{"vulnerability": "cve-2023-3801", "sightings": [{"uuid": "8579c690-4f69-49a4-b994-126890090cc8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38012", "type": "seen", "source": "https://t.me/cvedetector/16397", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2023-38012 - IBM Cloud Pak System Path Traversal Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2023-38012 \nPublished : Jan. 25, 2025, 2:15 p.m. | 1\u00a0hour, 9\u00a0minutes ago \nDescription : IBM Cloud Pak System 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, and 2.3.4.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-25T17:10:18.000000Z"}, {"uuid": "571108fd-ed02-4638-adee-4699a6d31d65", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38019", "type": "seen", "source": "https://t.me/ctinow/192573", "content": "https://ift.tt/4Ca6DVR\nCVE-2023-38019 | IBM SOAR QRadar Plugin App up to 5.0.3 URL path traversal (XFDB-260575)", "creation_timestamp": "2024-02-24T13:11:35.000000Z"}, {"uuid": "41228e91-d262-4ce3-83f2-80fc5d9b000e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38012", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113889329982951130", "content": "", "creation_timestamp": "2025-01-25T13:54:23.323528Z"}, {"uuid": "1134b606-1eda-4a9a-b86d-fe68a8bb05a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38013", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113889352324303929", "content": "", "creation_timestamp": "2025-01-25T14:00:04.071239Z"}, {"uuid": "9d0c7797-e433-4035-9eba-b11472fccf39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38012", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lglk746x4p25", "content": "", "creation_timestamp": "2025-01-25T18:30:43.792999Z"}, {"uuid": "8c6b5712-af4c-4437-b39c-455108c9e272", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38013", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3098", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: GHSA-m2fr-34qc-xrjj\n\ud83d\udd25 CVSS Score: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\n\ud83d\udd39 Description: IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could disclose sensitive information in HTTP responses that could aid in further attacks against the system.\n\ud83d\udccf Published: 2025-01-25T15:30:31Z\n\ud83d\udccf Modified: 2025-01-25T15:30:31Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2023-38013\n2. https://www.ibm.com/support/pages/node/7159533", "creation_timestamp": "2025-01-25T17:06:14.000000Z"}, {"uuid": "ddb8ad8b-19d4-4236-8477-e06ae2d951ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38012", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3100", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: GHSA-j7vf-q996-69xm\n\ud83d\udd25 CVSS Score: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\n\ud83d\udd39 Description: IBM Cloud Pak System 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, and 2.3.4.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system.\n\ud83d\udccf Published: 2025-01-25T15:30:31Z\n\ud83d\udccf Modified: 2025-01-25T15:30:31Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2023-38012\n2. https://www.ibm.com/support/pages/node/7148474", "creation_timestamp": "2025-01-25T17:06:15.000000Z"}, {"uuid": "2625928c-86a6-41a0-99d9-8c6fa8455abe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38012", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3078", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-38012\n\ud83d\udd39 Description: IBM Cloud Pak System 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, and 2.3.4.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system.\n\ud83d\udccf Published: 2025-01-25T13:49:36.358Z\n\ud83d\udccf Modified: 2025-01-25T13:52:16.547Z\n\ud83d\udd17 References:\n1. https://www.ibm.com/support/pages/node/7148474", "creation_timestamp": "2025-01-25T14:05:15.000000Z"}, {"uuid": "fc896916-f19f-4651-ad48-9d765aaebf23", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38013", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3077", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-38013\n\ud83d\udd39 Description: IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could disclose sensitive information in HTTP responses that could aid in further attacks against the system.\n\ud83d\udccf Published: 2025-01-25T13:55:05.494Z\n\ud83d\udccf Modified: 2025-01-25T13:55:05.494Z\n\ud83d\udd17 References:\n1. https://www.ibm.com/support/pages/node/7159533", "creation_timestamp": "2025-01-25T14:05:14.000000Z"}, {"uuid": "3fc83906-bc48-4441-b767-88c8c3160697", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38013", "type": "seen", "source": "https://t.me/cvedetector/16398", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2023-38013 - IBM Cloud Pak System Information Disclosure\", \n  \"Content\": \"CVE ID : CVE-2023-38013 \nPublished : Jan. 25, 2025, 2:15 p.m. | 1\u00a0hour, 9\u00a0minutes ago \nDescription : IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could disclose sensitive information in HTTP responses that could aid in further attacks against the system. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-25T17:10:19.000000Z"}, {"uuid": "5864b1ce-567d-4da6-ae9d-7f6ccf5d9ab3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38019", "type": "seen", "source": "https://t.me/ctinow/177919", "content": "https://ift.tt/6Zcai1M\nCVE-2023-38019", "creation_timestamp": "2024-02-02T05:21:33.000000Z"}, {"uuid": "35c4d371-8dfb-405b-96ca-aad996a43174", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-3801", "type": "seen", "source": "https://t.me/cibsecurity/67077", "content": "\u203c CVE-2023-3801 \u203c\n\nA vulnerability was found in IBOS OA 4.5.5. It has been declared as critical. Affected by this vulnerability is the function actionEdit of the file ?r=officialdoc/officialdoc/edit of the component Mobile Notification Handler. The manipulation leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-235069 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-21T07:33:26.000000Z"}]}