{"vulnerability": "cve-2023-2496", "sightings": [{"uuid": "124455bb-feb4-487a-aaff-537bac32b3bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-24965", "type": "seen", "source": "https://t.me/cibsecurity/70166", "content": "\u203c CVE-2023-24965 \u203c\n\nIBM Aspera Faspex 5.0.5 does not restrict or incorrectly restricts access to a resource from an unauthorized actor. IBM X-Force ID: 246713.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-09T00:20:39.000000Z"}, {"uuid": "cf288d63-494f-45ef-a424-dd97e95c307d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-2496", "type": "seen", "source": "https://t.me/cibsecurity/64665", "content": "\u203c CVE-2023-2496 \u203c\n\nThe Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to unauthorized arbitrary file uploads due to an improper capability check on the 'validate_upload' function in versions up to, and including, 3.3.19. This makes it possible for authenticated attackers with a role that the administrator previously granted access to the plugin to upload arbitrary files on the affected site's server which may make remote code execution possible.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-24T07:26:46.000000Z"}, {"uuid": "c2a05c3d-3bad-40ba-bdab-cee7cf0aca4f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-24964", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7386", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-24964\n\ud83d\udd25 CVSS Score: 6.2 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: IBM InfoSphere Information Server 11.7 could allow a local user to obtain sensitive information from a log files.  IBM X-Force ID:  246463.\n\ud83d\udccf Published: 2023-02-17T16:35:13.206Z\n\ud83d\udccf Modified: 2025-03-12T20:07:24.386Z\n\ud83d\udd17 References:\n1. https://www.ibm.com/support/pages/node/6953519\n2. https://exchange.xforce.ibmcloud.com/vulnerabilities/246463", "creation_timestamp": "2025-03-12T20:42:52.000000Z"}, {"uuid": "00262602-1a33-43be-999c-c3327464fe4f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-24966", "type": "seen", "source": "https://t.me/cibsecurity/62979", "content": "\u203c CVE-2023-24966 \u203c\n\nIBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 246904.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-27T18:37:06.000000Z"}]}