{"id":124620,"date":"2022-08-21T23:32:58","date_gmt":"2022-08-22T06:32:58","guid":{"rendered":"https:\/\/unit42.paloaltonetworks.com\/?p=124620"},"modified":"2022-09-06T18:12:22","modified_gmt":"2022-09-07T01:12:22","slug":"recent-exploits-network-security-trends","status":"publish","type":"post","link":"https:\/\/unit42.paloaltonetworks.com\/ja\/recent-exploits-network-security-trends\/","title":{"rendered":"\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u52d5\u5411: 2022\u5e742\u6708\u301c4\u6708 \u5b9f\u969b\u306e\u60aa\u7528\u304c\u89b3\u6e2c\u3055\u308c\u305f\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u306f\u30ea\u30e2\u30fc\u30c8\u30b3\u30fc\u30c9\u5b9f\u884c\u3084\u30af\u30ed\u30b9\u30b5\u30a4\u30c8\u30b9\u30af\u30ea\u30d7\u30c6\u30a3\u30f3\u30b0\u306a\u3069"},"content":{"rendered":"<h2><a id=\"post-124620-_4lt92rr5muov\"><\/a><strong>\u6982\u8981<\/strong><\/h2>\n<p>\u6700\u8fd1\u306e\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u5229\u7528\u52d5\u5411\u3092\u89b3\u6e2c\u3057\u305f\u7d50\u679c\u3001\u3055\u307e\u3056\u307e\u306a\u8106\u5f31\u6027\u306e\u306a\u304b\u3067\u3082VMware ONE Access\u3001Identity Manager\u3001Spring Cloud Function\u3001Spring MVC\u3001Spring Web Flux\u306a\u3069\u3067\u65b0\u305f\u306b\u516c\u958b\u3055\u308c\u305f\u30ea\u30e2\u30fc\u30c8\u30b3\u30fc\u30c9\u5b9f\u884c(RCE)\u306e\u8106\u5f31\u6027\u306e\u60aa\u7528\u304c\u7d9a\u3044\u3066\u3044\u308b\u3053\u3068\u304c\u308f\u304b\u3063\u3066\u304d\u307e\u3057\u305f\u3002\u3053\u306e\u307b\u304b\u3001WordPress\u30b3\u30a2(\u4e3b\u8981\u6a5f\u80fd\u3092\u69cb\u6210\u3059\u308b\u30d5\u30a1\u30a4\u30eb\u7fa4)\u306b\u5b58\u5728\u3059\u308b\u30af\u30ed\u30b9\u30b5\u30a4\u30c8\u30b9\u30af\u30ea\u30d7\u30c6\u30a3\u30f3\u30b0(XSS)\u306e\u8106\u5f31\u6027\u3084\u3001VoIPmonitor GUI\u306a\u3069\u306e\u30b5\u30fc\u30d3\u30b9\u306b\u5b58\u5728\u3059\u308bSQL\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u8106\u5f31\u6027\u3082\u3088\u304f\u5229\u7528\u3055\u308c\u3066\u3044\u307e\u3057\u305f\u3002\u3053\u308c\u3089\u306e\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u52d5\u5411\u306e\u89b3\u6e2c\u7d50\u679c\u304b\u3089\u3001\u300c\u6982\u5ff5\u5b9f\u8a3c(PoC)\u306e\u6709\u7121\u300d\u3001\u300c\u60aa\u7528\u3055\u308c\u308b\u8106\u5f31\u6027\u306e\u6df1\u523b\u5ea6\u300d\u3001\u300c\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u306e\u5bb9\u6613\u3055\u300d\u306b\u3082\u3068\u3065\u304d\u3001Unit 42\u306e\u30ea\u30b5\u30fc\u30c1\u30e3\u30fc\u304c\u300c\u9632\u5fa1\u5074\u304c\u77e5\u3063\u3066\u304a\u304f\u3079\u304d\u6700\u65b0\u516c\u958b\u653b\u6483\u306e\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u300d\u3092\u9078\u3073\u307e\u3057\u305f\u3002<\/p>\n<p>\u307e\u305f\u3001\u6700\u3082\u3088\u304f\u4f7f\u308f\u308c\u308b\u30c6\u30af\u30cb\u30c3\u30af\u306e\u30e9\u30f3\u30ad\u30f3\u30b0\u3084\u3001\u653b\u6483\u8005\u304c\u6700\u8fd1\u597d\u3093\u3067\u3044\u308b\u8106\u5f31\u6027\u306e\u30bf\u30a4\u30d7\u306a\u3069\u3001\u9632\u5fa1\u306b\u5f79\u7acb\u3064\u77e5\u898b\u3092\u5171\u6709\u3057\u307e\u3059\u3002\u305f\u3068\u3048\u3070\u3001\u300c\u65b0\u305f\u306b\u516c\u8868\u3055\u308c\u305f6,000\u4ef6\u306e\u8106\u5f31\u6027\u306e\u306a\u304b\u3067\u3082\u3001\u30af\u30ed\u30b9\u30b5\u30a4\u30c8\u30b9\u30af\u30ea\u30d7\u30c6\u30a3\u30f3\u30b0(XSS)\u306b\u95a2\u9023\u3057\u305f\u8106\u5f31\u6027\u304c\u591a\u3044(\u7d0413.3%)\u300d\u3068\u3044\u3046\u6d1e\u5bdf\u304c\u5f97\u3089\u308c\u307e\u3057\u305f\u3002\u3053\u306e\u3053\u3068\u306f\u3001\u300c\u9632\u5fa1\u5074\u306f\u30a4\u30f3\u30bf\u30fc\u30cd\u30c3\u30c8\u306b\u9762\u3057\u305f\u6a5f\u5668\u5168\u822c\u306b\u3064\u3044\u3066XSS\u8efd\u6e1b\u306e\u305f\u3081\u306b\u6700\u5584\u306e\u7b56\u3092\u691c\u8a0e\u3059\u3079\u304d\u3067\u3042\u308b\u300d\u3068\u3044\u3046\u3053\u3068\u3092\u793a\u5506\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>\u3053\u306e\u307b\u304b\u30019,300\u4e07\u4ef6\u4ee5\u4e0a\u306e\u653b\u6483\u30bb\u30c3\u30b7\u30e7\u30f3\u3092\u8a55\u4fa1\u3057\u305f\u7d50\u679c\u3001\u30ea\u30e2\u30fc\u30c8\u30b3\u30fc\u30c9\u5b9f\u884c\u3084\u30c8\u30e9\u30d0\u30fc\u30b5\u30eb\u3001\u60c5\u5831\u6f0f\u3048\u3044\u306a\u3069\u304c\u4e3b\u306a\u6ce8\u76ee\u30dd\u30a4\u30f3\u30c8\u3067\u3042\u308b\u3053\u3068\u304c\u308f\u304b\u3063\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>\u79c1\u305f\u3061\u306f\u3055\u3089\u306b\u3001<a href=\"https:\/\/www.paloaltonetworks.jp\/network-security\/next-generation-firewall\">\u30d1\u30ed\u30a2\u30eb\u30c8\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u306e\u6b21\u4e16\u4ee3\u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb<\/a>\u304b\u3089\u53ce\u96c6\u3057\u305f\u5b9f\u30c7\u30fc\u30bf\u306b\u3082\u3068\u3065\u304d\u3001\u3053\u308c\u3089\u306e\u8106\u5f31\u6027\u304c\u3069\u306e\u3088\u3046\u306a\u304b\u305f\u3061\u3067\u6d3b\u767a\u306b\u60aa\u7528\u3055\u308c\u3066\u3044\u308b\u304b\u306b\u95a2\u3059\u308b\u6d1e\u5bdf\u3092\u63d0\u4f9b\u3057\u307e\u3059\u3002\u305f\u3068\u3048\u3070\u3001\u6700\u3082\u3088\u304f\u4f7f\u308f\u308c\u3066\u3044\u308b\u8106\u5f31\u6027\u304c\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u3092\u901a\u3058\u3066\u3069\u306e\u304f\u3089\u3044\u306e\u983b\u5ea6\u3067\u653b\u6483\u306b\u5229\u7528\u3055\u308c\u3066\u3044\u308b\u304b\u3001\u307e\u305f\u3001\u305d\u306e\u653b\u6483\u304c\u3069\u306e\u3088\u3046\u306a\u5834\u6240\u304b\u3089\u767a\u751f\u3057\u3066\u3044\u308b\u304b\u3092\u4e2d\u5fc3\u306b\u53d6\u308a\u4e0a\u3052\u3066\u3044\u304d\u307e\u3059\u3002\u305d\u306e\u5f8c\u3001\u653b\u6483\u8005\u304c\u3082\u3063\u3068\u3082\u60aa\u7528\u3057\u3066\u3044\u308b\u8106\u5f31\u6027\u3084\u3001\u5404\u653b\u6483\u306e\u6df1\u523b\u5ea6\u3001\u30ab\u30c6\u30b4\u30ea\u3001\u653b\u6483\u5143\u306a\u3069\u306e\u7d50\u8ad6\u3092\u8ff0\u3079\u307e\u3059\u3002<\/p>\n<p>\u672c\u7a3f\u3067\u306f2022\u5e742\u6708\u304b\u30894\u6708\u307e\u3067\u306e\u4e3b\u306a\u52d5\u5411\u3092\u307e\u3068\u3081\u307e\u3057\u305f\u3002\u4ee5\u4e0b\u306e\u30bb\u30af\u30b7\u30e7\u30f3\u3067\u306f\u3001\u6700\u8fd1\u516c\u958b\u3055\u308c\u305f\u8106\u5f31\u6027\u306b\u3064\u3044\u3066\u3001\u6df1\u523b\u5ea6\u306a\u3069\u306e\u5206\u6790\u7d50\u679c\u3092\u3075\u304f\u3081\u3066\u3054\u7d39\u4ecb\u3057\u307e\u3059\u3002\u307e\u305f\u3001\u8106\u5f31\u6027\u3092\u5206\u985e\u3059\u308b\u3053\u3068\u3067\u3001\u30af\u30ed\u30b9\u30b5\u30a4\u30c8\u30b9\u30af\u30ea\u30d7\u30c6\u30a3\u30f3\u30b0\u3084DoS (\u30b5\u30fc\u30d3\u30b9\u62d2\u5426) \u306a\u3069\u306e\u8513\u5ef6\u72b6\u6cc1\u3092\u660e\u3089\u304b\u306b\u3057\u307e\u3059\u3002<\/p>\n<p>\u30d1\u30ed\u30a2\u30eb\u30c8\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u306e\u304a\u5ba2\u69d8\u306f\u3001<a href=\"https:\/\/www.paloaltonetworks.jp\/network-security\/next-generation-firewall\">\u6b21\u4e16\u4ee3\u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb<\/a>\u3084<a href=\"https:\/\/www.paloaltonetworks.jp\/products\/secure-the-network\/subscriptions\/threat-prevention\">\u8105\u5a01\u9632\u5fa1<\/a>\u3001<a href=\"https:\/\/www.paloaltonetworks.jp\/products\/secure-the-network\/wildfire\">WildFire<\/a>\u3001<a href=\"https:\/\/www.paloaltonetworks.jp\/network-security\/advanced-url-filtering\">Advanced URL Filtering<\/a>\u306a\u3069\u306e<a href=\"https:\/\/www.paloaltonetworks.jp\/network-security\/security-subscriptions\">\u30af\u30e9\u30a6\u30c9\u578b\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30b5\u30fc\u30d3\u30b9<\/a>\u3001\u304a\u3088\u3073<a href=\"https:\/\/www.paloaltonetworks.jp\/cortex\/cortex-xdr\">Cortex XDR<\/a>\u3092\u901a\u3058\u3066\u3001\u672c\u7a3f\u3067\u53d6\u308a\u4e0a\u3052\u308b\u8106\u5f31\u6027\u304b\u3089\u306e\u4fdd\u8b77\u3092\u53d7\u3051\u3066\u3044\u307e\u3059\u3002<\/p>\n<table>\n<tbody>\n<tr>\n<td><span style=\"font-weight: 400;\">\u672c\u7a3f\u3067\u6271\u3046CVE<\/span><\/td>\n<td><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-22954\"><span style=\"font-weight: 400;\">CVE-2022-22954<\/span><\/a><span style=\"font-weight: 400;\">, <\/span><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-22963\"><span style=\"font-weight: 400;\">CVE-2022-22963<\/span><\/a><span style=\"font-weight: 400;\">, <\/span><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-22965\"><span style=\"font-weight: 400;\">CVE-2022-22965<\/span><\/a><span style=\"font-weight: 400;\">, <\/span><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-25060\"><span style=\"font-weight: 400;\">CVE-2022-25060<\/span><\/a><span style=\"font-weight: 400;\">, <\/span><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-22947\"><span style=\"font-weight: 400;\">CVE-2022-22947<\/span><\/a><span style=\"font-weight: 400;\">, <\/span><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-24112\"><span style=\"font-weight: 400;\">CVE-2022-24112<\/span><\/a><span style=\"font-weight: 400;\">, <\/span><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-22536\"><span style=\"font-weight: 400;\">CVE-2022-22536<\/span><\/a><span style=\"font-weight: 400;\">, <\/span><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-24762\"><span style=\"font-weight: 400;\">CVE-2021-24762<\/span><\/a><span style=\"font-weight: 400;\">, <\/span><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-21662\"><span style=\"font-weight: 400;\">CVE-2022-21662<\/span><\/a><span style=\"font-weight: 400;\">, <\/span><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-43711\"><span style=\"font-weight: 400;\">CVE-2021-43711<\/span><\/a><span style=\"font-weight: 400;\">, <\/span><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-25075\"><span style=\"font-weight: 400;\">CVE-2022-25075<\/span><\/a><span style=\"font-weight: 400;\">, <\/span><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-25134\"><span style=\"font-weight: 400;\">CVE-2022-25134<\/span><\/a><span style=\"font-weight: 400;\">, <\/span><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-4045\"><span style=\"font-weight: 400;\">CVE-2021-4045<\/span><\/a><span style=\"font-weight: 400;\">, <\/span><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-24260\"><span style=\"font-weight: 400;\">CVE-2022-24260<\/span><\/a><span style=\"font-weight: 400;\">, <\/span><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-21881\"><span style=\"font-weight: 400;\">CVE-2021-21881<\/span><\/a><span style=\"font-weight: 400;\">, <\/span><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-39226\"><span style=\"font-weight: 400;\">CVE-2021-39226<\/span><\/a><span style=\"font-weight: 400;\">, <\/span><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-28169\"><span style=\"font-weight: 400;\">CVE-2021-28169<\/span><\/a><span style=\"font-weight: 400;\">, <\/span><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-20167\"><span style=\"font-weight: 