regscale-cli 6.20.6.0__py3-none-any.whl → 6.20.8.0__py3-none-any.whl

regscale/integrations/commercial/synqly/ticketing.py

@@ -52,13 +52,6 @@ def sync_freshdesk(regscale_id: int, regscale_module: str, name: str, subject: s
 @ticketing.command(name="sync_jira")
 @regscale_id()
 @regscale_module()
-@click.option(
-    "--issue_type",
-    type=click.STRING,
-    help="jira issue type",
-    required=True,
-    prompt="jira issue type",
-)
 @click.option(
     "--project",
     type=click.STRING,
@@ -66,6 +59,12 @@ def sync_freshdesk(regscale_id: int, regscale_module: str, name: str, subject: s
     required=True,
     prompt="jira project",
 )
+@click.option(
+    "--default_issue_type",
+    type=click.STRING,
+    help="Default Issue Type for the integration. If provided, the issue_type field becomes optional in ticket creation requests.",
+    required=False,
+)
 @click.option(
     "--default_project",
     type=click.STRING,
@@ -80,7 +79,12 @@ def sync_freshdesk(regscale_id: int, regscale_module: str, name: str, subject: s
     default=True,
 )
 def sync_jira(
-    regscale_id: int, regscale_module: str, issue_type: str, project: str, default_project: str, sync_attachments: bool
+    regscale_id: int,
+    regscale_module: str,
+    project: str,
+    default_issue_type: str,
+    default_project: str,
+    sync_attachments: bool,
 ) -> None:
     """Sync Ticketing data between Jira and RegScale."""
     from regscale.models.integration_models.synqly_models.connectors import Ticketing
@@ -89,8 +93,8 @@ def sync_jira(
     ticketing_jira.run_sync(
         regscale_id=regscale_id,
         regscale_module=regscale_module,
-        issue_type=issue_type,
         project=project,
+        default_issue_type=default_issue_type,
         default_project=default_project,
         sync_attachments=sync_attachments,
     )
@@ -157,12 +161,20 @@ def sync_servicenow(regscale_id: int, regscale_module: str, issue_type: str, def
     required=True,
     prompt="servicenow_sir issue type",
 )
-def sync_servicenow_sir(regscale_id: int, regscale_module: str, issue_type: str) -> None:
+@click.option(
+    "--default_project",
+    type=click.STRING,
+    help="Default Project for the integration. This maps to the custom table for tickets. This table should be derived from Security Incident table. Defaults to the security incident table if not specified.",
+    required=False,
+)
+def sync_servicenow_sir(regscale_id: int, regscale_module: str, issue_type: str, default_project: str) -> None:
     """Sync Ticketing data between Servicenow Sir and RegScale."""
     from regscale.models.integration_models.synqly_models.connectors import Ticketing
 
     ticketing_servicenow_sir = Ticketing("servicenow_sir")
-    ticketing_servicenow_sir.run_sync(regscale_id=regscale_id, regscale_module=regscale_module, issue_type=issue_type)
+    ticketing_servicenow_sir.run_sync(
+        regscale_id=regscale_id, regscale_module=regscale_module, issue_type=issue_type, default_project=default_project
+    )
 
 
 @ticketing.command(name="sync_torq")

regscale/integrations/commercial/veracode.py

@@ -28,10 +28,12 @@ FlatFileImporter.show_mapping(
     message="File path to the folder containing Veracode .xlsx files to process to RegScale.",
     prompt="File path for Veracode files",
     import_name="veracode",
+    support_component=True,
 )
 def import_veracode(
     folder_path: PathLike[str],
     regscale_ssp_id: int,
+    component_id: int,
     scan_date: datetime,
     mappings_path: Path,
     disable_mapping: bool,
@@ -43,9 +45,15 @@ def import_veracode(
     """
     Import scans, vulnerabilities and assets to RegScale from Veracode export files
     """
+    if not regscale_ssp_id and not component_id:
+        raise click.UsageError(
+            "You must provide either a --regscale_ssp_id or a --component_id to import Veracode scans."
+        )
+
     import_veracode_data(
         folder_path=folder_path,
-        regscale_ssp_id=regscale_ssp_id,
+        object_id=component_id if component_id else regscale_ssp_id,
+        is_component=bool(component_id),
         scan_date=scan_date,
         mappings_path=mappings_path,
         disable_mapping=disable_mapping,
@@ -58,7 +66,7 @@ def import_veracode(
 
