{"vulnerability": "cve-2023-4037", "sightings": [{"uuid": "108d4be3-9d03-4420-a5f3-d4b2e6666236", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-40378", "type": "seen", "source": "https://t.me/cibsecurity/72291", "content": "\u203c CVE-2023-40378 \u203c\n\nIBM Directory Server for IBM i contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain component access to the host operating system. IBM X-Force ID: 263584.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-15T07:30:28.000000Z"}, {"uuid": "ce673562-dbb6-452f-a09c-7fe5ac98d62d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-40375", "type": "seen", "source": "https://t.me/cibsecurity/71221", "content": "\u203c CVE-2023-40375 \u203c\n\nIntegrated application server for IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system. IBM X-Force ID: 263580.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-28T22:36:58.000000Z"}, {"uuid": "b3ebddf2-2a15-4d52-a380-bddb03557258", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-40372", "type": "seen", "source": "https://t.me/cibsecurity/72401", "content": "\u203c CVE-2023-40372 \u203c\n\nIBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted SQL statement using External Tables. IBM X-Force ID: 263499.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-17T07:32:39.000000Z"}, {"uuid": "94cb27e6-091c-40c8-9e4e-0c2c70035285", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-40377", "type": "seen", "source": "https://t.me/cibsecurity/72301", "content": "\u203c CVE-2023-40377 \u203c\n\nBackup, Recovery, and Media Services (BRMS) for IBM i 7.2, 7.3, and 7.4 contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain component access to the host operating system. IBM X-Force ID: 263583.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-16T07:44:26.000000Z"}, {"uuid": "e931ed3a-a2d8-48db-9689-5a298145246d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-40376", "type": "seen", "source": "https://t.me/cibsecurity/71593", "content": "\u203c CVE-2023-40376 \u203c\n\nIBM UrbanCode Deploy (UCD) 7.1 - 7.1.2.12, 7.2 through 7.2.3.5, and 7.3 through 7.3.2.0 under certain configurations could allow an authenticated user to make changes to environment variables due to improper authentication controls. IBM X-Force ID: 263581.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-04T18:12:28.000000Z"}, {"uuid": "ad850524-d271-4612-9730-846627f45823", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-4037", "type": "seen", "source": "https://t.me/cibsecurity/71573", "content": "\u203c CVE-2023-4037 \u203c\n\nBlind SQL injection vulnerability in the Conacwin 3.7.1.2 web interface, the exploitation of which could allow a local attacker to obtain sensitive data stored in the database by sending a specially crafted SQL query to the xml parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-04T16:12:04.000000Z"}, {"uuid": "e5df5496-df07-49b2-9dfe-bfc9e2f465db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-40374", "type": "seen", "source": "https://t.me/cibsecurity/72381", "content": "\u203c CVE-2023-40374 \u203c\n\nIBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted query statement. IBM X-Force ID: 263575.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-17T02:32:16.000000Z"}, {"uuid": "303ee690-763e-4790-b31e-87b829c551c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-40370", "type": "seen", "source": "https://t.me/cibsecurity/69041", "content": "\u203c CVE-2023-40370 \u203c\n\nIBM Robotic Process Automation 21.0.0 through 21.0.7.1 runtime is vulnerable to information disclosure of script content if the remote REST request computer policy is enabled. IBM X-Force ID: 263470.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-23T02:11:59.000000Z"}]}