400;\">CVE-2021-20167<\/span><\/a><span style=\"font-weight: 400;\">, <\/span><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-20166\"><span style=\"font-weight: 400;\">CVE-2021-20166<\/span><\/a><span style=\"font-weight: 400;\">, <\/span><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-21371\"><span style=\"font-weight: 400;\">CVE-2022-21371<\/span><\/a><span style=\"font-weight: 400;\">, <\/span><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-31589\"><span style=\"font-weight: 400;\">CVE-2021-31589<\/span><\/a><span style=\"font-weight: 400;\">, <\/span><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-29464\"><span style=\"font-weight: 400;\">CVE-2022-29464<\/span><\/a><span style=\"font-weight: 400;\">, <\/span><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-27226\"><span style=\"font-weight: 400;\">CVE-2022-27226<\/span><\/a><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400;\">\u672c\u7a3f\u3067\u53d6\u308a\u4e0a\u3052\u308b\u653b\u6483\u306e\u7a2e\u985e\u3068\u8106\u5f31\u6027\u306e\u7a2e\u5225<\/span><\/td>\n<td><span style=\"font-weight: 400;\">\u30af\u30ed\u30b9\u30b5\u30a4\u30c8\u30b9\u30af\u30ea\u30d7\u30c6\u30a3\u30f3\u30b0\u3001\u30b5\u30fc\u30d3\u30b9\u62d2\u5426(DoS)\u3001\u60c5\u5831\u6f0f\u3048\u3044\u3001\u30d0\u30c3\u30d5\u30a1\u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc\u3001\u7279\u6a29\u6607\u683c\u3001\u30e1\u30e2\u30ea\u7834\u58ca\u3001\u30b3\u30fc\u30c9\u5b9f\u884c\u3001SQL\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u3001\u5883\u754c\u5916\u8aad\u307f\u53d6\u308a\u3001\u30af\u30ed\u30b9\u30b5\u30a4\u30c8\u30ea\u30af\u30a8\u30b9\u30c8\u30d5\u30a9\u30fc\u30b8\u30a7\u30ea\u3001\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u30c8\u30e9\u30d0\u30fc\u30b5\u30eb\u3001\u30b3\u30de\u30f3\u30c9\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u3001\u4e0d\u9069\u5207\u306a\u8a8d\u8a3c\u3001\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u6a5f\u80fd\u306e\u30d0\u30a4\u30d1\u30b9<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400;\">Unit 42\u306e\u95a2\u9023\u30c8\u30d4\u30c3\u30af<\/span><\/td>\n<td><a href=\"https:\/\/unit42.paloaltonetworks.jp\/tag\/network-security-trends-ja\/\"><span style=\"font-weight: 400;\">Network Security Trends<\/span><\/a><span style=\"font-weight: 400;\">, <\/span><a href=\"https:\/\/unit42.paloaltonetworks.jp\/tag\/exploit-in-the-wild-ja\/\"><span style=\"font-weight: 400;\">exploits in the wild<\/span><\/a><span style=\"font-weight: 400;\">, <\/span><a href=\"https:\/\/unit42.paloaltonetworks.jp\/tag\/attack-analysis-ja\/\"><span style=\"font-weight: 400;\">attack analysis<\/span><\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><em>2022-09-07 10:00 JST \u82f1\u8a9e\u7248\u66f4\u65b0\u65e5 2022-09-02 12:30 PDT \u306e\u5185\u5bb9\u3092\u53cd\u6620\u3002\u8aa4\u3063\u3066\u63b2\u8f09\u3055\u308c\u3066\u3044\u305fCVE (CVE-2021-38406\u3001CVE-2022-23253)\u3092\u524a\u9664\u3057\u307e\u3057\u305f\u3002<\/em><\/p>\n<h2><a id=\"post-124620-_ityilpf6fsuw\"><\/a><strong>\u76ee\u6b21<\/strong><\/h2>\n<ul>\n<li><a href=\"#post-124620-_y1z8rybf5q7d\">\u516c\u958b\u3055\u308c\u305f\u8106\u5f31\u6027\u306e\u5206\u6790: 2022\u5e742\u6708\uff5e2022\u5e744\u6708<\/a>\n<ul>\n<li><a href=\"#post-124620-_kh524qh7u38h\">\u6700\u65b0\u306e\u8106\u5f31\u6027\u306e\u6df1\u523b\u5ea6<\/a><\/li>\n<li><a href=\"#post-124620-_7lgs559i874v\">\u8106\u5f31\u6027\u30ab\u30c6\u30b4\u30ea\u306e\u5206\u5e03<\/a><\/li>\n<\/ul>\n<\/li>\n<li><a href=\"#post-124620-_2rs5p48l7jvp\">\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u306e\u52d5\u5411: \u5b9f\u969b\u306b\u898b\u3089\u308c\u305f\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u306e\u5206\u6790: 2022\u5e742\u6708\uff5e2022\u5e744\u6708<\/a>\n<ul>\n<li><a href=\"#post-124620-_10tob2q8biby\">\u30c7\u30fc\u30bf\u53ce\u96c6<\/a><\/li>\n<li><a href=\"#post-124620-_qa2xc3puoif3\">\u5b9f\u969b\u306e\u60aa\u7528\u304c\u898b\u3089\u308c\u308b\u653b\u6483\u306e\u6df1\u523b\u5ea6<\/a><\/li>\n<li><a href=\"#post-124620-_qya80cmt37dq\">\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u653b\u6483\u306e\u767a\u751f\u6642\u671f<\/a><\/li>\n<\/ul>\n<\/li>\n<li><a href=\"#post-124620-_76pir5vuwogh\">\u5b9f\u969b\u306e\u60aa\u7528\u304c\u898b\u3089\u308c\u308b\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8: 2022\u5e742\u6708\uff5e2022\u5e744\u6708\u306e\u8a73\u7d30\u5206\u6790<\/a>\n<ul>\n<li><a href=\"#post-124620-_7iu4f7lirct4\">\u653b\u6483\u30ab\u30c6\u30b4\u30ea\u306e\u5206\u5e03<\/a><\/li>\n<li><a href=\"#post-124620-_are6is6g7zms\">\u653b\u6483\u306e\u8d77\u70b9<\/a><\/li>\n<\/ul>\n<\/li>\n<li><a href=\"#post-124620-_2an8ryq91inv\">\u7d50\u8ad6<\/a><\/li>\n<li><a href=\"#post-124620-_570cbe1pdhwx\">\u8ffd\u52a0\u30ea\u30bd\u30fc\u30b9<\/a><\/li>\n<\/ul>\n<h2><a id=\"post-124620-_y1z8rybf5q7d\"><\/a><strong>\u516c\u958b\u3055\u308c\u305f\u8106\u5f31\u6027\u306e\u5206\u6790: 2022\u5e742\u6708\uff5e2022\u5e744\u6708<\/strong><\/h2>\n<p>2022\u5e742\u6708\u304b\u30894\u6708\u306b\u304b\u3051\u3066\u306f\u3001\u5408\u8a08\u30675,962\u4ef6\u306eCVE(Common Vulnerabilities and Exposures)\u756a\u53f7\u304c\u65b0\u305f\u306b\u767b\u9332\u3055\u308c\u307e\u3057\u305f\u3002\u65b0\u3057\u304f\u516c\u958b\u3055\u308c\u305f\u3053\u308c\u3089\u306e\u8106\u5f31\u6027\u304c\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u306b\u4e0e\u3048\u308b\u6f5c\u5728\u7684\u306a\u5f71\u97ff\u306b\u3064\u3044\u3066\u306e\u7406\u89e3\u3092\u6df1\u3081\u308b\u305f\u3081\u3001\u6df1\u523b\u5ea6\u3001\u6982\u5ff5\u5b9f\u8a3c\u30b3\u30fc\u30c9\u306e\u5b9f\u73fe\u53ef\u80fd\u6027\u3001\u8106\u5f31\u6027\u30ab\u30c6\u30b4\u30ea\u306b\u3082\u3068\u3065\u3044\u305f\u898b\u89e3\u3092\u793a\u3057\u307e\u3059\u3002<\/p>\n<h3><a id=\"post-124620-_kh524qh7u38h\"><\/a><strong>\u6700\u65b0\u306e\u8106\u5f31\u6027\u306e\u6df1\u523b\u5ea6<\/strong><\/h3>\n<p>\u8106\u5f31\u6027\u306e\u6f5c\u5728\u7684\u5f71\u97ff\u3092\u898b\u7a4d\u3082\u308b\u306b\u306f\u3001\u305d\u306e\u6df1\u523b\u5ea6\u306b\u3064\u3044\u3066\u691c\u8a0e\u3057\u3001\u653b\u6483\u8005\u304c\u5bb9\u6613\u306b\u4f7f\u3048\u308b\u4fe1\u983c\u6027\u306e\u9ad8\u3044\u6982\u5ff5\u5b9f\u8a3c (PoC) \u306e\u6709\u7121\u3092\u8abf\u67fb\u3057\u307e\u3059\u3002\u79c1\u305f\u3061\u304cPoC\u3092\u898b\u3064\u3051\u308b\u305f\u3081\u306b\u5229\u7528\u3057\u3066\u3044\u308b\u516c\u958b\u30bd\u30fc\u30b9\u306f\u3001Exploit-DB\u3001GitHub\u3001Metasploit\u306a\u3069\u3067\u3059\u3002\u6df1\u523b\u5ea6\u306e\u30b9\u30b3\u30a2\u304c\u300c\u4e2d\u300d\u4ee5\u4e0a\u306b\u8a2d\u5b9a\u3055\u308c\u3066\u3044\u308b5,631\u4ef6\u306eCVE\u306e\u5206\u5e03\u306f\u3001\u4ee5\u4e0b\u306e\u8868\u306e\u901a\u308a\u3067\u3059\u3002<\/p>\n<table style=\"width: 73.3703%;\">\n<tbody>\n<tr>\n<td style=\"width: 22.1184%;\"><b>\u6df1\u523b\u5ea6<\/b><\/td>\n<td style=\"width: 16.8224%;\"><b>\u4ef6\u6570<\/b><\/td>\n<td style=\"width: 15.2648%;\"><b>\u6bd4\u7387<\/b><\/td>\n<td style=\"width: 260.436%;\"><b>PoC\u304c\u5229\u7528\u53ef\u80fd<\/b><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 22.1184%;\"><span style=\"font-weight: 400;\">\u7dca\u6025 (Critical)<\/span><\/td>\n<td style=\"width: 16.8224%;\"><span style=\"font-weight: 400;\">1033<\/span><\/td>\n<td style=\"width: 15.2648%;\"><span style=\"font-weight: 400;\">18.3%<\/span><\/td>\n<td style=\"width: 260.436%;\"><span style=\"font-weight: 400;\">7.8%<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 22.1184%;\"><span style=\"font-weight: 400;\">\u9ad8 (High)<\/span><\/td>\n<td style=\"width: 16.8224%;\"><span style=\"font-weight: 400;\">2282<\/span><\/td>\n<td style=\"width: 15.2648%;\"><span style=\"font-weight: 400;\">40.5%<\/span><\/td>\n<td style=\"width: 260.436%;\"><span style=\"font-weight: 400;\">4.8%<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 22.1184%;\"><span style=\"font-weight: 400;\">\u4e2d (Medium)<\/span><\/td>\n<td style=\"width: 16.8224%;\"><span style=\"font-weight: 400;\">2316<\/span><\/td>\n<td style=\"width: 15.2648%;\"><span style=\"font-weight: 400;\">41.1%<\/span><\/td>\n<td style=\"width: 260.436%;\"><span style=\"font-weight: 400;\">3.6%<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p style=\"text-align: center;\"><span style=\"color: #999999; font-size: 10pt;\"><em>\u88681 2022\u5e742\u6708\uff5e4\u6708\u306b\u767b\u9332\u3055\u308c\u305fCVE\u306e\u6df1\u523b\u5ea6\u306e\u5206\u5e03<\/em><\/span><\/p>\n<figure id=\"attachment_124558\" aria-describedby=\"caption-attachment-124558\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-124559 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2022\/08\/chart-13-ja.png\" alt=\"\u6df1\u523b\u5ea6\u300c\u4e2d\u300d: 41.1\uff05\u3001\u300c\u9ad8\u300d: 40.5\uff05\u3001\u300c\u7dca\u6025\u300d: 18.3%\" width=\"900\" height=\"557\" \/><figcaption id=\"caption-attachment-124558\" class=\"wp-caption-text\">\u56f31. 2022\u5e742\u6708\uff5e4\u6708\u306b\u767b\u9332\u3055\u308c\u305fCVE\u306e\u6df1\u523b\u5ea6\u306e\u5206\u5e03(\u300c\u4e2d\u300d\u304b\u3089\u300c\u7dca\u6025\u300d\u3068\u8a55\u4fa1\u3055\u308c\u305f\u3082\u306e\u306e\u307f)<\/figcaption><\/figure>\n<p>\u300c\u7dca\u6025\u300d\u306b\u5206\u985e\u3055\u308c\u305f\u8106\u5f31\u6027\u306f\u6700\u3082\u6570\u306f\u5c11\u306a\u3044\u3067\u3059\u304c\u3001PoC\u304c\u5229\u7528\u3067\u304d\u308b\u53ef\u80fd\u6027\u306f\u3088\u308a\u9ad8\u304f\u306a\u3063\u3066\u3044\u307e\u3059\u3002\u3053\u306e\u30c7\u30fc\u30bf\u306fPoC\u306e\u6709\u7121\u3068\u8106\u5f31\u6027\u306e\u6df1\u523b\u5ea6\u304c\u76f8\u95a2\u3057\u3066\u3044\u308b\u3053\u3068\u3092\u793a\u5506\u3057\u3066\u3044\u307e\u3059\u3002\u4eca\u56de\u306e\u5bfe\u8c61\u671f\u9593\u306b\u304a\u3044\u3066\u306f\u91cd\u8981\u5ea6\u300c\u7dca\u6025\u300d\u306ePoC\u306e\u6bd4\u7387\u304c\u9ad8\u307e\u308a\u300c\u9ad8\u300d\u300c\u4e2d\u300d\u306ePoC\u306e\u6bd4\u7387\u304c\u308f\u305a\u304b\u306b\u4e0b\u304c\u3063\u3066\u3044\u307e\u3059\u3002\u30d1\u30ed\u30a2\u30eb\u30c8\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u306f\u3001\u6700\u65b0\u306e\u8106\u5f31\u6027\u306b\u95a2\u3059\u308b\u8105\u5a01\u30a4\u30f3\u30c6\u30ea\u30b8\u30a7\u30f3\u30b9\u3084\u3001\u5b9f\u969b\u306b\u884c\u308f\u308c\u3066\u3044\u308b\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u3092\u30ea\u30a2\u30eb\u30bf\u30a4\u30e0\u3067\u76e3\u8996\u3059\u308b\u3053\u3068\u3067\u3001\u304a\u5ba2\u69d8\u3078\u306e\u4fdd\u8b77\u3092\u7d99\u7d9a\u7684\u306b\u63d0\u4f9b\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n<h3><a