 def import_veracode_data(
     folder_path: PathLike[str],
-    regscale_ssp_id: int,
+    object_id: int,
     scan_date: datetime,
     mappings_path: Path,
     s3_bucket: str,
@@ -66,11 +74,13 @@ def import_veracode_data(
     aws_profile: str,
     disable_mapping: Optional[bool] = False,
     upload_file: Optional[bool] = True,
+    is_component: Optional[bool] = False,
 ) -> None:
     """Import scans, vulnerabilities and assets to RegScale from Veracode export files"
 
     :param os.PathLike[str] folder_path: Path to the folder containing Veracode files
-    :param int regscale_ssp_id: RegScale SSP ID
+    :param int object_id: RegScale SSP ID or Component ID
+    :param bool is_component: Whether object_id is a component or not
     :param datetime scan_date: Scan date
     :param os.PathLike[str] mappings_path: Path to the header mapping file
     :param str s3_bucket: S3 bucket to download the files from
@@ -85,7 +95,7 @@ def import_veracode_data(
         import_name="Veracode",
         file_types=[".xml", ".xlsx", ".json"],
         folder_path=folder_path,
-        regscale_ssp_id=regscale_ssp_id,
+        object_id=object_id,
         scan_date=scan_date,
         mappings_path=mappings_path,
         disable_mapping=disable_mapping,
@@ -93,4 +103,5 @@ def import_veracode_data(
         s3_prefix=s3_prefix,
         aws_profile=aws_profile,
         upload_file=upload_file,
+        is_component=is_component,
     )

regscale/integrations/commercial/xray.py

@@ -80,7 +80,7 @@ def import_xray_files(
         import_name="XRay",
         file_types=".json",
         folder_path=folder_path,
-        regscale_ssp_id=regscale_ssp_id,
+        object_id=regscale_ssp_id,
         scan_date=scan_date,
         mappings_path=mappings_path,
         disable_mapping=disable_mapping,

regscale/integrations/public/cisa.py

@@ -171,7 +171,13 @@ def parse_html(page_url: str, app: Application) -> list:
         control["items"] = len(articles)
         control["page"] += 1
         # check if max threads <= 20 to prevent IP ban from CISA
-        max_threads = min(app.config["maxThreads"], 20)
+        max_threads_config = app.config.get("maxThreads", 100)
+        if not isinstance(max_threads_config, int):
+            try:
+                max_threads_config = int(max_threads_config)
+            except (ValueError, TypeError):
+                max_threads_config = 100
+        max_threads = min(max_threads_config, 20)
         with ThreadPoolExecutor(max_workers=max_threads) as executor:
             futures = []
             for link in control["links"]:

regscale/integrations/public/nist_catalog.py

@@ -67,8 +67,14 @@ def sort_controls_by_id(catalog_id: int) -> None:
     api = Api()
     config = app.config
     # update api limits depending on maxThreads
-    api.pool_connections = max(api.pool_connections, config["maxThreads"])
-    api.pool_maxsize = max(api.pool_maxsize, config["maxThreads"])
+    max_threads = config.get("maxThreads", 100)
+    if not isinstance(max_threads, int):
+        try:
+            max_threads = int(max_threads)
+        except (ValueError, TypeError):
+            max_threads = 100
+    api.pool_connections = max(api.pool_connections, max_threads)
+    api.pool_maxsize = max(api.pool_maxsize, max_threads)
     security_control_count: int = 0
 
