{"vulnerability": "CVE-2023-2141", "sightings": [{"uuid": "dd72de4e-e715-428d-9ff0-ec8609075869", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2141", "type": "seen", "source": "https://t.me/true_secator/4473", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Synacktiv \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u0438\u043b\u0438 \u043e\u0442\u0447\u0435\u0442 \u043e\u0431 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u0445 \u0432 Delmia Apriso, \u0440\u0435\u0448\u0435\u043d\u0438\u0438 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u043c\u0438 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430\u043c\u0438 \u043e\u0442 \u0444\u0440\u0430\u043d\u0446\u0443\u0437\u0441\u043a\u043e\u0439 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 Dassault.\n\n\u0412\u0441\u0435 \u0442\u0440\u0438 \u043e\u0448\u0438\u0431\u043a\u0438 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0442 DELMIA Apriso \u0441 \u0432\u0435\u0440\u0441\u0438\u044f\u043c\u0438 \u0441 2017 \u043f\u043e 2022.\n\n\u041f\u0435\u0440\u0432\u0430\u044f \u0438\u0437 \u043f\u0440\u043e\u0431\u043b\u0435\u043c CVE-2023-2139 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 XSS-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0440\u0435\u0434\u043d\u0435\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 \u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u044f.\n\n\u0414\u0432\u0435 \u0434\u0440\u0443\u0433\u0438\u0435 \u0438\u043c\u0435\u044e\u0442 \u0432\u044b\u0441\u043e\u043a\u0443\u044e \u0441\u0442\u0435\u043f\u0435\u043d\u044c \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438.\n\n\u041e\u0434\u043d\u0430 \u0438\u0437 \u043d\u0438\u0445 CVE-2023-2140, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0434\u0434\u0435\u043b\u043a\u0438 \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 \u043d\u0430 \u0441\u0442\u043e\u0440\u043e\u043d\u0435 \u0441\u0435\u0440\u0432\u0435\u0440\u0430  \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443, \u043d\u0435 \u043f\u0440\u043e\u0448\u0435\u0434\u0448\u0435\u043c\u0443 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438, \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u0442\u044c \u0437\u0430\u043f\u0440\u043e\u0441\u044b \u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u0445\u043e\u0441\u0442\u044b \u043e\u0442 \u0438\u043c\u0435\u043d\u0438 \u0441\u0435\u0440\u0432\u0435\u0440\u0430, \u043d\u0430 \u043a\u043e\u0442\u043e\u0440\u043e\u043c \u0437\u0430\u043f\u0443\u0449\u0435\u043d\u043e \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0435 DELMIA Apriso.\n\nCVE-2023-2141 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0439 \u0434\u0435\u0441\u0435\u0440\u0438\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0435\u0439 \u043e\u0431\u044a\u0435\u043a\u0442\u0430 .NET \u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a RCE \u043f\u043e\u0441\u043b\u0435 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.\n\n\u0412\u0441\u0435 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b\u00a0\u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u044b. \u041a\u043b\u0438\u0435\u043d\u0442\u0430\u043c, \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0438 \u0432 \u0420\u043e\u0441\u0441\u0438\u0438 \u043d\u0435 \u043c\u0430\u043b\u043e \u043d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0441\u0430\u043d\u043a\u0446\u0438\u0438, \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u0440\u0430\u0437\u0432\u0435\u0440\u043d\u0443\u0442\u044c \u0432\u0441\u0435 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u044b\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f.", "creation_timestamp": "2023-06-07T14:02:04.000000Z"}, {"uuid": "cbceb73d-2cdc-4db9-89be-c88fe0efce6c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-21413", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18490", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-21413\n\ud83d\udd25 CVSS Score: 9.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)\n\ud83d\udd39 Description: GoSecure on behalf of Genetec Inc. has found a flaw that allows for a remote code execution during the installation of ACAP applications on the Axis device. The application handling service in AXIS OS was vulnerable to command injection allowing an attacker to run arbitrary code. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.\n\ud83d\udccf Published: 2023-10-16T06:08:33.349Z\n\ud83d\udccf Modified: 2025-06-16T16:51:55.426Z\n\ud83d\udd17 References:\n1. https://www.axis.com/dam/public/ad/ff/83/cve-2023-21413pdf-en-US-412755.pdf", "creation_timestamp": "2025-06-16T17:38:08.000000Z"}, {"uuid": "5a53b152-04d5-46f2-b845-f17b6b41fcae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-21411", "type": "seen", "source": "https://t.me/cibsecurity/67647", "content": "\u203c CVE-2023-21411 \u203c\n\nUser provided input is not sanitized in the \u00e2\u20ac\u0153Settings &gt; Access Control\u00e2\u20ac\ufffd configuration interface allowing forarbitrary code execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-03T12:40:16.000000Z"}, {"uuid": "c4943f0b-6dd8-4789-89c3-dd75f4aeb321", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2141", "type": "seen", "source": "https://t.me/cibsecurity/62625", "content": "\u203c CVE-2023-2141 \u203c\n\nAn unsafe .NET object deserialization in DELMIA Apriso Release 2017 through Release 2022 could lead to post-authentication remote code execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-21T20:31:46.000000Z"}, {"uuid": "7fe4d20d-ab43-47da-acf4-2ed8368abfa1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-21413", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/9989", "content": "#Threat_Research\nThe Risks Of the \"MonikerLink\" Bug in Microsoft Outlook and the Big Picture (CVE-2023-21413)\nhttps://research.checkpoint.com/2024/the-risks-of-the-monikerlink-bug-in-microsoft-outlook-and-the-big-picture\n]-&gt; PoC: https://github.com/duy-31/CVE-2024-21413", "creation_timestamp": "2024-02-20T08:44:42.000000Z"}]}