id=\"post-124620-_7lgs559i874v\"><\/a><strong>\u8106\u5f31\u6027\u30ab\u30c6\u30b4\u30ea\u306e\u5206\u5e03<\/strong><\/h3>\n<p>\u8106\u5f31\u6027\u306e\u5c5e\u3059\u308b\u30ab\u30c6\u30b4\u30ea\u3082\u3001\u3042\u308b\u8106\u5f31\u6027\u306e\u3082\u3064\u5f71\u97ff\u3092\u7406\u89e3\u3059\u308b\u306b\u306f\u91cd\u8981\u3068\u306a\u308a\u307e\u3059\u3002\u65b0\u305f\u306b\u516c\u958b\u3055\u308c\u305fCVE\u3092\u5206\u6790\u3059\u308b\u3068\u300126.4%\u304c\u30ed\u30fc\u30ab\u30eb\u306a\u8106\u5f31\u6027\u306b\u5206\u985e\u3055\u308c\u3001\u4fb5\u5bb3\u3055\u308c\u305f\u30b7\u30b9\u30c6\u30e0\u3078\u306e\u4e8b\u524d\u306e\u30a2\u30af\u30bb\u30b9\u304c\u5fc5\u8981\u3067\u3057\u305f\u3002\u6b8b\u308a\u306e73.6%\u306f\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u7d4c\u7531\u3067\u60aa\u7528\u3055\u308c\u3046\u308b\u30ea\u30e2\u30fc\u30c8\u306e\u8106\u5f31\u6027\u3067\u3059\u3002\u3064\u307e\u308a\u3001\u65b0\u305f\u306b\u516c\u958b\u3055\u308c\u305f\u8106\u5f31\u6027\u306e\u5927\u534a\u306f\u3001\u4e16\u754c\u306e\u3069\u3053\u304b\u3089\u3067\u3082\u8106\u5f31\u306a\u7d44\u7e54\u3092\u653b\u6483\u3067\u304d\u308b\u53ef\u80fd\u6027\u304c\u3042\u308b\u3068\u3044\u3046\u3053\u3068\u3067\u3059\u3002<\/p>\n<p>\u56f32\u306f\u3001\u6700\u8fd1\u516c\u958b\u3055\u308c\u305f\u8106\u5f31\u6027\u306b\u5360\u3081\u308b\u5272\u5408\u306e\u9ad8\u3055\u306e\u9806\u3067\u3001\u6700\u3082\u3088\u304f\u898b\u3089\u308c\u305f\u8106\u5f31\u6027\u3092\u30ab\u30c6\u30b4\u30ea\u3054\u3068\u306b\u30e9\u30f3\u30ad\u30f3\u30b0\u3057\u305f\u3082\u306e\u3067\u3059\u3002<\/p>\n<figure id=\"attachment_124560\" aria-describedby=\"caption-attachment-124560\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-124561 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2022\/08\/chart-14-ja.png\" alt=\"\u3053\u3053\u3067\u306f\u8d64\u304c\u300c\u7dca\u6025\u300d\u3001\u9ec4\u304c\u300c\u9ad8\u300d\u3001\u9752\u304c\u300c\u4e2d\u300d\u3092\u8868\u3057\u3066\u3044\u307e\u3059\u3002\u8106\u5f31\u6027\u306e\u30ab\u30c6\u30b4\u30ea (\u3082\u3063\u3068\u3082\u8513\u5ef6\u3057\u3066\u3044\u308b\u3082\u306e\u304b\u3089\u9806\u306b): \u30af\u30ed\u30b9\u30b5\u30a4\u30c8\u30b9\u30af\u30ea\u30d7\u30c6\u30a3\u30f3\u30b0(XSS)\u3001\u5883\u754c\u5916\u66f8\u304d\u8fbc\u307f\u3001\u60c5\u5831\u6f0f\u3048\u3044\u3001SQL\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u3001\u7279\u6a29\u6607\u683c\u3001\u30b5\u30fc\u30d3\u30b9\u62d2\u5426(DoS)\u3001\u30b3\u30de\u30f3\u30c9\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u3001\u30d5\u30a1\u30a4\u30eb\u95a2\u9023\u3001\u30c8\u30e9\u30d0\u30fc\u30b5\u30eb\u3001\u30ea\u30e2\u30fc\u30c8\u30b3\u30fc\u30c9\u5b9f\u884c(RCE)\u3001\u4e0d\u9069\u5207\u306a\u8a8d\u8a3c\u3001\u4e0d\u9069\u5207\u306a\u5165\u529b\u691c\u8a3c\u3001\u30d0\u30c3\u30d5\u30a1\u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc\" width=\"900\" height=\"366\" \/><figcaption id=\"caption-attachment-124560\" class=\"wp-caption-text\">\u56f32. 2022\u5e742\u6708\uff5e4\u6708\u306b\u767b\u9332\u3055\u308c\u305fCVE\u306e\u8106\u5f31\u6027\u30ab\u30c6\u30b4\u30ea\u3054\u3068\u306e\u5206\u5e03<\/figcaption><\/figure>\n<p>\u3053\u306e\u671f\u9593\u306f\u30af\u30ed\u30b9\u30b5\u30a4\u30c8\u30b9\u30af\u30ea\u30d7\u30c6\u30a3\u30f3\u30b0\u306e\u8106\u5f31\u6027\u304c\u3082\u3063\u3068\u3082\u591a\u304f\u5831\u544a\u3055\u308c\u307e\u3057\u305f\u3002\u3053\u306e\u307b\u304b\u3001\u5883\u754c\u5916\u66f8\u304d\u8fbc\u307f\u3084\u60c5\u5831\u6f0f\u3048\u3044\u306e\u8106\u5f31\u6027\u306e\u5831\u544a\u3082\u524d\u56db\u534a\u671f\u306b\u6bd4\u3079\u3066\u5897\u3048\u3066\u3044\u307e\u3059\u3002\u306a\u304a\u3001\u6700\u8fd1\u5831\u544a\u3055\u308c\u305f\u30af\u30ed\u30b9\u30b5\u30a4\u30c8\u30b9\u30af\u30ea\u30d7\u30c6\u30a3\u30f3\u30b0\u3084\u60c5\u5831\u6f0f\u3048\u3044\u306e\u8106\u5f31\u6027\u306f\u3001\u91cd\u5927\u5ea6\u304c\u300c\u7dca\u6025\u300d\u3067\u306a\u304f\u3001\u300c\u4e2d\u300d\u307e\u305f\u306f\u300c\u9ad8\u300d\u306e\u3082\u306e\u304c\u591a\u304f\u306a\u3063\u3066\u3044\u307e\u3059\u3002\u540c\u6642\u306b\u30012022\u5e742\u6708\u304b\u30894\u6708\u306b\u304b\u3051\u3066\u306fSQL\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u8106\u5f31\u6027\u5229\u7528\u304c\u62e1\u5927\u3057\u3066\u3044\u307e\u3057\u305f\u3002\u3053\u306e\u30ab\u30c6\u30b4\u30ea\u306e\u8106\u5f31\u6027\u306e\u591a\u304f\u306f\u300c\u7dca\u6025\u300d\u3067\u3059\u3002<\/p>\n<h2><a id=\"post-124620-_2rs5p48l7jvp\"><\/a><strong>\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u306e\u52d5\u5411: \u5b9f\u969b\u306b\u898b\u3089\u308c\u305f\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u306e\u5206\u6790: 2022\u5e742\u6708\uff5e2022\u5e744\u6708<\/strong><\/h2>\n<h3><a id=\"post-124620-_10tob2q8biby\"><\/a><strong>\u30c7\u30fc\u30bf\u53ce\u96c6<\/strong><\/h3>\n<p>\u30d1\u30ed\u30a2\u30eb\u30c8\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u306e\u6b21\u4e16\u4ee3\u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb\u3092\u5883\u754c\u7dda\u4e0a\u306e\u30bb\u30f3\u30b5\u30fc\u3068\u3057\u3066\u6d3b\u7528\u3059\u308b\u3053\u3068\u3067\u3001Unit 42\u306e\u30ea\u30b5\u30fc\u30c1\u30e3\u30fc\u306f2022\u5e742\u6708\u304b\u30894\u6708\u306b\u304b\u3051\u3066\u306e\u60aa\u610f\u3042\u308b\u30a2\u30af\u30c6\u30a3\u30d3\u30c6\u30a3\u3092\u89b3\u6e2c\u3057\u307e\u3057\u305f\u3002\u8b58\u5225\u3055\u308c\u305f\u60aa\u610f\u306e\u3042\u308b\u30c8\u30e9\u30d5\u30a3\u30c3\u30af\u306f\u3001IP\u30a2\u30c9\u30ec\u30b9\u3001\u30dd\u30fc\u30c8\u756a\u53f7\u3001\u30bf\u30a4\u30e0\u30b9\u30bf\u30f3\u30d7\u306a\u3069\u306e\u6307\u6a19\u306b\u57fa\u3065\u3044\u3066\u3055\u3089\u306b\u51e6\u7406\u3055\u308c\u307e\u3059\u3002\u3053\u308c\u306b\u3088\u308a\u5404\u653b\u6483\u30bb\u30c3\u30b7\u30e7\u30f3\u306e\u4e00\u610f\u6027\u304c\u62c5\u4fdd\u3055\u308c\u3001\u6f5c\u5728\u7684\u306a\u30c7\u30fc\u30bf\u306e\u504f\u308a\u304c\u6392\u9664\u3055\u308c\u307e\u3059\u30029,300\u4e07\u4ef6\u306e\u6709\u52b9\u306a\u60aa\u610f\u306e\u3042\u308b\u30bb\u30c3\u30b7\u30e7\u30f3\u3092\u5206\u6790\u3057\u3001\u7cbe\u932c\u3057\u305f\u30c7\u30fc\u30bf\u3092\u307b\u304b\u306e\u5c5e\u6027\u3068\u76f8\u95a2\u3055\u305b\u3066\u6642\u7cfb\u5217\u3067\u306e\u653b\u6483\u50be\u5411\u3092\u63a8\u6e2c\u3057\u3001\u8105\u5a01\u306e\u52d5\u5411\u3092\u628a\u63e1\u3057\u307e\u3057\u305f\u3002<\/p>\n<h3><a id=\"post-124620-_qa2xc3puoif3\"><\/a><strong>\u5b9f\u969b\u306e\u60aa\u7528\u304c\u898b\u3089\u308c\u308b\u653b\u6483\u306e\u6df1\u523b\u5ea6<\/strong><\/h3>\n<p>\u79c1\u305f\u3061\u306f\u30b9\u30ad\u30e3\u30f3\u653b\u6483\u3084\u30d6\u30eb\u30fc\u30c8\u30d5\u30a9\u30fc\u30b9\u653b\u6483\u306e\u691c\u51fa\u306b\u4f7f\u7528\u3055\u308c\u308b\u4f4e\u6df1\u523b\u5ea6\u306e\u30b7\u30b0\u30cd\u30c1\u30e3\u30c8\u30ea\u30ac\u30fc\u3092\u9664\u5916\u3057\u3001\u3053\u308c\u306b\u304f\u308f\u3048\u3066\u30ea\u30b5\u30fc\u30c1\u76ee\u7684\u3067\u306e\u5185\u90e8\u7684\u306a\u30c8\u30ea\u30ac\u30fc\u3082\u9664\u5916\u3057\u3066\u30019,300\u4e07\u4ef6\u306e\u6709\u52b9\u306a\u60aa\u610f\u306e\u3042\u308b\u30bb\u30c3\u30b7\u30e7\u30f3\u3092\u5f97\u307e\u3057\u305f\u3002\u3057\u305f\u304c\u3063\u3066\u3053\u3053\u3067\u79c1\u305f\u3061\u306f\u3001\u6df1\u523b\u5ea6\u304c\u300c\u4e2d\u300d (<a href=\"https:\/\/nvd.nist.gov\/vuln-metrics\/cvss\">CVSS v3 \u30b9\u30b3\u30a2<\/a>\u306b\u57fa\u3065\u304f) \u3092\u8d85\u3048\u308b\u60aa\u7528\u53ef\u80fd\u306a\u8106\u5f31\u6027\u3092\u3082\u3064\u3082\u306e\u306e\u307f\u3092\u78ba\u8a8d\u6e08\u307f\u306e\u653b\u6483\u3068\u307f\u306a\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n<figure id=\"attachment_124562\" aria-describedby=\"caption-attachment-124562\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-124563 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2022\/08\/chart-15-ja.png\" alt=\"\u6df1\u523b\u5ea6\u300c\u4e2d\u300d: 31.3%\u3001\u300c\u9ad8\u300d: 29.6%\u3001\u300c\u7dca\u6025\u300d: 39.1%\" width=\"900\" height=\"557\" \/><figcaption id=\"caption-attachment-124562\" class=\"wp-caption-text\">\u56f33. 2022\u5e742\u6708\uff5e4\u6708\u306e\u653b\u6483\u306e\u6df1\u523b\u5ea6\u5206\u5e03(\u300c\u4e2d\u300d\u304b\u3089\u300c\u7dca\u6025\u300d\u3068\u8a55\u4fa1\u3055\u308c\u305f\u8106\u5f31\u6027\u306e\u307f)<\/figcaption><\/figure>\n<p>\u56f33\u306f\u3001\u5404\u8106\u5f31\u6027\u306e\u6df1\u523b\u5ea6\u5225\u306b\u5206\u985e\u3057\u305f\u30bb\u30c3\u30b7\u30e7\u30f3\u6570\u3068\u653b\u6483\u6570\u306e\u6bd4\u7387\u3092\u793a\u3057\u305f\u3082\u306e\u3067\u3059\u3002\u524d\u56db\u534a\u671f\u306e\u6df1\u523b\u5ea6\u5206\u5e03\u3068\u4eca\u56db\u534a\u671f\u306e\u6df1\u523b\u5ea6\u5206\u5e03\u306f\u300c\u7dca\u6025\u300d\u300c\u9ad8\u300d\u300c\u4e2d\u300d\u306e\u653b\u6483\u3068\u3082\u307b\u3068\u3093\u3069\u5dee\u304c\u3042\u308a\u307e\u305b\u3093\u3067\u3057\u305f\u3002\u305f\u3060\u3057\u305d\u306e\u6f5c\u5728\u7684\u5f71\u97ff\u306e\u5927\u304d\u3055\u304b\u3089\u3001\u79c1\u305f\u3061\u306f\u3084\u306f\u308a\u6df1\u523b\u5ea6\u300c\u7dca\u6025\u300d\u306e\u653b\u6483\u306b\u6700\u3082\u7126\u70b9\u3092\u3042\u3066\u3066\u8abf\u67fb\u3057\u3066\u3044\u307e\u3059\u3002\u516c\u958b\u3055\u308c\u305f\u8106\u5f31\u6027\u306e\u591a\u304f\u306f\u300c\u4e2d\u300d\u306e\u6df1\u523b\u5ea6\u3067\u3059\u304c\u3001\u653b\u6483\u8005\u306f\u3088\u308a\u6df1\u523b\u5ea6\u306e\u9ad8\u3044\u8106\u5f31\u6027\u3092\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u306b\u5229\u7528\u3057\u307e\u3059\u3002\u3057\u305f\u304c\u3063\u3066\u9632\u5fa1\u5074\u306f\u3001\u6df1\u523b\u5ea6\u304c\u300c\u9ad8\u300d\u3001\u300c\u7dca\u6025\u300d\u306e\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u653b\u6483\u306e\u9632\u6b62\u3068\u7de9\u548c\u306b\u6ce8\u610f\u3092\u6255\u3046\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<h3><a id=\"post-124620-_qya80cmt37dq\"><\/a><strong>\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u653b\u6483\u306e\u767a\u751f\u6642\u671f<\/strong><\/h3>\n<figure id=\"attachment_124564\" aria-describedby=\"caption-attachment-124564\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-124565 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2022\/08\/chart-16-ja.png\" alt=\"\u3053\u3053\u3067\u306f\u8d64\u304c\u300c\u7dca\u6025\u300d\u3001\u9ec4\u304c\u300c\u9ad8\u300d\u3001\u9752\u304c\u300c\u4e2d\u7a0b\u5ea6\u300d\u3001\u7dd1\u304c\u300c\u5408\u8a08\u300d\u3092\u8868\u3057\u3066\u3044\u307e\u3059\u3002\u3053\u306e\u68d2\u30b0\u30e9\u30d5\u306f\u30012022\u5e742\u6708\u304b\u30894\u6708\u306e\u9031\u3054\u3068(\u5358\u4f4d:\u767e\u4e07)\u306e\u30bb\u30c3\u30b7\u30e7\u30f3\u306e\u653b\u6483\u6df1\u523b\u5ea6\u5206\u5e03\u3092\u793a\u3057\u3066\u3044\u307e\u3059\u3002 \" width=\"900\" height=\"363\" \/><figcaption id=\"caption-attachment-124564\" class=\"wp-caption-text\">\u56f34. 