     # get all controls by catalog

regscale/integrations/scanner_integration.py

@@ -638,6 +638,9 @@ class ScannerIntegration(ABC):
         self.is_component: bool = is_component
         if self.is_component:
             self.component = regscale_models.Component.get_object(self.plan_id)
+            self.parent_module: str = regscale_models.Component.get_module_string()
+        else:
+            self.parent_module: str = regscale_models.SecurityPlan.get_module_string()
         self.components: ThreadSafeList[Any] = ThreadSafeList()
         self.asset_map_by_identifier: ThreadSafeDict[str, regscale_models.Asset] = ThreadSafeDict()
         self.software_to_create: ThreadSafeList[regscale_models.SoftwareInventory] = ThreadSafeList()
@@ -655,16 +658,17 @@ class ScannerIntegration(ABC):
         self.implementation_option_map: ThreadSafeDict[str, int] = ThreadSafeDict()
         self.control_implementation_map: ThreadSafeDict[int, regscale_models.ControlImplementation] = ThreadSafeDict()
 
-        self.control_implementation_id_map = regscale_models.ControlImplementation.get_control_label_map_by_plan(
-            plan_id=plan_id
+        self.control_implementation_id_map = regscale_models.ControlImplementation.get_control_label_map_by_parent(
+            parent_id=self.plan_id, parent_module=self.parent_module
         )
         self.control_map = {v: k for k, v in self.control_implementation_id_map.items()}
         self.existing_issue_ids_by_implementation_map = regscale_models.Issue.get_open_issues_ids_by_implementation_id(
-            plan_id=plan_id
+            plan_id=self.plan_id, is_component=self.is_component
         )  # GraphQL Call
-        self.control_id_to_implementation_map = regscale_models.ControlImplementation.get_control_id_map_by_plan(
-            plan_id=plan_id
+        self.control_id_to_implementation_map = regscale_models.ControlImplementation.get_control_id_map_by_parent(
+            parent_id=self.plan_id, parent_module=self.parent_module
         )
+
         self.cci_to_control_map: ThreadSafeDict[str, set[int]] = ThreadSafeDict()
         self._no_ccis: bool = False
         self.cci_to_control_map_lock: threading.Lock = threading.Lock()
@@ -800,11 +804,7 @@ class ScannerIntegration(ABC):
                 getattr(x, self.asset_identifier_field): x
                 for x in regscale_models.Asset.get_all_by_parent(
                     parent_id=self.plan_id,
-                    parent_module=(
-                        regscale_models.Component.get_module_string()
-                        if self.is_component
-                        else regscale_models.SecurityPlan.get_module_string()
-                    ),
+                    parent_module=self.parent_module,
                 )
             }
 
@@ -817,7 +817,7 @@ class ScannerIntegration(ABC):
         """
         all_issues = regscale_models.Issue.get_all_by_parent(
             parent_id=self.plan_id,
-            parent_module=regscale_models.SecurityPlan.get_module_string(),
+            parent_module=self.parent_module,
         )
         return {issue.integrationFindingId: issue for issue in all_issues}
 
@@ -1094,11 +1094,7 @@ class ScannerIntegration(ABC):
             otherTrackingNumber=asset.other_tracking_number or asset.identifier,
             assetOwnerId=asset.asset_owner_id or "Unknown",
             parentId=component.id if component else self.plan_id,
-            parentModule=(
-                regscale_models.Component.get_module_string()
-                if component or self.is_component
-                else regscale_models.SecurityPlan.get_module_string()
-            ),
+            parentModule=self.parent_module,
             assetType=asset.asset_type,
             dateLastUpdated=asset.date_last_updated or get_current_datetime(),
             status=asset.status,
@@ -1324,9 +1320,7 @@ class ScannerIntegration(ABC):
 
         :rtype: None
         """
-        regscale_models.Asset.get_all_by_parent(
-            parent_id=self.plan_id, parent_module=regscale_models.SecurityPlan.get_module_string()
-        )
+        regscale_models.Asset.get_all_by_parent(parent_id=self.plan_id, parent_module=self.parent_module)
 
     def _create_process_function(self, loading_assets: TaskID) -> Callable[[IntegrationAsset], bool]:
         """
@@ -1600,11 +1594,7 @@ class ScannerIntegration(ABC):
 
