{"vulnerability": "cve-2024-4507", "sightings": [{"uuid": "b2e0e4b8-693a-4fe5-9eb1-17f17f47d3d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45077", "type": "seen", "source": "https://t.me/cvedetector/16302", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45077 - IBM Maximo Asset Management Unrestricted File Upload Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-45077 \nPublished : Jan. 24, 2025, 4:15 p.m. | 22\u00a0minutes ago \nDescription : IBM Maximo Asset Management 7.6.1.3 MXAPIASSET API is vulnerable to unrestricted file upload which allows authenticated low privileged user to upload restricted file types with a simple method of adding a dot to the end of the file name if Maximo is installed on Windows operating system. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"24 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-24T17:45:20.000000Z"}, {"uuid": "c346e6d0-bbf4-4b69-8618-0e6e7096ad57", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45077", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2928", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-45077\n\ud83d\udd39 Description: IBM Maximo Asset Management 7.6.1.3 MXAPIASSET API is vulnerable to unrestricted file upload which allows authenticated low privileged user to upload restricted file types with a simple method of adding a dot to the end of the file name if Maximo is installed on Windows operating system.\n\ud83d\udccf Published: 2025-01-24T15:38:03.611Z\n\ud83d\udccf Modified: 2025-01-24T15:38:03.611Z\n\ud83d\udd17 References:\n1. https://www.ibm.com/support/pages/node/7174819", "creation_timestamp": "2025-01-24T16:04:51.000000Z"}, {"uuid": "01114c37-5eb5-42c6-9deb-7dceef3fa124", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45072", "type": "seen", "source": "https://t.me/cvedetector/8104", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45072 - IBM WebSphere Application Server XXE Injection\", \n  \"Content\": \"CVE ID : CVE-2024-45072 \nPublished : Oct. 16, 2024, 5:15 p.m. | 26\u00a0minutes ago \nDescription : IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A privileged user could exploit this vulnerability to expose sensitive information or consume memory resources. \nSeverity: 5.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-16T19:44:19.000000Z"}, {"uuid": "37a3c78f-e91f-4a45-9a27-74225910b977", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45071", "type": "seen", "source": "https://t.me/cvedetector/8103", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45071 - IBM WebSphere Application Server Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-45071 \nPublished : Oct. 16, 2024, 5:15 p.m. | 26\u00a0minutes ago \nDescription : IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. \nSeverity: 5.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-16T19:44:16.000000Z"}, {"uuid": "4386b4bf-7b70-4df7-957b-7e7faa5efaae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45074", "type": "seen", "source": "https://t.me/cvedetector/4806", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45074 - IBM webMethods Integration Directory Traversal Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-45074 \nPublished : Sept. 4, 2024, 4:15 p.m. | 44\u00a0minutes ago \nDescription : IBM webMethods Integration 10.15 could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-04T19:25:24.000000Z"}, {"uuid": "2fa8a046-010d-4b9e-a68f-520b7359fe61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45075", "type": "seen", "source": "https://t.me/cvedetector/4805", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45075 - IBM webMethods Integration Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-45075 \nPublished : Sept. 4, 2024, 4:15 p.m. | 44\u00a0minutes ago \nDescription : IBM webMethods Integration 10.15 could allow an authenticated user to create scheduler tasks that would allow them to escalate their privileges to administrator due to missing authentication. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-04T19:25:20.000000Z"}, {"uuid": "36f37f4f-b5ac-40d9-b1ba-29ca347fd28a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45076", "type": "seen", "source": "https://t.me/cvedetector/4803", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45076 - IBM webMethods Integration Remote Command Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-45076 \nPublished : Sept. 4, 2024, 4:15 p.m. | 44\u00a0minutes ago \nDescription : IBM webMethods Integration 10.15 could allow an authenticated user to upload and execute arbitrary files which could be executed on the underlying operating system. \nSeverity: 9.9 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-04T19:25:18.000000Z"}, {"uuid": "7c45edaa-5093-4278-b14b-02f59186415d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45070", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf57hjhm272f", "content": "", "creation_timestamp": "2025-01-07T08:16:01.447091Z"}, {"uuid": "38594116-87be-427f-aeb0-a04ac8970f1f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45070", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf57hjhm272f", "content": "", "creation_timestamp": "2025-01-07T08:16:01.466440Z"}, {"uuid": "abec4f1b-ed97-4bd4-906a-86b0917a9add", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45070", "type": "seen", "source": "https://t.me/cvedetector/14498", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45070 - OpenHarmony Heap Buffer Out-of-Bounds Read Information Leak\", \n  \"Content\": \"CVE ID : CVE-2024-45070 \nPublished : Jan. 7, 2025, 8:15 a.m. | 20\u00a0minutes ago \nDescription : in OpenHarmony v4.1.2 and prior versions allow a local attacker cause information leak through out-of-bounds Read. \nSeverity: 5.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-07T09:41:19.000000Z"}, {"uuid": "78992ae6-66a1-4732-835d-9975ca58ab16", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45073", "type": "seen", "source": "https://t.me/cvedetector/6691", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45073 - IBM WebSphere Application Server Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-45073 \nPublished : Sept. 30, 2024, 10:15 p.m. | 45\u00a0minutes ago \nDescription : IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. \nSeverity: 4.8 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-01T01:01:40.000000Z"}, {"uuid": "99aa2aa1-f642-49ff-8cf6-857b203bd947", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45076", "type": "seen", "source": "https://t.me/HackerArsenal/263", "content": "\u203c\ufe0f CVE-2024-45076 \u203c\ufe0f\n\nIBM webMethods Integration 10.15 could allow an authenticated user to upload and execute arbitrary files which could be executed on the underlying operating system.\n\n\ud83d\udcd6 Read more.\n\n\ud83d\udd17 Via \"National Vulnerability Database\"\n\n----------\n\ud83d\udc41\ufe0f Seen on @cibsecurity_CVEs", "creation_timestamp": "2024-09-04T18:33:36.000000Z"}, {"uuid": "bdbccb87-3ed4-4c60-8329-6075cf7f79cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45070", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/382", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-45070\n\ud83d\udd39 Description: in OpenHarmony v4.1.2 and prior versions allow a local attacker cause information leak through out-of-bounds Read.\n\ud83d\udccf Published: 2025-01-07T07:56:57.140Z\n\ud83d\udccf Modified: 2025-01-07T07:56:57.140Z\n\ud83d\udd17 References:\n1. https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-01.md", "creation_timestamp": "2025-01-07T08:39:31.000000Z"}, {"uuid": "c4a7a2ce-2a61-4bf7-b5fd-169adcec1553", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45076", "type": "published-proof-of-concept", "source": "https://t.me/HackingInsights/12501", "content": "\u200aCVE-2024-45076 (CVSS 9.9): Critical Flaw in IBM webMethods Integration Demand Immediate Action\n\nhttps://securityonline.info/cve-2024-45076-cvss-9-9-critical-flaw-in-ibm-webmethods-integration-demand-immediate-action/", "creation_timestamp": "2024-09-08T17:48:04.000000Z"}, {"uuid": "9c2f7ea3-e6dd-46e0-8a01-9610b2d502d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45070", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113786024562592647", "content": "", "creation_timestamp": "2025-01-07T08:02:27.645361Z"}]}