regscale-cli 6.20.5.0__py3-none-any.whl → 6.20.7.0__py3-none-any.whl

regscale/models/integration_models/cisa_kev_data.json

@@ -1,9 +1,144 @@
 {
     "title": "CISA Catalog of Known Exploited Vulnerabilities",
-    "catalogVersion": "2025.07.10",
-    "dateReleased": "2025-07-10T16:05:09.522Z",
-    "count": 1379,
+    "catalogVersion": "2025.07.22",
+    "dateReleased": "2025-07-22T17:01:26.7198Z",
+    "count": 1388,
     "vulnerabilities": [
+        {
+            "cveID": "CVE-2025-2775",
+            "vendorProject": "SysAid",
+            "product": "SysAid On-Prem",
+            "vulnerabilityName": "SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability",
+            "dateAdded": "2025-07-22",
+            "shortDescription": "SysAid On-Prem contains an improper restriction of XML external entity reference vulnerability in the Checkin processing functionality, allowing for administrator account takeover and file read primitives.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-08-12",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/documentation.sysaid.com\/docs\/24-40-60 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-2775",
+            "cwes": [
+                "CWE-611"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-2776",
+            "vendorProject": "SysAid",
+            "product": "SysAid On-Prem",
+            "vulnerabilityName": "SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability",
+            "dateAdded": "2025-07-22",
+            "shortDescription": "SysAid On-Prem contains an improper restriction of XML external entity reference vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-08-12",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/documentation.sysaid.com\/docs\/24-40-60 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-2776",
+            "cwes": [
+                "CWE-611"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-6558",
+            "vendorProject": "Google",
+            "product": "Chromium",
+            "vulnerabilityName": "Google Chromium ANGLE and GPU Improper Input Validation Vulnerability",
+            "dateAdded": "2025-07-22",
+            "shortDescription": "Google Chromium contains an improper input validation vulnerability in ANGLE and GPU. This vulnerability could allow a remote attacker to potentially perform a sandbox escape via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-08-12",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/chromereleases.googleblog.com\/2025\/07\/stable-channel-update-for-desktop_15.html ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-6558",
+            "cwes": [
+                "CWE-20"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-54309",
+            "vendorProject": "CrushFTP",
+            "product": "CrushFTP",
+            "vulnerabilityName": " CrushFTP Unprotected Alternate Channel Vulnerability",
+            "dateAdded": "2025-07-22",
+            "shortDescription": "CrushFTP contains an unprotected alternate channel vulnerability. When the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-08-12",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/www.crushftp.com\/crush11wiki\/Wiki.jsp?page=CompromiseJuly2025 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-54309 ",
+            "cwes": [
+                "CWE-420"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-49704",
+            "vendorProject": "Microsoft",
+            "product": "SharePoint",
+            "vulnerabilityName": "Microsoft SharePoint Code Injection Vulnerability",
+            "dateAdded": "2025-07-22",
+            "shortDescription": "Microsoft SharePoint contains a code injection vulnerability that could allow an authorized attacker to execute code over a network. This vulnerability could be chained with CVE-2025-49706. The update for CVE-2025-53770 includes more robust protections than the update for CVE-2025-49704.",
+            "requiredAction": "CISA recommends disconnecting public-facing versions of SharePoint Server that have reached their end-of-life (EOL) or end-of-service (EOS). For example, SharePoint Server 2013 and earlier versions are end-of-life and should be discontinued if still in use. For supported versions, please follow the mitigations according to CISA and vendor instructions. Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.",
+            "dueDate": "2025-07-23",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "CISA Mitigation Instructions: https:\/\/www.cisa.gov\/news-events\/alerts\/2025\/07\/20\/microsoft-releases-guidance-exploitation-sharepoint-vulnerability-cve-2025-53770; https:\/\/www.microsoft.com\/en-us\/security\/blog\/2025\/07\/22\/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities\/ ; https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2025-49704 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-49704",
+            "cwes": [
+                "CWE-94"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-49706",
+            "vendorProject": "Microsoft",
+            "product": "SharePoint",
+            "vulnerabilityName": "Microsoft SharePoint Improper Authentication Vulnerability",
+            "dateAdded": "2025-07-22",
+            "shortDescription": "Microsoft SharePoint contains an improper authentication vulnerability that allows an authorized attacker to perform spoofing over a network. Successfully exploitation could allow an attacker to view sensitive information and make some changes to disclosed information. This vulnerability could be chained with CVE-2025-49704. The update for CVE-2025-53771 includes more robust protections than the update for CVE-2025-49706.",
