{"vulnerability": "CVE-2023-3589", "sightings": [{"uuid": "51054564-5bc2-4890-9bbd-9071cb87138c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35895", "type": "seen", "source": "https://t.me/ctinow/157120", "content": "https://ift.tt/aBvGzFu\nCVE-2023-35895", "creation_timestamp": "2023-12-20T16:23:56.000000Z"}, {"uuid": "eff60673-f8b9-4311-bce9-df2a736a353b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35890", "type": "seen", "source": "https://t.me/cibsecurity/66178", "content": "\u203c CVE-2023-35890 \u203c\n\nIBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security, caused by the improper encoding in a local configuration file. IBM X-Force ID: 258637.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-07T07:26:01.000000Z"}, {"uuid": "6c7bb095-e9cb-41b5-bf3a-efa0860babe3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35894", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6874", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-35894\n\ud83d\udd25 CVSS Score: 5.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)\n\ud83d\udd39 Description: IBM Control Center 6.2.1 through 6.3.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.\n\ud83d\udccf Published: 2025-03-07T16:47:52.841Z\n\ud83d\udccf Modified: 2025-03-07T17:04:59.454Z\n\ud83d\udd17 References:\n1. https://www.ibm.com/support/pages/node/7185101", "creation_timestamp": "2025-03-07T17:35:29.000000Z"}, {"uuid": "99dec96f-9e12-4486-b268-945603bca61f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35897", "type": "seen", "source": "https://t.me/cibsecurity/71734", "content": "\u203c CVE-2023-35897 \u203c\n\nIBM Spectrum Protect Client and IBM Storage Protect for Virtual Environments 8.1.0.0 through 8.1.19.0 could allow a local user to execute arbitrary code on the system using a specially crafted file, caused by a DLL hijacking flaw. IBM X-Force ID: 259246.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-06T18:13:48.000000Z"}, {"uuid": "e9fee7af-c90d-4d1e-9f98-d0db01b2a8c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35892", "type": "seen", "source": "https://t.me/cibsecurity/69810", "content": "\u203c CVE-2023-35892 \u203c\n\nIBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 258786.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-05T07:16:40.000000Z"}, {"uuid": "e361ba7c-8121-42a3-8532-99d2f96cda07", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35893", "type": "seen", "source": "https://t.me/cibsecurity/68710", "content": "\u203c CVE-2023-35893 \u203c\n\nIBM Security Guardium 10.6, 11.3, 11.4, and 11.5 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 258824.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-17T02:36:59.000000Z"}, {"uuid": "a952c644-5698-4f33-820c-1842c59d5476", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35896", "type": "seen", "source": "https://t.me/cibsecurity/73498", "content": "\u203c CVE-2023-35896 \u203c\n\nIBM Content Navigator 3.0.13 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 259247.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-11-03T06:23:11.000000Z"}, {"uuid": "81dcd286-1a84-4a11-80e3-365f2a667cfd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-3589", "type": "seen", "source": "https://t.me/cibsecurity/71810", "content": "\u203c CVE-2023-3589 \u203c\n\nA Cross-Site Request Forgery (CSRF) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x allows an attacker to send a specifically crafted query to the server.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-09T12:15:55.000000Z"}, {"uuid": "b55d7cba-84c4-4f1e-8395-6e422d257382", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35895", "type": "seen", "source": "https://t.me/ctinow/167838", "content": "https://ift.tt/7ZyewhR\nCVE-2023-35895 | IBM Informix JDBC 4.10/4.50 JNDI os command injection (XFDB-259116)", "creation_timestamp": "2024-01-13T14:51:35.000000Z"}, {"uuid": "a769ba71-691a-4186-b7ad-fb26cc309221", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35898", "type": "seen", "source": "https://t.me/cibsecurity/66986", "content": "\u203c CVE-2023-35898 \u203c\n\nIBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information due to an insecure security configuration in InfoSphere Data Flow Designer. IBM X-Force ID: 259352.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-19T07:24:58.000000Z"}]}