{"vulnerability": "CVE-2023-2645", "sightings": [{"uuid": "d8931413-f906-4185-8213-a2957fd4a0df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-26455", "type": "seen", "source": "https://t.me/cibsecurity/73447", "content": "\u203c CVE-2023-26455 \u203c\n\nRMI was not requiring authentication when calling ChronosRMIService:setEventOrganizer. Attackers with local or adjacent network access could abuse the RMI service to modify calendar items using RMI. RMI access is restricted to localhost by default. The interface has been updated to require authenticated requests. No publicly available exploits are known.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-11-02T17:22:52.000000Z"}, {"uuid": "4a7ebb1f-c867-4aee-af02-2ac1790f98da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-26451", "type": "seen", "source": "https://t.me/cibsecurity/67588", "content": "\u203c CVE-2023-26451 \u203c\n\nFunctions with insufficient randomness were used to generate authorization tokens of the integrated oAuth Authorization Service. Authorization codes were predictable for third parties and could be used to intercept and take over the client authorization process. As a result, other users accounts could be compromised. The oAuth Authorization Service is not enabled by default. We have updated the implementation to use sources with sufficient randomness to generate authorization tokens. No publicly available exploits are known.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-02T16:39:32.000000Z"}, {"uuid": "6dd9a352-2016-47b5-95ad-c972f37a9fcc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-26450", "type": "seen", "source": "https://t.me/cibsecurity/67577", "content": "\u203c CVE-2023-26450 \u203c\n\nThe \"OX Count\" web service did not specify a media-type when processing responses by external resources. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit this an attacker would require temporary access to the users account or lure a user to a compromised account. We are now defining the accepted media-type to avoid code execution. No publicly available exploits are known.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-02T16:39:15.000000Z"}, {"uuid": "074eee0e-c9d3-44e7-80d2-1367f3ff78a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-26457", "type": "seen", "source": "https://t.me/cibsecurity/59950", "content": "\u203c CVE-2023-26457 \u203c\n\nSAP Content Server - version 7.53, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker can read and modify some sensitive information but cannot delete the data.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-14T12:54:09.000000Z"}, {"uuid": "3a21348a-52fc-41e6-a5b6-3d375cb56284", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-26452", "type": "seen", "source": "https://t.me/cibsecurity/73440", "content": "\u203c CVE-2023-26452 \u203c\n\nRequests to cache an image and return its metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could be executed in the context of the services database user account. API requests are now properly checked for valid content and attempts to circumvent this check are being logged as error. No publicly available exploits are known.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-11-02T17:22:42.000000Z"}, {"uuid": "bbdb1cc7-a393-430d-9cd1-92a59e8f5154", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-26459", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5739", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-26459\n\ud83d\udd25 CVSS Score: 7.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Due to improper input controls In SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, an attacker authenticated as a non-administrative user can craft a request which will trigger the application server to send a request to an arbitrary URL which can reveal, modify or make unavailable non-sensitive information, leading to low impact on Confidentiality, Integrity and Availability.\n\n\n\ud83d\udccf Published: 2023-03-14T04:45:51.958Z\n\ud83d\udccf Modified: 2025-02-27T18:05:47.515Z\n\ud83d\udd17 References:\n1. https://launchpad.support.sap.com/#/notes/3296346\n2. https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", "creation_timestamp": "2025-02-27T18:26:57.000000Z"}, {"uuid": "4b72712f-8d26-43bb-a005-3937dce17ba0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-26457", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5688", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-26457\n\ud83d\udd25 CVSS Score: 6.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: SAP Content Server - version 7.53, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker can read and modify some sensitive information but cannot delete the data.\n\n\n\ud83d\udccf Published: 2023-03-14T04:53:30.369Z\n\ud83d\udccf Modified: 2025-02-27T15:10:48.616Z\n\ud83d\udd17 References:\n1. https://launchpad.support.sap.com/#/notes/3281484\n2. https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", "creation_timestamp": "2025-02-27T15:29:32.000000Z"}, {"uuid": "2c958400-a28b-4651-99de-e32571cd3797", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-2645", "type": "seen", "source": "https://t.me/cibsecurity/63867", "content": "\u203c CVE-2023-2645 \u203c\n\nA vulnerability, which was classified as critical, was found in USR USR-G806 1.0.41. Affected is an unknown function of the component Web Management Page. The manipulation of the argument username/password with the input root leads to use of hard-coded password. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to change the configuration settings. VDB-228774 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-11T12:15:17.000000Z"}, {"uuid": "ed43d0e2-3398-4de6-9ee8-83c11ea94c7d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-2645", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lg4pubboct2z", "content": "", "creation_timestamp": "2025-01-19T21:02:02.790106Z"}]}