+            "requiredAction": "CISA recommends disconnecting public-facing versions of SharePoint Server that have reached their end-of-life (EOL) or end-of-service (EOS). For example, SharePoint Server 2013 and earlier versions are end-of-life and should be discontinued if still in use. For supported versions, please follow the mitigations according to CISA and vendor instructions. Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.",
+            "dueDate": "2025-07-23",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "CISA Mitigation Instructions: https:\/\/www.cisa.gov\/news-events\/alerts\/2025\/07\/20\/microsoft-releases-guidance-exploitation-sharepoint-vulnerability-cve-2025-53770; https:\/\/www.microsoft.com\/en-us\/security\/blog\/2025\/07\/22\/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities\/ ; https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2025-49706 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-49706",
+            "cwes": [
+                "CWE-287"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-53770",
+            "vendorProject": "Microsoft",
+            "product": "SharePoint",
+            "vulnerabilityName": "Microsoft SharePoint Deserialization of Untrusted Data Vulnerability",
+            "dateAdded": "2025-07-20",
+            "shortDescription": "Microsoft SharePoint Server on-premises contains a deserialization of untrusted data vulnerability that could allow an unauthorized attacker to execute code over a network.",
+            "requiredAction": "CISA recommends configuring AMSI integration in SharePoint and deploying Defender AV on all SharePoint servers. If AMSI cannot be enabled, CISA recommends disconnecting affected products that are public-facing on the internet from service until official mitigations are available. Once mitigations are provided, apply them according to CISA and vendor instructions. Follow the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.  ",
+            "dueDate": "2025-07-21",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "CISA Mitigation Instructions: https:\/\/www.cisa.gov\/news-events\/alerts\/2025\/07\/20\/microsoft-releases-guidance-exploitation-sharepoint-vulnerability-cve-2025-53770; https:\/\/www.microsoft.com\/en-us\/security\/blog\/2025\/07\/22\/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities\/ ; https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2025-53770 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-53770",
+            "cwes": [
+                "CWE-502"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-25257",
+            "vendorProject": "Fortinet",
+            "product": "FortiWeb",
+            "vulnerabilityName": "Fortinet FortiWeb SQL Injection Vulnerability",
+            "dateAdded": "2025-07-18",
+            "shortDescription": "Fortinet FortiWeb contains a SQL injection vulnerability that may allow an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-08-08",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/fortiguard.fortinet.com\/psirt\/FG-IR-25-151 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-25257",
+            "cwes": [
+                "CWE-89"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-47812",
+            "vendorProject": "Wing FTP Server",
+            "product": "Wing FTP Server",
+            "vulnerabilityName": "Wing FTP Server Improper Neutralization of Null Byte or NUL Character Vulnerability",
+            "dateAdded": "2025-07-14",
+            "shortDescription": "Wing FTP Server contains an improper neutralization of null byte or NUL character vulnerability that can allow injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service (root or SYSTEM by default).",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-08-04",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/www.wftpserver.com\/serverhistory.htm ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-47812",
+            "cwes": [
+                "CWE-158"
+            ]
+        },
         {
             "cveID": "CVE-2025-5777",
             "vendorProject": "Citrix",
@@ -150,7 +285,7 @@
             "shortDescription": "Fortinet FortiOS contains a use of hard-coded credentials vulnerability that could allow an attacker to cipher sensitive data in FortiOS configuration backup file via knowledge of the hard-coded key. ",
             "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
             "dueDate": "2025-07-16",
-            "knownRansomwareCampaignUse": "Unknown",
+            "knownRansomwareCampaignUse": "Known",
             "notes": "https:\/\/fortiguard.com\/advisory\/FG-IR-19-007 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2019-6693",
             "cwes": [
                 "CWE-798"
@@ -18491,7 +18626,7 @@
             "shortDescription": "Microsoft Remote Desktop Services, formerly known as Terminal Service, contains an unspecified vulnerability that allows an unauthenticated attacker to connect to the target system using RDP and send specially crafted requests. Successful exploitation allows for remote code execution. The vulnerability is also known under the moniker of BlueKeep.",
             "requiredAction": "Apply updates per vendor instructions.",
             "dueDate": "2022-05-03",
-            "knownRansomwareCampaignUse": "Unknown",
+            "knownRansomwareCampaignUse": "Known",
             "notes": "https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2019-0708",
             "cwes": [
                 "CWE-416"