2021\u5e742\u6708\u301c4\u6708\u306b\u304b\u3051\u3066\u9031\u3054\u3068\u306b\u8a08\u6e2c\u3057\u305f\u653b\u6483\u306e\u6df1\u523b\u5ea6\u5206\u5e03<\/figcaption><\/figure>\n<p>\u4eca\u56de\u306e\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u52d5\u5411\u5206\u6790\u3067\u306f\u30012022\u5e742\u6708\u304b\u30894\u6708\u306e\u30c7\u30fc\u30bf\u3092\u53ce\u96c6\u3057\u307e\u3057\u305f\u3002\u3053\u306e\u671f\u9593\u4e2d\u3001\u653b\u6483\u8005\u306f\u3064\u306d\u306b\u6df1\u523b\u5ea6\u306e\u9ad8\u3044\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u3092\u5229\u7528\u3057\u3066\u3044\u307e\u3057\u305f\u3002<\/p>\n<p>\u3053\u308c\u307e\u3067\u3082\u89b3\u6e2c\u3057\u3066\u304d\u305f\u3068\u304a\u308a\u3001\u653b\u6483\u8005\u306f\u6700\u8fd1\u516c\u958b\u3055\u308c\u305f\u8106\u5f31\u6027\u3001\u3068\u304f\u306b2021\u5e74\u304b\u30892022\u5e74\u306b\u304b\u3051\u3066\u516c\u958b\u3055\u308c\u305f\u8106\u5f31\u6027\u3092\u591a\u7528\u3057\u3066\u3044\u307e\u3057\u305f\u3002\u3053\u306e\u3053\u3068\u306f\u3001\u76f4\u8fd1\u3067\u767a\u898b\u3055\u308c\u305f\u8106\u5f31\u6027\u304b\u3089\u306e\u4fdd\u8b77\u306e\u305f\u3081\u306b\u3001\u5229\u7528\u53ef\u80fd\u306b\u306a\u308a\u6b21\u7b2c\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30d1\u30c3\u30c1\u3092\u9069\u7528\u3057\u3001\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u88fd\u54c1\u3092\u66f4\u65b0\u3059\u308b\u3053\u3068\u304c\u3044\u304b\u306b\u91cd\u8981\u304b\u3092\u7269\u8a9e\u3063\u3066\u3044\u307e\u3059\u3002<\/p>\n<figure id=\"attachment_124566\" aria-describedby=\"caption-attachment-124566\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-124567 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2022\/08\/chart-17-ja.png\" alt=\"\u8d64\uff1d2021-2022\u5e74\u516c\u958b\u306eCVE\u3001\u9ec4\uff1d2019-2020\u5e74\u516c\u958b\u306eCVE\u3001\u9752\uff1d2016-2018\u5e74\u516c\u958b\u306eCVE\u3001\u7dd1\uff1d2010-2015\u5e74\u516c\u958b\u306eCVE\u3001\u30aa\u30ec\u30f3\u30b8\uff1d2010\u5e74\u3088\u308a\u524d\u306b\u516c\u958b\u3055\u308c\u305fCVE\u3002\u3053\u306e\u68d2\u30b0\u30e9\u30d5\u306f\u30012022\u5e742\u6708\u304b\u30894\u6708\u306e\u9031\u3054\u3068(\u5358\u4f4d:\u767e\u4e07)\u306e\u30bb\u30c3\u30b7\u30e7\u30f3\u306e\u653b\u6483\u6df1\u523b\u5ea6\u5206\u5e03\u3092\u793a\u3057\u3066\u3044\u307e\u3059\u3002 \" width=\"900\" height=\"336\" \/><figcaption id=\"caption-attachment-124566\" class=\"wp-caption-text\">\u56f35. \u89b3\u6e2c\u3055\u308c\u305f\u653b\u6483\u3092\u60aa\u7528\u3055\u308c\u305fCVE\u306e\u958b\u793a\u5e74\u3054\u3068\u306b\u5206\u985e(2022\u5e742\u6708\u301c4\u6708\u306b\u304b\u3051\u3066\u9031\u3054\u3068\u306b\u6e2c\u5b9a)<\/figcaption><\/figure>\n<h2><a id=\"post-124620-_76pir5vuwogh\"><\/a><strong>\u5b9f\u969b\u306e\u60aa\u7528\u304c\u898b\u3089\u308c\u308b\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8: 2022\u5e742\u6708\uff5e2022\u5e744\u6708\u306e\u8a73\u7d30\u5206\u6790<\/strong><\/h2>\n<p>\u6700\u65b0\u516c\u958b\u3055\u308c\u305f\u653b\u6483\u306b\u6ce8\u76ee\u3057\u305f\u3068\u3053\u308d\u3001PoC\u306e\u53ef\u7528\u6027\u3001\u6df1\u523b\u5ea6\u3001\u60aa\u7528\u306e\u5bb9\u6613\u6027\u304b\u3089\u3001\u4ee5\u4e0b\u306e\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u304c\u76ee\u7acb\u3061\u307e\u3057\u305f\u3002\u3053\u3053\u3067\u306f\u653b\u6483\u8005\u304c\u30aa\u30fc\u30d7\u30f3\u30bd\u30fc\u30b9\u30c4\u30fc\u30eb\u3092\u4f7f\u7528\u3057\u3066\u3055\u307e\u3056\u307e\u306a\u30bf\u30fc\u30b2\u30c3\u30c8\u3092\u4fb5\u5bb3\u3057\u305f\u65b9\u6cd5\u3092\u793a\u3059\u30b9\u30cb\u30da\u30c3\u30c8\u3092\u63d0\u4f9b\u3059\u308b\u3053\u3068\u3067\u3001\u3053\u308c\u3089\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u306e\u624b\u53e3\u3092\u9632\u5fa1\u5074\u304c\u7406\u89e3\u3057\u3084\u3059\u3044\u3088\u3046\u306b\u3057\u3066\u304a\u304d\u307e\u3059\u3002<\/p>\n<p><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-22954\">CVE-2022-22954<\/a><\/p>\n<p>VMware Workspace ONE Access\u3068VMware Identity Manager\u306b\u306f\u30b5\u30fc\u30d0\u30fc\u30b5\u30a4\u30c9 \u30c6\u30f3\u30d7\u30ec\u30fc\u30c8 \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306b\u8d77\u56e0\u3059\u308b\u30ea\u30e2\u30fc\u30c8\u30b3\u30fc\u30c9\u5b9f\u884c(RCE)\u306e\u8106\u5f31\u6027\u304c\u5b58\u5728\u3057\u307e\u3059\u3002\u60aa\u610f\u306e\u3042\u308b\u653b\u6483\u8005\u306f\u30b5\u30fc\u30d0\u30fc\u30b5\u30a4\u30c9 \u30c6\u30f3\u30d7\u30ec\u30fc\u30c8 \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u3092\u30c8\u30ea\u30ac\u30fc\u53ef\u80fd\u3067\u3059\u3002<\/p>\n<figure id=\"attachment_124568\" aria-describedby=\"caption-attachment-124568\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-124569 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2022\/08\/word-image-58.png\" alt=\"VMware\u306e\u30b5\u30fc\u30d0\u30fc\u30b5\u30a4\u30c9 \u30c6\u30f3\u30d7\u30ec\u30fc\u30c8 \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u30ea\u30e2\u30fc\u30c8\u30b3\u30fc\u30c9\u5b9f\u884c\u306e\u8106\u5f31\u6027(CVE-2022-22954)\u3092\u8aac\u660e\u3059\u308b\u30b9\u30cb\u30da\u30c3\u30c8\" width=\"900\" height=\"98\" \/><figcaption id=\"caption-attachment-124568\" class=\"wp-caption-text\">\u56f36. VMware\u306e\u30b5\u30fc\u30d0\u30fc\u30b5\u30a4\u30c9 \u30c6\u30f3\u30d7\u30ec\u30fc\u30c8 \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u30ea\u30e2\u30fc\u30c8\u30b3\u30fc\u30c9\u5b9f\u884c\u8106\u5f31\u6027<\/figcaption><\/figure>\n<p><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-22963\">CVE-2022-22963<\/a><\/p>\n<p>Spring Cloud Function\u306b\u306f\u3001\u30eb\u30fc\u30c6\u30a3\u30f3\u30b0\u6a5f\u80fd\u3092\u5229\u7528\u3059\u308b\u3055\u3044\u306b\u30e6\u30fc\u30b6\u30fc\u304c\u7279\u5225\u306b\u7d30\u5de5\u3057\u305fSpEL\u3092\u30eb\u30fc\u30c6\u30a3\u30f3\u30b0\u5f0f\u3068\u3057\u3066\u63d0\u4f9b\u3059\u308b\u3053\u3068\u306b\u3088\u308a\u30ea\u30e2\u30fc\u30c8\u30b3\u30fc\u30c9\u5b9f\u884c\u3084\u30ed\u30fc\u30ab\u30eb\u30ea\u30bd\u30fc\u30b9\u30a2\u30af\u30bb\u30b9\u304c\u53ef\u80fd\u3068\u306a\u308b\u8106\u5f31\u6027\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<figure id=\"attachment_124570\" aria-describedby=\"caption-attachment-124570\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-124571 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2022\/08\/word-image-59.png\" alt=\"Spring Cloud SpEL\u306e\u30ea\u30e2\u30fc\u30c8\u30b3\u30fc\u30c9\u5b9f\u884c\u306e\u8106\u5f31\u6027(CVE-2022-22963)\u3092\u8aac\u660e\u3059\u308b\u30b9\u30cb\u30da\u30c3\u30c8\" width=\"900\" height=\"169\" \/><figcaption id=\"caption-attachment-124570\" class=\"wp-caption-text\">\u56f37 Spring Cloud SpEL\u306e\u30ea\u30e2\u30fc\u30c8\u30b3\u30fc\u30c9\u5b9f\u884c\u306e\u8106\u5f31\u6027<\/figcaption><\/figure>\n<p><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-22965\">CVE-2022-22965 <\/a><\/p>\n<p>Spring MVC\u3001Spring WebFlux\u306e\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306b\u306f\u3001\u30c7\u30fc\u30bf\u30d0\u30a4\u30f3\u30c7\u30a3\u30f3\u30b0\u3092\u4ecb\u3059\u308b\u30ea\u30e2\u30fc\u30c8\u30b3\u30fc\u30c9\u5b9f\u884c\u306e\u8106\u5f31\u6027\u304c\u3042\u308a\u307e\u3059\u3002\u3053\u306e\u7279\u5b9a\u306e\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u3067\u306f\u3001\u5bfe\u8c61\u306e\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u304cTomcat\u4e0a\u3067WAR\u5f62\u5f0f\u3067\u30c7\u30d7\u30ed\u30a4\u3055\u308c\u3066\u5b9f\u884c\u3055\u308c\u3066\u3044\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<figure id=\"attachment_124572\" aria-describedby=\"caption-attachment-124572\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-124573 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2022\/08\/word-image-60.png\" alt=\"Spring Core\u306e\u30ea\u30e2\u30fc\u30c8\u30b3\u30fc\u30c9\u5b9f\u884c\u306e\u8106\u5f31\u6027(CVE-2022-22965)\u3092\u8aac\u660e\u3059\u308b\u30b9\u30cb\u30da\u30c3\u30c8\" width=\"900\" height=\"156\" \/><figcaption id=\"caption-attachment-124572\" class=\"wp-caption-text\">\u56f38 Spring Core\u306e\u30ea\u30e2\u30fc\u30c8\u30b3\u30fc\u30c9\u5b9f\u884c\u306e\u8106\u5f31\u6027<\/figcaption><\/figure>\n<p><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-25060\">CVE-2022-25060<\/a><\/p>\n<p>TP-LINK\u306b\u306f\u3001oal_startPing\u30b3\u30f3\u30dd\u30fc\u30cd\u30f3\u30c8\u3092\u4ecb\u3057\u305f\u30b3\u30de\u30f3\u30c9\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u8106\u5f31\u6027\u304c\u5b58\u5728\u3059\u308b\u3053\u3068\u304c\u660e\u3089\u304b\u306b\u306a\u308a\u307e\u3057\u305f\u3002<\/p>\n<figure id=\"attachment_124574\" aria-describedby=\"caption-attachment-124574\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-124575 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2022\/08\/word-image-61.png\" alt=\"TP-LINK\u306e\u30b3\u30de\u30f3\u30c9\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u8106\u5f31\u6027(CVE-2022-25060)\u3092\u8aac\u660e\u3059\u308b\u30b9\u30cb\u30da\u30c3\u30c8\" width=\"900\" height=\"174\" \/><figcaption id=\"caption-attachment-124574\" class=\"wp-caption-text\">\u56f39 TP-LINK\u306e\u30b3\u30de\u30f3\u30c9\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u8106\u5f31\u6027<\/figcaption><\/figure>\n<p><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-22947\">CVE-2022-22947<\/a><\/p>\n<p>Spring Cloud Gateway\u306b\u306f\u3001Gateway Actuator\u306e\u30a8\u30f3\u30c9\u30dd\u30a4\u30f3\u30c8\u304c\u6709\u52b9\u3067\u516c\u958b\u72b6\u614b\u304b\u3064\u4fdd\u8b77\u3055\u308c\u3066\u3044\u306a\u3044\u5834\u5408\u306b\u3001\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u304c\u30b3\u30fc\u30c9\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u653b\u6483\u3092\u53d7\u3051\u3046\u308b\u8106\u5f31\u6027\u304c\u3042\u308a\u307e\u3059\u3002\u7d30\u5de5\u3057\u305f\u60aa\u610f\u306e\u3042\u308b\u30ea\u30af\u30a8\u30b9\u30c8\u3092\u9001\u308b\u3053\u3068\u306b\u3088\u308a\u3001\u653b\u6483\u8005\u306f\u30ea\u30e2\u30fc\u30c8\u304b\u3089\u8106\u5f31\u306a\u30db\u30b9\u30c8\u4e0a\u3067\u4efb\u610f\u306e\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3067\u304d\u308b\u3088\u3046\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n<figure id=\"attachment_124576\" aria-describedby=\"caption-attachment-124576\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-124577 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2022\/08\/word-image-62.png\" alt=\"Spring Cloud Gateway\u306e\u30b3\u30fc\u30c9\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u8106\u5f31\u6027(CVE-2022-22947)\u3092\u8aac\u660e\u3059\u308b\u30b9\u30cb\u30da\u30c3\u30c8\" width=\"900\" height=\"201\" \/><figcaption id=\"caption-attachment-124576\" class=\"wp-caption-text\">\u56f310 Spring Cloud Gateway\u306e\u30b3\u30fc\u30c9\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u8106\u5f31\u6027<\/figcaption><\/figure>\n<p><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-24112\">CVE-2022-24112<\/a><\/p>\n<p>\u653b\u6483\u8005\u306f\u3001\u30d0\u30c3\u30c1 \u30ea\u30af\u30a8\u30b9\u30c8 \u30d7\u30e9\u30b0\u30a4\u30f3\u3092\u60aa\u7528\u3057\u3066\u30ea\u30af\u30a8\u30b9\u30c8\u3092\u9001\u4fe1\u3059\u308b\u3053\u3068\u306b\u3088\u308a\u3001Admin API\u306eIP\u5236\u9650\u3092\u56de\u907f\u3067\u304d\u307e\u3059\u3002Apache APISIX\u306e\u30c7\u30d5\u30a9\u30eb\u30c8\u8a2d\u5b9a(API\u30ad\u30fc\u304c\u30c7\u30d5\u30a9\u30eb\u30c8)\u306e\u5834\u5408\u3001\u30ea\u30e2\u30fc\u30c8\u30b3\u30fc\u30c9\u5b9f\u884c\u306e\u8106\u5f31\u6027\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<figure id=\"attachment_124578\" aria-describedby=\"caption-attachment-124578\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-124579 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2022\/08\/word-image-63.png\" alt=\"Apache APISIX \u306e\u30ea\u30e2\u30fc\u30c8\u30b3\u30fc\u30c9\u5b9f\u884c\u306e\u8106\u5f31\u6027(CVE-2022-24112)\u3092\u8aac\u660e\u3059\u308b\u30b9\u30cb\u30da\u30c3\u30c8\" width=\"900\" height=\"271\" \/><figcaption id=\"caption-attachment-124578\" class=\"wp-caption-text\">\u56f311 Apache APISIX\u306e\u30ea\u30e2\u30fc\u30c8\u30b3\u30fc\u30c9\u5b9f\u884c\u306e\u8106\u5f31\u6027<\/figcaption><\/figure>\n<p><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-22536\">CVE-2022-22536<\/a><\/p>\n<p>SAP NetWeaver Application Server ABAP\u3001SAP NetWeaver Application Server Java\u3001ABAP Platform\u3001SAP Content Server\u3001SAP Web Dispatcher \u306e\u5404\u88fd\u54c1\u306b\u306f\u3001\u30ea\u30af\u30a8\u30b9\u30c8 \u30b9\u30de\u30b0\u30ea\u30f3\u30b0(request smuggling)\u3068\u30ea\u30af\u30a8\u30b9\u30c8 \u30b3\u30f3\u30ab\u30c1\u30cd\u30fc\u30b7\u30e7\u30f3(request concatenation)\u306b\u5bfe\u3059\u308b\u8106\u5f31\u6027\u304c\u3042\u308a\u3001\u672a\u8a8d\u8a3c\u306e\u653b\u6483\u8005\u304c\u88ab\u5bb3\u8005\u306e\u30ea\u30af\u30a8\u30b9\u30c8\u306b\u4efb\u610f\u306e\u30c7\u30fc\u30bf\u3092\u30d7\u30ea\u30da\u30f3\u30c9\u53ef\u80fd\u3067\u3059\u3002<\/p>\n<figure id=\"attachment_124580\" aria-describedby=\"caption-attachment-124580\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-124581 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2022\/08\/word-image-64.png\" alt=\"SAP\u306e\u8907\u6570\u306e\u88fd\u54c1\u306eHTTP\u30ea\u30af\u30a8\u30b9\u30c8 \u30b9\u30de\u30b0\u30ea\u30f3\u30b0\u306e\u8106\u5f31\u6027(CVE-2022-22536)\u3092\u8aac\u660e\u3059\u308b\u30b9\u30cb\u30da\u30c3\u30c8\" width=\"900\" height=\"214\" \/><figcaption id=\"caption-attachment-124580\" class=\"wp-caption-text\">\u56f312. SAP\u306e\u8907\u6570\u88fd\u54c1\u306eHTTP\u30ea\u30af\u30a8\u30b9\u30c8 \u30b9\u30de\u30b0\u30ea\u30f3\u30b0\u306e\u8106\u5f31\u6027<\/figcaption><\/figure>\n<p><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-24762\">CVE-2021-24762<\/a><\/p>\n<p>Perfect Survey WordPress\u30d7\u30e9\u30b0\u30a4\u30f3\u306f<span style=\"font-family: 'courier new', courier, monospace;\">question_id GET<\/span>\u30d1\u30e9\u30e1\u30fc\u30bf\u306e\u691c\u8a3c\u3068\u30a8\u30b9\u30b1\u30fc\u30d7\u51e6\u7406\u3092\u3057\u306a\u3044\u307e\u307e<span style=\"font-family: 'courier new', courier, monospace;\">get_question<\/span>AJAX\u30a2\u30af\u30b7\u30e7\u30f3\u306eSQL\u6587\u3067\u4f7f\u7528\u3057\u3066\u3044\u307e\u3059\u3002\u3053\u308c\u3092\u60aa\u7528\u3059\u308b\u3068\u3001\u672a\u8a8d\u8a3c\u306e\u30e6\u30fc\u30b6\u30fc\u304cSQL\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u3092\u5b9f\u884c\u3067\u304d\u307e\u3059\u3002<\/p>\n<figure id=\"attachment_124582\" aria-describedby=\"caption-attachment-124582\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-124583 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2022\/08\/word-image-65.png\" alt=\"WordPress Perfect Survey\u30d7\u30e9\u30b0\u30a4\u30f3\u306eSQL\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u8106\u5f31\u6027(CVE-2021-24762)\u3092\u8aac\u660e\u3059\u308b\u30b9\u30cb\u30da\u30c3\u30c8\" width=\"900\" height=\"121\" \/><figcaption id=\"caption-attachment-124582\" class=\"wp-caption-text\">\u56f313. WordPress Perfect Survey\u30d7\u30e9\u30b0\u30a4\u30f3\u306eSQL\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u8106\u5f31\u6027<\/figcaption><\/figure>\n<p><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-21662\">CVE-2022-21662<\/a><\/p>\n<p>WordPress\u30b3\u30a2\u306e\u7279\u6a29\u30ec\u30d9\u30eb\u306e\u4f4e\u3044\u8a8d\u8a3c\u6e08\u307f\u30e6\u30fc\u30b6\u30fc\u304c\u3001JavaScript\u3084\u683c\u7d0d\u578b\u30af\u30ed\u30b9\u30b5\u30a4\u30c8\u30b9\u30af\u30ea\u30d7\u30c6\u30a3\u30f3\u30b0\u653b\u6483\u3092\u5b9f\u884c\u3067\u304d\u307e\u3059\u3002\u3053\u308c\u306b\u3088\u308a\u3001\u9ad8\u3044\u7279\u6a29\u30ec\u30d9\u30eb\u306e\u30e6\u30fc\u30b6\u30fc\u306b\u3082\u5f71\u97ff\u3092\u4e0e\u3048\u3089\u308c\u307e\u3059\u3002<\/p>\n<figure id=\"attachment_124584\" aria-describedby=\"caption-attachment-124584\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-124585 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2022\/08\/word-image-66.png\" alt=\"WordPress\u30b3\u30a2\u306e\u6295\u7a3f\u306e\u30b9\u30e9\u30c3\u30b0(slug)\u3092\u4ecb\u3057\u305f\u683c\u7d0d\u578b\u30af\u30ed\u30b9\u30b5\u30a4\u30c8\u30b9\u30af\u30ea\u30d7\u30c6\u30a3\u30f3\u30b0\u306e\u8106\u5f31\u6027(CVE-2022-21662)\u3092\u8aac\u660e\u3059\u308b\u30b9\u30cb\u30da\u30c3\u30c8\" width=\"900\" height=\"163\" \/><figcaption id=\"caption-attachment-124584\" class=\"wp-caption-text\">\u56f314 WordPress\u30b3\u30a2\u306e\u6295\u7a3f\u306e\u30b9\u30e9\u30c3\u30b0\u3092\u4ecb\u3057\u305f\u683c\u7d0d\u578b\u30af\u30ed\u30b9\u30b5\u30a4\u30c8\u30b9\u30af\u30ea\u30d7\u30c6\u30a3\u30f3\u30b0\u306e\u8106\u5f31\u6027<\/figcaption><\/figure>\n<p><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-43711\">CVE-2021-43711<\/a>\u3001<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-25075\">CVE-2022-25075<\/a><\/p>\n<p>TOTOLINK\u5185\u306e\u30d0\u30a4\u30ca\u30ea\u30d5\u30a1\u30a4\u30eb<span style=\"font-family: 'courier new', courier, monospace;\">downloadFlile.cgi<\/span>\u306b\u306f\u3001<span style=\"font-family: 'courier new', courier, monospace;\">GET<\/span>\u30d1\u30e9\u30e1\u30fc\u30bf\u3092\u53d7\u4fe1\u3059\u308b\u3055\u3044\u306b\u3001\u30b3\u30de\u30f3\u30c9\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306b\u5bfe\u3059\u308b\u8106\u5f31\u6027\u304c\u3042\u308a\u307e\u3059\u3002\u3053\u306e\u30d1\u30e9\u30e1\u30fc\u30bf\u540d\u306f\u3001\u672a\u8a8d\u8a3c\u30b3\u30de\u30f3\u30c9\u306e\u5b9f\u884c\u7528\u306b\u69cb\u6210\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002<\/p>\n<figure id=\"attachment_124586\" aria-describedby=\"caption-attachment-124586\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-124587 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2022\/08\/word-image-67.png\" alt=\"TOTOLINK EX200\u306e\u30b3\u30de\u30f3\u30c9\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u8106\u5f31\u6027(CVE-2021-43711\u3068CVE-2022-25075)\u3092\u8aac\u660e\u3059\u308b\u30b9\u30cb\u30da\u30c3\u30c8\" width=\"900\" height=\"140\" \/><figcaption id=\"caption-attachment-124586\" class=\"wp-caption-text\">\u56f315. TOTOLINK EX200\u306e\u30b3\u30de\u30f3\u30c9\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u8106\u5f31\u6027<\/figcaption><\/figure>\n<p><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-25134\">CVE-2022-25134<\/a><\/p>\n<p>TOTOLINK Technology\u306e\u30eb\u30fc\u30bf\u306e\u6a5f\u80fd<span style=\"font-family: 'courier new', courier, monospace;\">setUpgradeFW<\/span>\u306b\u306f\u30b3\u30de\u30f3\u30c9\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u8106\u5f31\u6027\u304c\u3042\u308a\u3001\u653b\u6483\u8005\u306b\u4efb\u610f\u306e\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3055\u308c\u308b\u304a\u305d\u308c\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<figure id=\"attachment_124588\" aria-describedby=\"caption-attachment-124588\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-124589 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2022\/08\/word-image-68.png\" alt=\"TOTOLINK\u306e\u30b3\u30de\u30f3\u30c9\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u8106\u5f31\u6027(CVE-2022-25134)\u3092\u8aac\u660e\u3059\u308b\u30b9\u30cb\u30da\u30c3\u30c8\" width=\"900\" height=\"138\" \/><figcaption id=\"caption-attachment-124588\" class=\"wp-caption-text\">\u56f316. TOTOLINK\u306e\u30b3\u30de\u30f3\u30c9\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u8106\u5f31\u6027<\/figcaption><\/figure>\n<p><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-4045\">CVE-2021-4045<\/a><\/p>\n<p>TP-Link Tapo C200 IP \u30ab\u30e1\u30e9\u306f\u3001\u672a\u8a8d\u8a3c\u306e\u30ea\u30e2\u30fc\u30c8\u30b3\u30fc\u30c9\u5b9f\u884c\u306e\u8106\u5f31\u6027\u306b\u5f71\u97ff\u3092\u53d7\u3051\u308b\u304a\u305d\u308c\u304c\u3042\u308a\u307e\u3059\u3002\u3053\u306e\u8106\u5f31\u6027\u306f\u3001\u30c7\u30d5\u30a9\u30eb\u30c8\u3067root\u6a29\u9650\u3067\u5b9f\u884c\u3055\u308c\u3066\u3044\u308b<span style=\"font-family: 'courier new', courier, monospace;\">uhttpd<\/span>\u30d0\u30a4\u30ca\u30ea\u306b\u5b58\u5728\u3057\u307e\u3059\u3002\u3053\u306e\u8106\u5f31\u6027\u3092\u60aa\u7528\u3057\u305f\u653b\u6483\u8005\u306f\u30ab\u30e1\u30e9\u3092\u5b8c\u5168\u306b\u81ea\u8eab\u306e\u5236\u5fa1\u4e0b\u306b\u304a\u304f\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002<\/p>\n<figure id=\"attachment_124590\" aria-describedby=\"caption-attachment-124590\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-124591 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2022\/08\/word-image-69.png\" alt=\"TP-Link Tapo C200\u306e\u30ea\u30e2\u30fc\u30c8\u30b3\u30fc\u30c9\u5b9f\u884c\u306e\u8106\u5f31\u6027(CVE-2021-4045)\u3092\u8aac\u660e\u3059\u308b\u30b9\u30cb\u30da\u30c3\u30c8\" width=\"900\" height=\"94\" \/><figcaption id=\"caption-attachment-124590\" class=\"wp-caption-text\">\u56f317 TP-Link Tapo C200\u306e\u30ea\u30e2\u30fc\u30c8\u30b3\u30fc\u30c9\u5b9f\u884c\u306e\u8106\u5f31\u6027<\/figcaption><\/figure>\n<p><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-24260\">CVE-2022-24260<\/a><\/p>\n<p>VoIPmonitor GUI\u306b\u306fSQL\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u8106\u5f31\u6027\u304c\u3042\u308a\u3001\u653b\u6483\u8005\u304cAdministrator\u30ec\u30d9\u30eb\u306b\u7279\u6a29\u3092\u6607\u683c\u3067\u304d\u307e\u3059\u3002<\/p>\n<figure id=\"attachment_124592\" aria-describedby=\"caption-attachment-124592\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-124593 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2022\/08\/word-image-70.png\" alt=\"VoIPmonitor GUI\u306eSQL\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u8106\u5f31\u6027(CVE-2022-24260)\u3092\u8aac\u660e\u3059\u308b\u30b9\u30cb\u30da\u30c3\u30c8\" width=\"900\" height=\"204\" \/><figcaption id=\"caption-attachment-124592\" class=\"wp-caption-text\">\u56f318. VoIPmonitor GUI\u306bSQL\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u8106\u5f31\u6027<\/figcaption><\/figure>\n<p><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-21881\">CVE-2021-21881<\/a><\/p>\n<p>Lantronix PremierWave\u306eWeb Manager Wireless Network