Asset Detail

Investigate what’s vulnerable, why it matters, and the safest path to remediation.
Asset ID: AST-009217 Owner: FinOps Exposure: Internet-facing (restricted)

Summary

Key facts + risk score factors (click to filter the list)
Risk Score 81 Last scan: 34m EDR agent: online
Business service
Payments API
Runtime
Ubuntu 22.04 OpenJDK 17
Ownership
Team: FinOps
Primary: finops-oncall
Escalation: sec-eng@patchpulse.example
Criticality
Tier 0 PCI scope
Risk factors
Risk meter
Score drivers: Crit 28 · Chatter 22 · Exposure 18 · Patch 13
Vulnerabilities Exploit Signals Changes Controls
Deep link: share asset.html#intel to open Exploit Signals.

Vulnerabilities

Detected on pay-api-17.prod.internal
Patch status: 2 pending
CVE Package / Component Detected Fixed Severity Exploit signal Patch status Recommended action
CVE-2024-3094 xz-libs / liblzma 5.6.0 5.4.6 (vendor) Critical KEV + PoC Pending
CVE-2023-44487 nginx / HTTP/2 1.22.1 1.24.0+ High Trending Mitigate
CVE-2024-21626 runc 1.1.10 1.1.12 High Low Not applicable
Row expand example: proof + apply playbook
Proof of detection (CVE-2024-3094)
Plugin: Nessus #190856 · Output: "Detected liblzma.so.5.6.0 linked via openssh-server"
Affected paths
  • /usr/lib/x86_64-linux-gnu/liblzma.so.5
  • /usr/sbin/sshd (linked)
Apply Playbook

Exploit Signals

Correlation across advisories, social chatter, and exploit repos
Confidence 0.86
Sources
CISA KEV First seen: Dec 10 · Last seen: Dec 11
Listed
Exploit repo mentions PoC referenced; no reliable weaponized chain observed
Medium
Vendor advisory Ubuntu USN + upstream notes
Verified
Excerpt feed
Advisory excerpt "CVE-2024-3094 impacts xz 5.6.x; downgrade to 5.4.x recommended."
Open
Repo excerpt "Detection scripts validate sshd linkage to liblzma on affected distros."
Open
Social excerpt "Broad scanning for backdoored xz packages observed in the wild."
Open

Changes

Recent deployments and config changes (mocked)
Deploy2025-12-10 21:32Z · payments-api:v2.18.4 → v2.18.5
CI/CD
Package update2025-12-09 03:11Z · openssh-server security update applied
OK
Firewall2025-12-07 16:40Z · allowlist updated for partner IP range
Reviewed

Controls

Compensating controls and validation checks (mocked)
Network
  • Inbound SSH restricted to bastion subnet
  • WAF in front of public endpoints
Host
  • EDR prevention enabled (Prod-Servers)
  • File integrity monitoring: /usr/sbin

Tag Criticality

Change Owner

Create Ticket (from Asset)
Updated Action completed.