         # Update all fields
         issue.parentId = self.plan_id
-        issue.parentModule = (
-            regscale_models.Component.get_module_string()
-            if self.is_component
-            else regscale_models.SecurityPlan.get_module_string()
-        )
+        issue.parentModule = self.parent_module
         issue.vulnerabilityId = finding.vulnerability_id
         issue.title = issue_title
         issue.dateCreated = finding.date_created
@@ -2159,7 +2149,7 @@ class ScannerIntegration(ABC):
                 # Get all existing POAM IDs and find the maximum
                 issues: List[regscale_models.Issue] = regscale_models.Issue.get_all_by_parent(
                     parent_id=self.plan_id,
-                    parent_module=regscale_models.SecurityPlan.get_module_string(),
+                    parent_module=self.parent_module,
                 )
                 self._max_poam_id = max(
                     (
@@ -2184,11 +2174,7 @@ class ScannerIntegration(ABC):
         """
         scan_history = regscale_models.ScanHistory(
             parentId=self.plan_id,
-            parentModule=(
-                regscale_models.Component.get_module_string()
-                if self.is_component
-                else regscale_models.SecurityPlan.get_module_string()
-            ),
+            parentModule=self.parent_module,
             scanningTool=self.title,
             scanDate=self.scan_date if self.scan_date else get_current_datetime(),
             createdById=self.assessor_id,
@@ -2309,11 +2295,7 @@ class ScannerIntegration(ABC):
             description=finding.description,
             dateLastUpdated=finding.date_last_updated,
             parentId=self.plan_id,
-            parentModule=(
-                regscale_models.Component.get_module_string()
-                if self.is_component
-                else regscale_models.SecurityPlan.get_module_string()
-            ),
+            parentModule=self.parent_module,
             dns=asset.fqdn or "unknown",
             status=regscale_models.VulnerabilityStatus.Open,
             ipAddress=finding.ip_address or asset.ipAddress or "",
@@ -2424,7 +2406,7 @@ class ScannerIntegration(ABC):
 
         # Get all vulnerabilities for this security plan
         all_vulnerabilities: list[regscale_models.Vulnerability] = regscale_models.Vulnerability.get_all_by_parent(
-            parent_id=self.plan_id, parent_module=regscale_models.SecurityPlan.get_module_string()
+            parent_id=self.plan_id, parent_module=self.parent_module
         )
 
         # Pre-filter vulnerabilities that are not in current set

regscale/models/app_models/import_validater.py

@@ -133,9 +133,13 @@ class ImportValidater:
         :param Union[list, pd.Index] headers: List of headers from the file
         """
         import re
+        from pandas import Index
 
         from regscale.models import Mapping
 
+        if isinstance(headers, Index):
+            headers = [str(header) for header in headers]  # Convert pd.Index to list of strings
+
         if not self.ignore_unnamed and any(re.search(r"unnamed", header, re.IGNORECASE) for header in headers):  # type: ignore
             raise ValidationException(
                 f"Unable to parse headers from the file. Please ensure the headers are named in {self.file_path}"
@@ -227,7 +231,7 @@ class ImportValidater:
             elif self.worksheet_name:
                 df = pandas.read_excel(file_path, sheet_name=self.worksheet_name)
             elif self.skip_rows:
-                df = pandas.read_excel(file_path, skiprows=self.skip_rows)
+                df = pandas.read_excel(file_path, skiprows=self.skip_rows - 1)
             else:
                 df = pandas.read_excel(file_path)
         except Exception as e:

regscale/models/app_models/mapping.py

@@ -121,8 +121,10 @@ class Mapping(BaseModel):
         mapping = values.data.get("mapping")
         if mapping is not None and expected_field_names is not None:
             if missing_fields := [field for field in expected_field_names if field not in mapping]:
+                # Get file_path_for_prompt from values instead of cls
+                file_path = values.data.get("file_path_for_prompt")
                 for field in missing_fields:
-                    cls._prompt_for_field(field, mapping, cls.file_path_for_prompt)
+                    cls._prompt_for_field(field, mapping, file_path)
         return expected_field_names
 
     @field_validator("expected_field_names")

regscale/models/integration_models/cisa_kev_data.json

@@ -1,9 +1,144 @@
 {
     "title": "CISA Catalog of Known Exploited Vulnerabilities",
-    "catalogVersion": "2025.07.20",
-    "dateReleased": "2025-07-20T19:06:00.8332Z",
-    "count": 1382,
+    "catalogVersion": "2025.07.28",
+    "dateReleased": "2025-07-28T14:00:14.6746Z",
+    "count": 1391,
     "vulnerabilities": [
+        {
+            "cveID": "CVE-2023-2533",
+            "vendorProject": "PaperCut",
+            "product": "NG\/MF",
+            "vulnerabilityName": "PaperCut NG\/MF Cross-Site Request Forgery (CSRF) Vulnerability",
+            "dateAdded": "2025-07-28",
+            "shortDescription": "PaperCut NG\/MF contains a cross-site request forgery (CSRF) vulnerability, which, under specific conditions, could potentially enable an attacker to alter security settings or execute arbitrary code. ",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-08-18",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/www.papercut.com\/kb\/Main\/SecurityBulletinJune2023 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-2533",
+            "cwes": [
+                "CWE-352"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-20337",
+            "vendorProject": "Cisco",
+            "product": "Identity Services Engine",
+            "vulnerabilityName": "Cisco Identity Services Engine Injection Vulnerability",
+            "dateAdded": "2025-07-28",
+            "shortDescription": "Cisco Identity Services Engine contains an injection vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC due to insufficient validation of user-supplied input allowing an attacker to exploit this vulnerability by submitting a crafted API request. Successful exploitation could allow an attacker to perform remote code execution and obtaining root privileges on an affected device.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-08-18",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/sec.cloudapps.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-ise-unauth-rce-ZAd2GnJ6 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-20337",
+            "cwes": [
+                "CWE-74"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-20281",
+            "vendorProject": "Cisco",
+            "product": "Identity Services Engine",
+            "vulnerabilityName": "Cisco Identity Services Engine Injection Vulnerability",
+            "dateAdded": "2025-07-28",
+            "shortDescription": "Cisco Identity Services Engine contains an injection vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC due to insufficient validation of user-supplied input allowing an attacker to exploit this vulnerability by submitting a crafted API request. Successful exploitation could allow an attacker to perform remote code execution and obtaining root privileges on an affected device.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-08-18",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/sec.cloudapps.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-ise-unauth-rce-ZAd2GnJ6 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-20281",
+            "cwes": [
+                "CWE-74"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-2775",
+            "vendorProject": "SysAid",
+            "product": "SysAid On-Prem",
+            "vulnerabilityName": "SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability",
+            "dateAdded": "2025-07-22",
+            "shortDescription": "SysAid On-Prem contains an improper restriction of XML external entity reference vulnerability in the Checkin processing functionality, allowing for administrator account takeover and file read primitives.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-08-12",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/documentation.sysaid.com\/docs\/24-40-60 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-2775",
+            "cwes": [
+                "CWE-611"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-2776",
+            "vendorProject": "SysAid",
+            "product": "SysAid On-Prem",
+            "vulnerabilityName": "SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability",
+            "dateAdded": "2025-07-22",
+            "shortDescription": "SysAid On-Prem contains an improper restriction of XML external entity reference vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-08-12",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/documentation.sysaid.com\/docs\/24-40-60 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-2776",
+            "cwes": [
+                "CWE-611"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-6558",
+            "vendorProject": "Google",
+            "product": "Chromium",
+            "vulnerabilityName": "Google Chromium ANGLE and GPU Improper Input Validation Vulnerability",
+            "dateAdded": "2025-07-22",
+            "shortDescription": "Google Chromium contains an improper input validation vulnerability in ANGLE and GPU. This vulnerability could allow a remote attacker to potentially perform a sandbox escape via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-08-12",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/chromereleases.googleblog.com\/2025\/07\/stable-channel-update-for-desktop_15.html ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-6558",
+            "cwes": [
+                "CWE-20"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-54309",
+            "vendorProject": "CrushFTP",
+            "product": "CrushFTP",
+            "vulnerabilityName": " CrushFTP Unprotected Alternate Channel Vulnerability",
+            "dateAdded": "2025-07-22",
+            "shortDescription": "CrushFTP contains an unprotected alternate channel vulnerability. When the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-08-12",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/www.crushftp.com\/crush11wiki\/Wiki.jsp?page=CompromiseJuly2025 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-54309 ",
+            "cwes": [
+                "CWE-420"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-49704",
+            "vendorProject": "Microsoft",
+            "product": "SharePoint",
+            "vulnerabilityName": "Microsoft SharePoint Code Injection Vulnerability",
+            "dateAdded": "2025-07-22",
+            "shortDescription": "Microsoft SharePoint contains a code injection vulnerability that could allow an authorized attacker to execute code over a network. This vulnerability could be chained with CVE-2025-49706. The update for CVE-2025-53770 includes more robust protections than the update for CVE-2025-49704.",
+            "requiredAction": "CISA recommends disconnecting public-facing versions of SharePoint Server that have reached their end-of-life (EOL) or end-of-service (EOS). For example, SharePoint Server 2013 and earlier versions are end-of-life and should be discontinued if still in use. For supported versions, please follow the mitigations according to CISA and vendor instructions. Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.",
+            "dueDate": "2025-07-23",
+            "knownRansomwareCampaignUse": "Known",
+            "notes": "CISA Mitigation Instructions: https:\/\/www.cisa.gov\/news-events\/alerts\/2025\/07\/20\/microsoft-releases-guidance-exploitation-sharepoint-vulnerability-cve-2025-53770; https:\/\/www.microsoft.com\/en-us\/security\/blog\/2025\/07\/22\/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities\/ ; https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2025-49704 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-49704",
+            "cwes": [
+                "CWE-94"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-49706",
+            "vendorProject": "Microsoft",
+            "product": "SharePoint",
+            "vulnerabilityName": "Microsoft SharePoint Improper Authentication Vulnerability",
+            "dateAdded": "2025-07-22",
+            "shortDescription": "Microsoft SharePoint contains an improper authentication vulnerability that allows an authorized attacker to perform spoofing over a network. Successfully exploitation could allow an attacker to view sensitive information and make some changes to disclosed information. This vulnerability could be chained with CVE-2025-49704. The update for CVE-2025-53771 includes more robust protections than the update for CVE-2025-49706.",
+            "requiredAction": "CISA recommends disconnecting public-facing versions of SharePoint Server that have reached their end-of-life (EOL) or end-of-service (EOS). For example, SharePoint Server 2013 and earlier versions are end-of-life and should be discontinued if still in use. For supported versions, please follow the mitigations according to CISA and vendor instructions. Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.",
+            "dueDate": "2025-07-23",
+            "knownRansomwareCampaignUse": "Known",
+            "notes": "CISA Mitigation Instructions: https:\/\/www.cisa.gov\/news-events\/alerts\/2025\/07\/20\/microsoft-releases-guidance-exploitation-sharepoint-vulnerability-cve-2025-53770 ; https:\/\/www.microsoft.com\/en-us\/security\/blog\/2025\/07\/22\/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities\/ ; https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2025-49706 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-49706",
+            "cwes": [
+                "CWE-287"
+            ]
+        },
         {
             "cveID": "CVE-2025-53770",
             "vendorProject": "Microsoft",
@@ -14,7 +149,7 @@
             "requiredAction": "CISA recommends configuring AMSI integration in SharePoint and deploying Defender AV on all SharePoint servers. If AMSI cannot be enabled, CISA recommends disconnecting affected products that are public-facing on the internet from service until official mitigations are available. Once mitigations are provided, apply them according to CISA and vendor instructions. Follow the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.  ",
             "dueDate": "2025-07-21",
             "knownRansomwareCampaignUse": "Unknown",
-            "notes": "CISA Mitigation Instructions: https:\/\/www.cisa.gov\/news-events\/alerts\/2025\/07\/20\/microsoft-releases-guidance-exploitation-sharepoint-vulnerability-cve-2025-53770 ; https:\/\/msrc.microsoft.com\/blog\/2025\/07\/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770\/ ; https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2025-53770 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-53770",
+            "notes": "CISA Mitigation Instructions: https:\/\/www.cisa.gov\/news-events\/alerts\/2025\/07\/20\/microsoft-releases-guidance-exploitation-sharepoint-vulnerability-cve-2025-53770; https:\/\/www.microsoft.com\/en-us\/security\/blog\/2025\/07\/22\/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities\/ ; https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2025-53770 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-53770",
             "cwes": [
                 "CWE-502"
             ]