Scanner\u6a5f\u80fd\u306b\u306f\u3001OS\u30b3\u30de\u30f3\u30c9\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u8106\u5f31\u6027\u304c\u5b58\u5728\u3057\u307e\u3059\u3002\u7279\u5225\u306b\u7d30\u5de5\u3055\u308c\u305fHTTP\u30ea\u30af\u30a8\u30b9\u30c8\u3067\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3055\u308c\u308b\u304a\u305d\u308c\u304c\u3042\u308a\u307e\u3059\u3002\u653b\u6483\u8005\u306f\u8a8d\u8a3c\u6e08\u307fHTTP\u30ea\u30af\u30a8\u30b9\u30c8\u3092\u884c\u3046\u3053\u3068\u3067\u3053\u306e\u8106\u5f31\u6027\u3092\u30c8\u30ea\u30ac\u30fc\u3067\u304d\u307e\u3059\u3002<\/p>\n<figure id=\"attachment_124594\" aria-describedby=\"caption-attachment-124594\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-124595 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2022\/08\/word-image-71.png\" alt=\"Lantronix PremierWave 2050\u306e\u30b3\u30de\u30f3\u30c9\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u8106\u5f31\u6027(CVE-2021-21881)\u3092\u8aac\u660e\u3059\u308b\u30b9\u30cb\u30da\u30c3\u30c8\" width=\"900\" height=\"183\" \/><figcaption id=\"caption-attachment-124594\" class=\"wp-caption-text\">\u56f319 Lantronix PremierWave 2050\u306e\u30b3\u30de\u30f3\u30c9\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u8106\u5f31\u6027<\/figcaption><\/figure>\n<p><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-21371\">CVE-2022-21371<\/a><\/p>\n<p>Oracle WebLogic Server\u306b\u306f\u5bb9\u6613\u306b\u60aa\u7528\u53ef\u80fd\u306a\u8106\u5f31\u6027\u304c\u5b58\u5728\u3057\u307e\u3059\u3002\u3053\u308c\u306b\u3088\u308a\u3001HTTP\u7d4c\u7531\u3067\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u306b\u30a2\u30af\u30bb\u30b9\u3067\u304d\u308b\u672a\u8a8d\u8a3c\u306e\u653b\u6483\u8005\u304cOracle WebLogic Server\u3092\u4fb5\u5bb3\u53ef\u80fd\u3067\u3059\u3002<\/p>\n<figure id=\"attachment_124596\" aria-describedby=\"caption-attachment-124596\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-124597 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2022\/08\/word-image-72.png\" alt=\"Oracle Weblogic Server\u306e\u30ed\u30fc\u30ab\u30eb \u30d5\u30a1\u30a4\u30eb \u30a4\u30f3\u30af\u30eb\u30fc\u30b8\u30e7\u30f3\u306e\u8106\u5f31\u6027(CVE-2022-21371)\u3092\u8aac\u660e\u3059\u308b\u30b9\u30cb\u30da\u30c3\u30c8\" width=\"900\" height=\"276\" \/><figcaption id=\"caption-attachment-124596\" class=\"wp-caption-text\">\u56f320 Oracle Weblogic Server\u306e\u30ed\u30fc\u30ab\u30eb \u30d5\u30a1\u30a4\u30eb \u30a4\u30f3\u30af\u30eb\u30fc\u30b8\u30e7\u30f3\u306e\u8106\u5f31\u6027<\/figcaption><\/figure>\n<p><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-27226\">CVE-2022-27226<\/a><\/p>\n<p>iRZ Mobile Router\u306e<span style=\"font-family: 'courier new', courier, monospace;\">\/api\/crontab<\/span>\u306b\u306f\u30af\u30ed\u30b9\u30b5\u30a4\u30c8\u30ea\u30af\u30a8\u30b9\u30c8\u30d5\u30a9\u30fc\u30b8\u30a7\u30ea(CSRF)\u306e\u8106\u5f31\u6027\u304c\u3042\u308a\u307e\u3059\u3002\u3053\u308c\u3092\u60aa\u7528\u3059\u308b\u3068\u8105\u5a01\u30a2\u30af\u30bf\u30fc\u304c\u30eb\u30fc\u30bf\u30fc\u306e\u7ba1\u7406\u30d1\u30cd\u30eb\u306bcrontab\u30a8\u30f3\u30c8\u30ea\u3092\u4f5c\u6210\u3067\u304d\u307e\u3059\u3002cronjob\u306f\u8105\u5a01\u30a2\u30af\u30bf\u30fc\u306e\u5b9a\u7fa9\u3057\u305f\u9593\u9694\u3067\u5f53\u8a72\u30a8\u30f3\u30c8\u30ea\u3092\u5b9f\u884c\u3057\u3001\u3053\u308c\u304c\u30ea\u30e2\u30fc\u30c8\u30b3\u30fc\u30c9\u5b9f\u884c\u3092\u30c8\u30ea\u30ac\u30fc\u3057\u3066\u3001\u8105\u5a01\u30a2\u30af\u30bf\u30fc\u304c\u30d5\u30a1\u30a4\u30eb\u30b7\u30b9\u30c6\u30e0\u306b\u30a2\u30af\u30bb\u30b9\u3067\u304d\u308b\u3088\u3046\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n<figure id=\"attachment_124598\" aria-describedby=\"caption-attachment-124598\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-124599 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2022\/08\/word-image-73.png\" alt=\"iRZ Mobile Router\u306e\u30af\u30ed\u30b9\u30b5\u30a4\u30c8\u30ea\u30af\u30a8\u30b9\u30c8\u30d5\u30a9\u30fc\u30b8\u30a7\u30ea(CSRF)\u306e\u8106\u5f31\u6027(CVE-2022-27226)\u3092\u8aac\u660e\u3059\u308b\u30b9\u30cb\u30da\u30c3\u30c8\" width=\"900\" height=\"116\" \/><figcaption id=\"caption-attachment-124598\" class=\"wp-caption-text\">\u56f321. iRZ Mobile Router\u306e\u30af\u30ed\u30b9\u30b5\u30a4\u30c8\u30ea\u30af\u30a8\u30b9\u30c8\u30d5\u30a9\u30fc\u30b8\u30a7\u30ea\u306e\u8106\u5f31\u6027<\/figcaption><\/figure>\n<p><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-29464\">CVE-2022-29464<\/a><\/p>\n<p>\u7279\u5b9a\u306eWSO2\u88fd\u54c1\u306b\u306f\u7121\u5236\u9650\u306b\u30d5\u30a1\u30a4\u30eb\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u3092\u8a31\u53ef\u3059\u308b\u3068\u3044\u3046\u554f\u984c\u304c\u3042\u308a\u3001\u3053\u308c\u304c\u30ea\u30e2\u30fc\u30c8\u30b3\u30de\u30f3\u30c9\u5b9f\u884c\u306e\u8106\u5f31\u6027\u306b\u3064\u306a\u304c\u308a\u307e\u3059\u3002\u653b\u6483\u8005\u306f<span style=\"font-family: 'courier new', courier, monospace;\">Content-Disposition<\/span>\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u30c8\u30e9\u30d0\u30fc\u30b5\u30eb\u30b7\u30fc\u30b1\u30f3\u30b9\u306b<span style=\"font-family: 'courier new', courier, monospace;\">\/fileupload<\/span>\u30a8\u30f3\u30c9\u30dd\u30a4\u30f3\u30c8\u3092\u4f7f\u3044\u3001web\u30eb\u30fc\u30c8\u4e0b\u306e\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u3001\u305f\u3068\u3048\u3070<span style=\"font-family: 'courier new', courier, monospace;\">..\/..\/..\/..\/repository\/deployment\/server\/webapps<\/span>\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u306b\u5230\u9054\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<figure id=\"attachment_124600\" aria-describedby=\"caption-attachment-124600\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-124601 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2022\/08\/word-image-74.png\" alt=\"WSO2\u88fd\u54c1\u306e\u4efb\u610f\u306e\u30d5\u30a1\u30a4\u30eb\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u306e\u8106\u5f31\u6027(CVE-2022-29464)\u3092\u8aac\u660e\u3059\u308b\u30b9\u30cb\u30da\u30c3\u30c8\" width=\"900\" height=\"441\" \/><figcaption id=\"caption-attachment-124600\" class=\"wp-caption-text\">\u56f322. WSO2\u88fd\u54c1\u306e\u4efb\u610f\u306e\u30d5\u30a1\u30a4\u30eb\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u306e\u8106\u5f31\u6027<\/figcaption><\/figure>\n<p>\u305d\u306e\u307b\u304b\u306e\u4eca\u671f\u30a2\u30af\u30c6\u30a3\u30d6\u306aCVE:<\/p>\n<ul>\n<li><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-20167\">CVE-2021-20167<\/a>\u3001<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-20166\">CVE-2021-20166<\/a>: Netgear RAX43\u306b\u304a\u3051\u308b\u30b3\u30de\u30f3\u30c9\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u8106\u5f31\u6027<\/li>\n<li><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-39226\">CVE-2021-39226<\/a>: Grafana Labs Grafana Snapshot\u306b\u304a\u3051\u308b\u8a8d\u8a3c\u30d0\u30a4\u30d1\u30b9\u306e\u8106\u5f31\u6027<\/li>\n<li><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-28169\">CVE-2021-28169<\/a>: Eclipse Jetty\u306b\u304a\u3051\u308b\u60c5\u5831\u6f0f\u3048\u3044\u306e\u8106\u5f31\u6027<\/li>\n<li><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-31589\">CVE-2021-31589<\/a>: BeyondTrust\u306b\u304a\u3051\u308b\u30ea\u30e2\u30fc\u30c8\u30b5\u30dd\u30fc\u30c8 \u30af\u30ed\u30b9\u30b5\u30a4\u30c8\u30b9\u30af\u30ea\u30d7\u30c6\u30a3\u30f3\u30b0\u306e\u8106\u5f31\u6027<\/li>\n<\/ul>\n<h3><a id=\"post-124620-_7iu4f7lirct4\"><\/a>\u653b\u6483\u30ab\u30c6\u30b4\u30ea\u306e\u5206\u5e03<\/h3>\n<p>\u5404\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u653b\u6483\u3092\u30ab\u30c6\u30b4\u30ea\u5225\u306b\u5206\u985e\u3057\u3001\u60aa\u7528\u983b\u5ea6\u304c\u9ad8\u3044\u3082\u306e\u304b\u3089\u9806\u306b\u30e9\u30f3\u30ad\u30f3\u30b0\u3057\u307e\u3057\u305f\u3002\u4eca\u56de\u5bfe\u8c61\u3068\u3057\u305f\u671f\u9593\u3067\u306f\u3001\u30ea\u30e2\u30fc\u30c8\u30b3\u30fc\u30c9\u5b9f\u884c(RCE)\u304c1\u4f4d\u3001\u30c8\u30e9\u30d0\u30fc\u30b5\u30eb\u653b\u6483\u304c2\u4f4d\u3068\u306a\u3063\u3066\u3044\u307e\u3059\u3002\u653b\u6483\u8005\u306f\u4e00\u822c\u306b\u3001\u6a19\u7684\u306e\u30b7\u30b9\u30c6\u30e0\u304b\u3089\u6700\u5927\u9650\u60c5\u5831\u3092\u5f97\u3066\u3001\u53ef\u80fd\u306a\u9650\u308a\u30b3\u30f3\u30c8\u30ed\u30fc\u30eb\u3057\u305f\u3044\u3068\u8003\u3048\u3066\u3044\u307e\u3059\u3002\u60c5\u5831\u6f0f\u3048\u3044\u653b\u6483\u306f\u4eca\u56db\u534a\u671f\u306f\u6e1b\u5c11\u3057\u3066\u3044\u307e\u3057\u305f\u3002<\/p>\n<figure id=\"attachment_124602\" aria-describedby=\"caption-attachment-124602\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-124603 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2022\/08\/chart-18-ja.png\" alt=\"\u3053\u3053\u3067\u306f\u8d64\u304c\u300c\u7dca\u6025\u300d\u3001\u9ec4\u304c\u300c\u9ad8\u300d\u3001\u9752\u304c\u300c\u4e2d\u300d\u3092\u8868\u3057\u3066\u3044\u307e\u3059\u3002\u653b\u6483\u30ab\u30c6\u30b4\u30ea(\u60aa\u7528\u983b\u5ea6\u304c\u9ad8\u3044\u3082\u306e\u304b\u3089\u9806\u306b): \u30ea\u30e2\u30fc\u30c8\u30b3\u30fc\u30c9\u5b9f\u884c\u3001\u30c8\u30e9\u30d0\u30fc\u30b5\u30eb\u3001\u60c5\u5831\u6f0f\u3048\u3044\u3001\u30af\u30ed\u30b9\u30b5\u30a4\u30c8\u30b9\u30af\u30ea\u30d7\u30c6\u30a3\u30f3\u30b0(XSS)\u3001SQL\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u3001\u30e1\u30e2\u30ea\u7834\u640d\u3001\u4e0d\u9069\u5207\u306a\u8a8d\u8a3c\u3001\u30b3\u30de\u30f3\u30c9\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u3001\u30d0\u30c3\u30d5\u30a1\u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc\u3001\u7279\u6a29\u6607\u683c\u3002 \" width=\"900\" height=\"411\" \/><figcaption id=\"caption-attachment-124602\" class=\"wp-caption-text\">\u56f323. 2022\u5e742\u6708\uff5e4\u6708\u306e\u653b\u6483\u30ab\u30c6\u30b4\u30ea\u5206\u5e03<\/figcaption><\/figure>\n<h3><a id=\"post-124620-_are6is6g7zms\"><\/a>\u653b\u6483\u306e\u8d77\u70b9<\/h3>\n<p>\u5404\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u653b\u6483\u306e\u8d77\u70b9\u3068\u306a\u3063\u305f\u5730\u57df\u3092\u7279\u5b9a\u3057\u305f\u3068\u3053\u308d\u3001\u7c73\u56fd\u304b\u3089\u306e\u767a\u4fe1\u304c\u5927\u534a\u3067\u3001\u6b21\u3044\u3067\u30c9\u30a4\u30c4\u3001\u30ed\u30b7\u30a2\u3068\u306a\u3063\u3066\u3044\u308b\u3088\u3046\u3067\u3059\u3002\u305f\u3060\u3057\u653b\u6483\u8005\u306f\u305d\u308c\u3089\u306e\u56fd\u306b\u8a2d\u7f6e\u3055\u308c\u305f\u30d7\u30ed\u30ad\u30b7\u30b5\u30fc\u30d0\u30fc\u3084VPN\u3092\u5229\u7528\u3057\u3001\u5b9f\u969b\u306e\u7269\u7406\u7684\u306a\u5834\u6240\u3092\u96a0\u3057\u3066\u3044\u308b\u53ef\u80fd\u6027\u304c\u3042\u308b\u3053\u3068\u3082\u79c1\u305f\u3061\u306f\u8a8d\u8b58\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n<figure id=\"attachment_124604\" aria-describedby=\"caption-attachment-124604\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-124605 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2022\/08\/chart-19-ja.png\" alt=\"2022\u5e742\u6708\uff5e4\u6708\u306b\u89b3\u6e2c\u3055\u308c\u305f\u653b\u6483\u8d77\u70b9\u3092\u983b\u5ea6\u9806\u306b\u30e9\u30f3\u30ad\u30f3\u30b0\u3057\u305f\u3082\u306e\u7c73\u56fd74.1%\u3001\u30c9\u30a4\u30c44.2%\u3001\u30ed\u30b7\u30a22.8%\u3001\u30a2\u30a4\u30eb\u30e9\u30f3\u30c91.6%\u3001\u30aa\u30e9\u30f3\u30c01.5%\u3001\u30d5\u30e9\u30f3\u30b91.4%\u3001\u4e2d\u56fd1.3%\u3001\u30ab\u30ca\u30c01.1%\u3001\u305d\u306e\u4ed611.1%\" width=\"900\" height=\"557\" \/><figcaption id=\"caption-attachment-124604\" class=\"wp-caption-text\">\u56f324. 