Singapore Institute of Technology
Browse

CVE Records of Known Exploited Vulnerabilities

Download (598.72 kB)
conference contribution
posted on 2023-10-17, 03:53 authored by Jackson Lim, Yi Lin Lau, Leshawn Khin Ming Chan, Jia Ming Tristan Paul Goo, Huahua Zhang, Zhiyuan Zhang, Huaqun GuoHuaqun Guo

Understanding vulnerability trends is critical to the risk management process. The goal of this paper is to raise the awareness and inform the users about the Common Vulnerabilities and Exposures (CVE) associated with Known Exploited Vulnerabilities that might affect users of the products by gathering data from the National Vulnerability Database (NVD) and CVE details from 2017 to Present. We built a system using Python and CVE Analyzer, which allow users to search for specific CVE records based on CVE ID, vendors, products, published date and the last updated date and export rows of data based on the filtered keyword. We also analyze the overall frequency of CVE records each year regarding Common Vulnerability Scoring System (CVSS) base metric trends, the vendors, and products with the most ransomware vulnerabilities. Our findings show that the frequency of all ransomware vulnerabilities increased from 2019 to 2021. Also, the number of high CVSS score of CVE records associated with ransomware is higher than those with low CVSS scores. Apple and Microsoft are the top vendors with the most exploited ransomware vulnerabilities, and IOS and Windows 10 are the products with the highest vulnerable versions by Apple and Microsoft. Our system can help users to prevent and mitigate the impact of ransomware attacks using datasets and data analysis.

Funding

SIT ignition project (No. R-IE2-A405-0002)

History

Journal/Conference/Book title

2023 8th International Conference on Computer and Communication Systems (ICCCS), 21-23 April 2023, Guangzhou, China.

Publication date

2023

Version

  • Post-print

Rights statement

Jackson Lim, Yi Lin Lau, Leshawn Khin Ming Chan, Jia Ming Tristan Paul Goo, Huahua Zhang, Zhiyuan Zhang, Huaqun Guo, "CVE Records of Known Exploited Vulnerabilities," 2023 8th International Conference on Computer and Communication Systems (ICCCS), Guangzhou, China, 2023, pp. 738-743, doi: 10.1109/ICCCS57501.2023.10150856. © 2023 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.

Project ID

  • 11679 (R-IE2-A405-0002) Investigating Security Situation Awareness against Ransomware Attacks

Usage metrics

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC