":1404,"product":1405,"cpe_part":1406,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":1407},"backports sle","opensuse","backports_sle","a",[1408,1410],{"version":1409,"is_range":1011,"range_type":1354,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"15.0",{"version":1411,"is_range":1011,"range_type":1354,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"15.0:sp1",{"ecosystem":9,"name":1413,"vendor":1404,"product":1413,"cpe_part":1350,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":1414},"leap",[1415],{"version":1416,"is_range":1011,"range_type":1354,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"15.1",{"ecosystem":9,"name":1418,"vendor":1419,"product":1420,"cpe_part":1406,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":1421},"radius server","synology","radius_server",[1422],{"version":1423,"is_range":1011,"range_type":1354,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"3.0",{"ecosystem":9,"name":1425,"vendor":1419,"product":1426,"cpe_part":1406,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":1427},"router manager","router_manager",[1428],{"version":1429,"is_range":1011,"range_type":1354,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.2",{"ecosystem":9,"name":1431,"vendor":1432,"product":1431,"cpe_part":1406,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":1433},"hostapd","w1.fi",[1434,1437],{"version":1435,"is_range":1370,"range_type":1354,"version_start":9,"version_start_type":9,"version_end":1436,"version_end_type":1372,"fixed_in":9},"lte2.4","2.4",{"version":1438,"is_range":1370,"range_type":1354,"version_start":1439,"version_start_type":1372,"version_end":1440,"version_end_type":1372,"fixed_in":9},"gte2.5_lte2.7","2.5","2.7",{"ecosystem":9,"name":1442,"vendor":1432,"product":1443,"cpe_part":1406,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":1444},"wpa supplicant","wpa_supplicant",[1445,1446],{"version":1435,"is_range":1370,"range_type":1354,"version_start":9,"version_start_type":9,"version_end":1436,"version_end_type":1372,"fixed_in":9},{"version":1438,"is_range":1370,"range_type":1354,"version_start":1439,"version_start_type":1372,"version_end":1440,"version_end_type":1372,"fixed_in":9},{"ecosystem":9,"name":1448,"vendor":1449,"product":1450,"cpe_part":1406,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":1451},"hostapd with EAP-pwd support","wi-fi alliance","hostapd with eap-pwd support",[1452],{"version":1453,"is_range":1370,"range_type":1023,"version_start":1440,"version_start_type":1372,"version_end":1440,"version_end_type":1372,"fixed_in":9},">= 2.7, \u003C= 2.7",{"ecosystem":9,"name":1455,"vendor":1449,"product":1456,"cpe_part":1406,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":1457},"hostapd with SAE support","hostapd with sae support",[1458],{"version":1459,"is_range":1370,"range_type":1023,"version_start":1436,"version_start_type":1372,"version_end":1436,"version_end_type":1372,"fixed_in":9},">= 2.4, \u003C= 2.4",{"ecosystem":9,"name":1461,"vendor":1449,"product":1462,"cpe_part":1406,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":1463},"wpa_supplicant with EAP-pwd support","wpa_supplicant with eap-pwd support",[1464],{"version":1453,"is_range":1370,"range_type":1023,"version_start":1440,"version_start_type":1372,"version_end":1440,"version_end_type":1372,"fixed_in":9},{"ecosystem":9,"name":1466,"vendor":1449,"product":1467,"cpe_part":1406,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":1468},"wpa_supplicant with SAE support","wpa_supplicant with sae support",[1469],{"version":1459,"is_range":1370,"range_type":1023,"version_start":1436,"version_start_type":1372,"version_end":1436,"version_end_type":1372,"fixed_in":9}]