2022\u5e742\u6708\uff5e4\u6708\u306b\u89b3\u6e2c\u3055\u308c\u305f\u653b\u6483\u8d77\u70b9\u3092\u983b\u5ea6\u9806\u306b\u30e9\u30f3\u30ad\u30f3\u30b0\u3057\u305f\u3082\u306e<\/figcaption><\/figure>\n<figure id=\"attachment_124606\" aria-describedby=\"caption-attachment-124606\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-124607 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2022\/08\/chart-20.png\" alt=\"\u653b\u6483\u8d77\u70b9\u3068\u60f3\u5b9a\u3055\u308c\u308b\u5834\u6240\u3092\u793a\u3059\u30d2\u30fc\u30c8\u30de\u30c3\u30d7\u7c73\u56fd\u304c\u6700\u3082\u8d64\u304c\u6fc3\u304f\u3001\u6b21\u3044\u3067\u30c9\u30a4\u30c4\u3001\u30ed\u30b7\u30a2\u3068\u306a\u3063\u3066\u3044\u307e\u3059\u3002\" width=\"900\" height=\"556\" \/><figcaption id=\"caption-attachment-124606\" class=\"wp-caption-text\">\u56f325. 2022\u5e742\u6708\uff5e4\u6708\u306e\u653b\u6483\u8d77\u70b9\u306e\u30b8\u30aa\u30ed\u30b1\u30fc\u30b7\u30e7\u30f3\u5206\u5e03<\/figcaption><\/figure>\n<h2><a id=\"post-124620-_2an8ryq91inv\"><\/a><strong>\u7d50\u8ad6<\/strong><\/h2>\n<p>2022\u5e742\u6708\uff5e4\u6708\u306b\u516c\u958b\u3055\u308c\u305f\u8106\u5f31\u6027\u3092\u78ba\u8a8d\u3059\u308b\u3068\u3001Web\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306f\u4f9d\u7136\u3068\u3057\u3066\u4eba\u6c17\u306e\u3042\u308b\u653b\u6483\u5bfe\u8c61\u3067\u3001\u300c\u7dca\u6025\u300d\u306e\u8106\u5f31\u6027\u306b\u306fPoC\u304c\u516c\u958b\u3055\u308c\u3066\u3044\u308b\u53ef\u80fd\u6027\u304c\u9ad8\u3044\u3053\u3068\u304c\u308f\u304b\u308a\u307e\u3059\u3002\u305d\u308c\u3068\u540c\u6642\u306b\u3001\u65b0\u305f\u306b\u516c\u958b\u3055\u308c\u308b\u8106\u5f31\u6027\u304c\u5b9f\u969b\u306b\u60aa\u7528\u3055\u308c\u3066\u3044\u308b\u69d8\u5b50\u3082\u7d99\u7d9a\u7684\u306b\u6355\u6349\u3055\u308c\u3066\u3044\u307e\u3059\u3002\u3053\u306e\u3053\u3068\u304b\u3089\u3082\u3001\u7d44\u7e54\u304c\u8fc5\u901f\u306b\u30d1\u30c3\u30c1\u3092\u9069\u7528\u3057\u3066\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u306e\u30d9\u30b9\u30c8\u30d7\u30e9\u30af\u30c6\u30a3\u30b9\u3092\u5b9f\u88c5\u3059\u308b\u5fc5\u8981\u6027\u304c\u5f37\u8abf\u3055\u308c\u307e\u3059\u3002\u653b\u6483\u8005\u305f\u3061\u306f\u4e00\u81f4\u56e3\u7d50\u3057\u3001\u3059\u304d\u3042\u3089\u3070\u624b\u6301\u3061\u5175\u5668\u3092\u5897\u5f37\u3059\u308b\u6a5f\u4f1a\u3092\u4f3a\u3063\u3066\u3044\u308b\u3053\u3068\u3092\u5fd8\u308c\u3066\u306f\u3044\u3051\u307e\u305b\u3093\u3002<\/p>\n<p>\u30b5\u30a4\u30d0\u30fc\u72af\u7f6a\u8005\u304c\u60aa\u610f\u306e\u3042\u308b\u6d3b\u52d5\u3092\u505c\u6b62\u3059\u308b\u3053\u3068\u306f\u6c7a\u3057\u3066\u3042\u308a\u307e\u305b\u3093\u304c\u3001\u30d1\u30ed\u30a2\u30eb\u30c8\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u306e\u304a\u5ba2\u69d8\u306f\u3001<a href=\"https:\/\/www.paloaltonetworks.jp\/network-security\/next-generation-firewall\">\u6b21\u4e16\u4ee3\u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb<\/a>\u3084<a href=\"https:\/\/www.paloaltonetworks.jp\/products\/secure-the-network\/subscriptions\/threat-prevention\">\u8105\u5a01\u9632\u5fa1<\/a>\u3001<a href=\"https:\/\/www.paloaltonetworks.jp\/products\/secure-the-network\/wildfire\">WildFire<\/a>\u3001<a href=\"https:\/\/www.paloaltonetworks.jp\/network-security\/advanced-url-filtering\">Advanced URL Filtering<\/a>\u306a\u3069\u306e<a href=\"https:\/\/www.paloaltonetworks.jp\/network-security\/security-subscriptions\">\u30af\u30e9\u30a6\u30c9\u578b\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30b5\u30fc\u30d3\u30b9<\/a>\u3001\u304a\u3088\u3073<a href=\"https:\/\/www.paloaltonetworks.jp\/cortex\/cortex-xdr\">Cortex XDR<\/a>\u3092\u901a\u3058\u3066\u3001\u672c\u7a3f\u3067\u53d6\u308a\u4e0a\u3052\u305f\u8106\u5f31\u6027\u304b\u3089\u306e\u4fdd\u8b77\u3092\u53d7\u3051\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>\u81ea\u7d44\u7e54\u306e\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u306b\u5bfe\u3059\u308b\u30ea\u30b9\u30af\u3092\u3055\u3089\u306b\u7de9\u548c\u3059\u308b\u305f\u3081\u3001\u4ee5\u4e0b\u3092\u691c\u8a0e\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n<ul>\n<li><a href=\"https:\/\/www.paloaltonetworks.jp\/services\/bpa\">Best Practice Assessment (\u30d9\u30b9\u30c8\u30d7\u30e9\u30af\u30c6\u30a3\u30b9\u8a55\u4fa1) <\/a>\u3092\u5b9f\u884c\u3057\u3001\u3088\u308a\u3088\u3044\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u614b\u52e2\u306e\u305f\u3081\u306b\u5909\u66f4\u3059\u3079\u304d\u8a2d\u5b9a\u304c\u306a\u3044\u304b\u3069\u3046\u304b\u78ba\u8a8d\u3057\u307e\u3059\u3002<\/li>\n<li><a href=\"https:\/\/docs.paloaltonetworks.com\/cortex\/security-lifecycle-review\/security-lifecycle-review-getting-started\">Security Lifecycle Review(\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30e9\u30a4\u30d5\u30b5\u30a4\u30af\u30eb\u8a55\u4fa1)<\/a>\u3092\u5b9f\u884c\u3057\u3066\u3001\u81ea\u7d44\u7e54\u306b\u3068\u3063\u3066\u6700\u5927\u306e\u8105\u5a01\u3092\u7d71\u5408\u7684\u306b\u628a\u63e1\u3057\u3001\u305d\u308c\u3089\u3092\u9632\u6b62\u3059\u308b\u305f\u3081\u306e\u5bfe\u7b56\u304c\u8b1b\u3058\u3089\u308c\u3066\u3044\u308b\u304b\u3069\u3046\u304b\u3092\u78ba\u8a8d\u3057\u307e\u3059\u3002<\/li>\n<li>\u30d1\u30ed\u30a2\u30eb\u30c8\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u306e\u6b21\u4e16\u4ee3\u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb\u3092\u7d99\u7d9a\u7684\u306b<a href=\"https:\/\/www.paloaltonetworks.jp\/products\/secure-the-network\/subscriptions\/threat-prevention\">\u8105\u5a01\u9632\u5fa1<\/a>\u30b3\u30f3\u30c6\u30f3\u30c4(\u4f8b: \u30d0\u30fc\u30b8\u30e7\u30f38607\u307e\u305f\u306f\u305d\u308c\u4ee5\u964d) \u3067\u66f4\u65b0\u3057\u307e\u3059\u3002<\/li>\n<\/ul>\n<h2><a id=\"post-124620-_570cbe1pdhwx\"><\/a><strong>\u8ffd\u52a0\u30ea\u30bd\u30fc\u30b9<\/strong><\/h2>\n<ul>\n<li><a href=\"https:\/\/unit42.paloaltonetworks.jp\/network-threat-trends-research-report\/\">\u30d1\u30c3\u30c1\u306e\u9069\u7528\u304c\u63a8\u5968\u3055\u308c\u308b\u4e0a\u4f4dCVE: \u300cUnit 42 \u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u8105\u5a01\u52d5\u5411\u8abf\u67fb\u30ec\u30dd\u30fc\u30c82022\u5e74\u7248\u300d\u304b\u3089\u306e\u6d1e\u5bdf<\/a><\/li>\n<li><a href=\"https:\/\/unit42.paloaltonetworks.jp\/network-security-trends-cross-site-scripting\/\">\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u52d5\u5411: 2021\u5e7411\u6708\u301c2022\u5e741\u6708<\/a><\/li>\n<li><a href=\"https:\/\/unit42.paloaltonetworks.jp\/network-attacks-trends-august-october-2021\/\">\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u52d5\u5411: 2021\u5e748\u6708\uff5e10\u6708<\/a><\/li>\n<li><a href=\"https:\/\/unit42.paloaltonetworks.jp\/network-security-trends\/\">\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u52d5\u5411: 2021\u5e745\u6708\uff5e7\u6708<\/a><\/li>\n<li><a href=\"https:\/\/unit42.paloaltonetworks.jp\/network-attack-trends-february-april-2021\/\">\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u653b\u6483\u52d5\u5411: 2021\u5e742\u6708\u301c4\u6708<\/a><\/li>\n<\/ul>\n<p><em>2022-09-07 10:00 JST \u82f1\u8a9e\u7248\u66f4\u65b0\u65e5 2022-09-02 12:30 PDT \u306e\u5185\u5bb9\u3092\u53cd\u6620\u3002\u8aa4\u3063\u3066\u63b2\u8f09\u3055\u308c\u3066\u3044\u305fCVE (CVE-2021-38406\u3001CVE-2022-23253)\u3092\u524a\u9664\u3057\u307e\u3057\u305f\u3002<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u6982\u8981 \u6700\u8fd1\u306e\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u5229\u7528\u52d5\u5411\u3092\u89b3\u6e2c\u3057\u305f\u7d50\u679c\u3001\u3055\u307e\u3056\u307e\u306a\u8106\u5f31\u6027\u306e\u306a\u304b\u3067\u3082VMware ONE Access\u3001Identity Manager\u3001Spring Cloud Function\u3001Spring MVC\u3001Spri<\/p>\n","protected":false},"author":332,"featured_media":134416,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[4469,4430,4470],"tags":[5157,5473,5475,5477,5479,5481,5483,5485,5487,5489,5491,5493,5495,5497,5499,5501,5503,5505,5507,5509,5511,5513,5515,5516,5179,5181],"product_categories":[4346,4442,4443,4444,4446,4448,4456],"coauthors":[1725],"class_list":["post-124620","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-vulnerabilities","category-trend-reports-ja","category-vulnerabilities-ja","tag-attack-analysis-ja","tag-cve-2021-20166-ja","tag-cve-2021-20167-ja","tag-cve-2021-21881-ja","tag-cve-2021-24762-ja","tag-cve-2021-28169-ja","tag-cve-2021-31589-ja","tag-cve-2021-39226-ja","tag-cve-2021-4045-ja","tag-cve-2021-43711-ja","tag-cve-2022-21371-ja","tag-cve-2022-21662-ja","tag-cve-2022-22536-ja","tag-cve-2022-22947-ja","tag-cve-2022-22954-ja","tag-cve-2022-22963-ja","tag-cve-2022-22965-ja","tag-cve-2022-24112-ja","tag-cve-2022-24260-ja","tag-cve-2022-25060-ja","tag-cve-2022-25075-ja","tag-cve-2022-25134-ja","tag-cve-2022-27226-ja","tag-cve-2022-29464","tag-exploit-in-the-wild-ja","tag-network-security-trends-ja","product_categories-advanced-threat-prevention","product_categories-advanced-threat-prevention-ja","product_categories-advanced-url-filtering-ja","product_categories-advanced-wildfire-ja","product_categories-cloud-delivered-security-services-ja","product_categories-cortex-xdr-ja","product_categories-next-generation-firewall-ja"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.0 (Yoast SEO v27.0) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u52d5\u5411: 2022\u5e742\u6708\u301c4\u6708 \u5b9f\u969b\u306e\u60aa\u7528\u304c\u89b3\u6e2c\u3055\u308c\u305f\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u306f\u30ea\u30e2\u30fc\u30c8\u30b3\u30fc\u30c9\u5b9f\u884c\u3084\u30af\u30ed\u30b9\u30b5\u30a4\u30c8\u30b9\u30af\u30ea\u30d7\u30c6\u30a3\u30f3\u30b0\u306a\u3069<\/title>\n<meta name=\"description\" content=\"2022\u5e742\u6708\u304b\u30894\u6708\u306e\u56db\u534a\u671f\u306bUnit 42\u304c\u89b3\u6e2c\u3057\u305f\u60aa\u7528\u983b\u5ea6\u306e\u9ad8\u3044\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u3001\u3088\u304f\u4f7f\u308f\u308c\u3066\u3044\u308b\u30c6\u30af\u30cb\u30c3\u30af\u3084\u8106\u5f31\u6027\u306e\u7a2e\u985e\u3001\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u653b\u6483\u306e\u50be\u5411\u3092\u307e\u3068\u3081\u307e\u3057\u305f\u3002\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/unit42.paloaltonetworks.com\/ja\/recent-exploits-network-security-trends\/\" \/>\n<meta property=\"og:locale\" content=\"ja_JP\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u52d5\u5411: 2022\u5e742\u6708\u301c4\u6708 \u5b9f\u969b\u306e\u60aa\u7528\u304c\u89b3\u6e2c\u3055\u308c\u305f\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u306f\u30ea\u30e2\u30fc\u30c8\u30b3\u30fc\u30c9\u5b9f\u884c\u3084\u30af\u30ed\u30b9\u30b5\u30a4\u30c8\u30b9\u30af\u30ea\u30d7\u30c6\u30a3\u30f3\u30b0\u306a\u3069\" \/>\n<meta property=\"og:description\" content=\"2022\u5e742\u6708\u304b\u30894\u6708\u306e\u56db\u534a\u671f\u306bUnit 42\u304c\u89b3\u6e2c\u3057\u305f\u60aa\u7528\u983b\u5ea6\u306e\u9ad8\u3044\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u3001\u3088\u304f\u4f7f\u308f\u308c\u3066\u3044\u308b\u30c6\u30af\u30cb\u30c3\u30af\u3084\u8106\u5f31\u6027\u306e\u7a2e\u985e\u3001\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u653b\u6483\u306e\u50be\u5411\u3092\u307e\u3068\u3081\u307e\u3057\u305f\u3002\" \/>\n<meta property=\"og:url\" content=\"https:\/\/unit42.paloaltonetworks.com\/ja\/recent-exploits-network-security-trends\/\" \/>\n<meta property=\"og:site_name\" content=\"Unit 42\" \/>\n<meta property=\"article:published_time\" content=\"2022-08-22T06:32:58+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-09-07T01:12:22+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2024\/06\/05_Vulnerabilities_1920x900.