regscale/models/integration_models/flat_file_importer/__init__.py

@@ -391,11 +391,10 @@ class FlatFileImporter(ABC):
             # Skip lines until the start line is reached
             for _ in range(start_line_number):
                 next(file)
-            if file.name.endswith(".csv"):
+            if file.name.endswith((".csv", ".xlsx")):
+                # Use the validater data for CSV and XLSX files to ensure proper mapping validation
                 data = self.validater.data.to_dict("records")
                 header = list(self.validater.parsed_headers)
-            elif file.name.endswith(".xlsx"):
-                data, header = self.convert_xlsx_to_dict(file, start_line_number)
             elif file.name.endswith(".json"):
                 try:
                     # Filter possible null values

regscale/models/integration_models/qualys.py

@@ -7,10 +7,12 @@ import logging
 
 # pylint: disable=C0415
 import re
+from calendar import firstweekday
 from datetime import datetime
 from typing import Any, Iterator, Optional, TypeVar, TextIO, Union
 
 from openpyxl.reader.excel import load_workbook
+from pandas import Timestamp
 
 from regscale.core.app import create_logger
 from regscale.core.app.application import Application
@@ -124,12 +126,27 @@ class Qualys(FlatFileImporter):
             }
         )
 
-    def create_vuln(self, dat: Optional[dict] = None, **kwargs) -> None:
+    def _convert_datetime_to_str(self, input_date: Union[Timestamp, datetime]) -> str:
+        """
+        Convert a datetime or Timestamp object to a string in the specified format.
+
+        :param Union[Timestamp, datetime] input_date: The date to convert.
+        :return: The date as a string in the format '%Y-%m-%d %H:%M:%S'.
+        :rtype: str
+        """
+        if isinstance(input_date, Timestamp):
+            input_date = input_date.to_pydatetime()
+        elif isinstance(input_date, str):
+            return input_date
+        return input_date.strftime(self.dt_format)
+
+    def create_vuln(self, dat: Optional[dict] = None, **kwargs) -> Optional[Vulnerability]:
         """
         Create a vuln from a row in the Qualys file
 
         :param Optional[dict] dat: Data row from CSV file, defaults to None
-        :rtype: None
+        :return: RegScale Vulnerability object or None
+        :rtype: Optional[Vulnerability]
         """
         from regscale.integrations.commercial.qualys import map_qualys_severity_to_regscale
 
@@ -145,6 +162,9 @@ class Qualys(FlatFileImporter):
         config = self.attributes.app.config
         asset_match = [asset for asset in self.data["assets"] if asset.name == dns]
         asset = asset_match[0] if asset_match else None
+        last_seen = self._convert_datetime_to_str(self.mapping.get_value(dat, "Last Detected"))
+        first_seen = self._convert_datetime_to_str(self.mapping.get_value(dat, "First Detected"))
+
         if dat and asset_match:
             regscale_vuln = Vulnerability(
                 id=0,
@@ -152,8 +172,8 @@ class Qualys(FlatFileImporter):
                 parentId=asset.id,
                 parentModule="assets",
                 ipAddress=self.mapping.get_value(dat, IP),
-                lastSeen=self.mapping.get_value(dat, "Last Detected"),
-                firstSeen=self.mapping.get_value(dat, "First Detected"),
+                lastSeen=last_seen,
+                firstSeen=first_seen,
                 daysOpen=None,
                 dns=self.mapping.get_value(dat, DNS, other_id),
                 mitigated=None,