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1920\" \/>\n\t<meta property=\"og:image:height\" content=\"900\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Yue Guan\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u52d5\u5411: 2022\u5e742\u6708\u301c4\u6708 \u5b9f\u969b\u306e\u60aa\u7528\u304c\u89b3\u6e2c\u3055\u308c\u305f\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u306f\u30ea\u30e2\u30fc\u30c8\u30b3\u30fc\u30c9\u5b9f\u884c\u3084\u30af\u30ed\u30b9\u30b5\u30a4\u30c8\u30b9\u30af\u30ea\u30d7\u30c6\u30a3\u30f3\u30b0\u306a\u3069","description":"2022\u5e742\u6708\u304b\u30894\u6708\u306e\u56db\u534a\u671f\u306bUnit 42\u304c\u89b3\u6e2c\u3057\u305f\u60aa\u7528\u983b\u5ea6\u306e\u9ad8\u3044\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u3001\u3088\u304f\u4f7f\u308f\u308c\u3066\u3044\u308b\u30c6\u30af\u30cb\u30c3\u30af\u3084\u8106\u5f31\u6027\u306e\u7a2e\u985e\u3001\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u653b\u6483\u306e\u50be\u5411\u3092\u307e\u3068\u3081\u307e\u3057\u305f\u3002","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/unit42.paloaltonetworks.com\/ja\/recent-exploits-network-security-trends\/","og_locale":"ja_JP","og_type":"article","og_title":"\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u52d5\u5411: 2022\u5e742\u6708\u301c4\u6708 \u5b9f\u969b\u306e\u60aa\u7528\u304c\u89b3\u6e2c\u3055\u308c\u305f\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u306f\u30ea\u30e2\u30fc\u30c8\u30b3\u30fc\u30c9\u5b9f\u884c\u3084\u30af\u30ed\u30b9\u30b5\u30a4\u30c8\u30b9\u30af\u30ea\u30d7\u30c6\u30a3\u30f3\u30b0\u306a\u3069","og_description":"2022\u5e742\u6708\u304b\u30894\u6708\u306e\u56db\u534a\u671f\u306bUnit 42\u304c\u89b3\u6e2c\u3057\u305f\u60aa\u7528\u983b\u5ea6\u306e\u9ad8\u3044\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u3001\u3088\u304f\u4f7f\u308f\u308c\u3066\u3044\u308b\u30c6\u30af\u30cb\u30c3\u30af\u3084\u8106\u5f31\u6027\u306e\u7a2e\u985e\u3001\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u653b\u6483\u306e\u50be\u5411\u3092\u307e\u3068\u3081\u307e\u3057\u305f\u3002","og_url":"https:\/\/unit42.paloaltonetworks.com\/ja\/recent-exploits-network-security-trends\/","og_site_name":"Unit 42","article_published_time":"2022-08-22T06:32:58+00:00","article_modified_time":"2022-09-07T01:12:22+00:00","og_image":[{"width":1920,"height":900,"url":"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2024\/06\/05_Vulnerabilities_1920x900.jpg","type":"image\/jpeg"}],"author":"Yue Guan","twitter_card":"summary_large_image","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/recent-exploits-network-security-trends\/#article","isPartOf":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/recent-exploits-network-security-trends\/"},"author":{"name":"Yue Guan","@id":"https:\/\/unit42.paloaltonetworks.com\/#\/schema\/person\/c4ea1ea434f2bb940596f13000471495"},"headline":"\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u52d5\u5411: 2022\u5e742\u6708\u301c4\u6708 \u5b9f\u969b\u306e\u60aa\u7528\u304c\u89b3\u6e2c\u3055\u308c\u305f\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u306f\u30ea\u30e2\u30fc\u30c8\u30b3\u30fc\u30c9\u5b9f\u884c\u3084\u30af\u30ed\u30b9\u30b5\u30a4\u30c8\u30b9\u30af\u30ea\u30d7\u30c6\u30a3\u30f3\u30b0\u306a\u3069","datePublished":"2022-08-22T06:32:58+00:00","dateModified":"2022-09-07T01:12:22+00:00","mainEntityOfPage":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/recent-exploits-network-security-trends\/"},"wordCount":543,"commentCount":0,"image":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/recent-exploits-network-security-trends\/#primaryimage"},"thumbnailUrl":"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2024\/06\/05_Vulnerabilities_1920x900.jpg","keywords":["attack analysis","CVE-2021-20166","CVE-2021-20167","CVE-2021-21881","CVE-2021-24762","CVE-2021-28169","CVE-2021-31589","CVE-2021-39226","CVE-2021-4045","CVE-2021-43711","CVE-2022-21371","CVE-2022-21662","CVE-2022-22536","CVE-2022-22947","CVE-2022-22954","CVE-2022-22963","CVE-2022-22965","CVE-2022-24112","CVE-2022-24260","CVE-2022-25060","CVE-2022-25075","CVE-2022-25134","CVE-2022-27226","CVE-2022-29464","exploit in the wild","network security trends"],"articleSection":["Vulnerabilities","\u30c8\u30ec\u30f3\u30c9 \u30ec\u30dd\u30fc\u30c8","\u8106\u5f31\u6027"],"inLanguage":"ja","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/unit42.paloaltonetworks.com\/ja\/recent-exploits-network-security-trends\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/recent-exploits-network-security-trends\/","url":"https:\/\/unit42.paloaltonetworks.com\/ja\/recent-exploits-network-security-trends\/","name":"\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u52d5\u5411: 2022\u5e742\u6708\u301c4\u6708 \u5b9f\u969b\u306e\u60aa\u7528\u304c\u89b3\u6e2c\u3055\u308c\u305f\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u306f\u30ea\u30e2\u30fc\u30c8\u30b3\u30fc\u30c9\u5b9f\u884c\u3084\u30af\u30ed\u30b9\u30b5\u30a4\u30c8\u30b9\u30af\u30ea\u30d7\u30c6\u30a3\u30f3\u30b0\u306a\u3069","isPartOf":{"@id":"https:\/\/unit42.paloaltonetworks.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/recent-exploits-network-security-trends\/#primaryimage"},"image":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/recent-exploits-network-security-trends\/#primaryimage"},"thumbnailUrl":"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2024\/06\/05_Vulnerabilities_1920x900.jpg","datePublished":"2022-08-22T06:32:58+00:00","dateModified":"2022-09-07T01:12:22+00:00","author":{"@id":"https:\/\/unit42.paloaltonetworks.com\/#\/schema\/person\/c4ea1ea434f2bb940596f13000471495"},"description":"2022\u5e742\u6708\u304b\u30894\u6708\u306e\u56db\u534a\u671f\u306bUnit 42\u304c\u89b3\u6e2c\u3057\u305f\u60aa\u7528\u983b\u5ea6\u306e\u9ad8\u3044\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u3001\u3088\u304f\u4f7f\u308f\u308c\u3066\u3044\u308b\u30c6\u30af\u30cb\u30c3\u30af\u3084\u8106\u5f31\u6027\u306e\u7a2e\u985e\u3001\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u653b\u6483\u306e\u50be\u5411\u3092\u307e\u3068\u3081\u307e\u3057\u305f\u3002","breadcrumb":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/recent-exploits-network-security-trends\/#breadcrumb"},"inLanguage":"ja","potentialAction":[{"@type":"ReadAction","target":["https:\/\/unit42.paloaltonetworks.com\/ja\/recent-exploits-network-security-trends\/"]}]},{"@type":"ImageObject","inLanguage":"ja","@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/recent-exploits-network-security-trends\/#primaryimage","url":"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2024\/06\/05_Vulnerabilities_1920x900.jpg","contentUrl":"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2024\/06\/05_Vulnerabilities_1920x900.jpg","width":1920,"height":900,"caption":"Close-up side profile of a Black woman wearing glasses, focused intently on something out of frame."},{"@type":"BreadcrumbList","@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/recent-exploits-network-security-trends\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/unit42.paloaltonetworks.com\/ja\/"},{"@type":"ListItem","position":2,"name":"\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u52d5\u5411: 2022\u5e742\u6708\u301c4\u6708 \u5b9f\u969b\u306e\u60aa\u7528\u304c\u89b3\u6e2c\u3055\u308c\u305f\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u306f\u30ea\u30e2\u30fc\u30c8\u30b3\u30fc\u30c9\u5b9f\u884c\u3084\u30af\u30ed\u30b9\u30b5\u30a4\u30c8\u30b9\u30af\u30ea\u30d7\u30c6\u30a3\u30f3\u30b0\u306a\u3069"}]},{"@type":"WebSite","@id":"https:\/\/unit42.paloaltonetworks.com\/#website","url":"https:\/\/unit42.paloaltonetworks.com\/","name":"Unit 42","description":"Palo Alto Networks","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/unit42.paloaltonetworks.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"ja"},{"@type":"Person","@id":"https:\/\/unit42.paloaltonetworks.com\/#\/schema\/person\/c4ea1ea434f2bb940596f13000471495","name":"Yue Guan","image":{"@type":"ImageObject","inLanguage":"ja","@id":"https:\/\/unit42.paloaltonetworks.com\/#\/schema\/person\/image\/4ffb3c2d260a0150fb91b3715442f8b3","url":"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2018\/11\/unit-news-meta.svg","contentUrl":"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2018\/11\/unit-news-meta.svg","caption":"Yue Guan"},"url":"https:\/\/unit42.paloaltonetworks.com\/ja\/author\/yue-guan\/"}]}},"_links":{"self":[{"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/posts\/124620","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/users\/332"}],"replies":[{"embeddable":true,"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/comments?post=124620"}],"version-history":[{"count":12,"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/posts\/124620\/revisions"}],"predecessor-version":[{"id":124900,"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/posts\/124620\/revisions\/124900"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/media\/134416"}],"wp:attachment":[{"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/media?parent=124620"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/categories?post=124620"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/tags?post=124620"},{"taxonomy":"product_categories","embeddable":true,"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/product_categories?post=124620"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/coauthors?post=124620"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}