{"vulnerability": "cve-2020-1065", "sightings": [{"uuid": "c2981f44-7fc3-4f5b-93e7-f93a6b488ec0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-10650", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lsjzkcwsb62k", "content": "", "creation_timestamp": "2025-06-26T21:02:24.714914Z"}, {"uuid": "53d76964-ebb5-4204-b620-8675187ba20c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-10650", "type": "seen", "source": "https://t.me/arpsyndicate/1580", "content": "#ExploitObserverAlert\n\nCVE-2020-10650\n\nDESCRIPTION: Exploit Observer has 8 entries related to CVE-2020-10650. A deserialization flaw was discovered in jackson-databind through 2.9.10.4. It could allow an unauthenticated user to perform code execution via ignite-jta or quartz-core: org.apache.ignite.cache.jta.jndi.CacheJndiTmLookup, org.apache.ignite.cache.jta.jndi.CacheJndiTmFactory, and org.quartz.utils.JNDIConnectionProvider.\n\nFIRST-EPSS: 0.001080000\nNVD-IS: 5.9\nNVD-ES: 2.2", "creation_timestamp": "2023-12-09T23:54:59.000000Z"}, {"uuid": "94508d6c-c24b-4ae9-b589-9145e9393957", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-10650", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11647", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2020-10650\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A deserialization flaw was discovered in jackson-databind through 2.9.10.4. It could allow an unauthenticated user to perform code execution via ignite-jta or quartz-core: org.apache.ignite.cache.jta.jndi.CacheJndiTmLookup, org.apache.ignite.cache.jta.jndi.CacheJndiTmFactory, and org.quartz.utils.JNDIConnectionProvider.\n\ud83d\udccf Published: 2022-12-26T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-14T16:22:00.404Z\n\ud83d\udd17 References:\n1. https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062\n2. https://www.oracle.com/security-alerts/cpujan2021.html\n3. https://github.com/advisories/GHSA-rpr3-cw39-3pxh\n4. https://www.oracle.com/security-alerts/cpuoct2022.html\n5. https://github.com/FasterXML/jackson-databind/issues/2658\n6. https://github.com/FasterXML/jackson-databind/commit/a424c038ba0c0d65e579e22001dec925902ac0ef\n7. https://lists.debian.org/debian-lts-announce/2023/04/msg00032.html\n8. https://security.netapp.com/advisory/ntap-20230818-0007/", "creation_timestamp": "2025-04-14T16:53:43.000000Z"}, {"uuid": "1a28d188-ac99-4506-86df-15128be80146", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-10650", "type": "seen", "source": "https://t.me/cibsecurity/55368", "content": "\u203c CVE-2020-10650 \u203c\n\nA deserialization flaw was discovered in jackson-databind through 2.9.10.4. It could allow an unauthenticated user to perform code execution via ignite-jta or quartz-core: org.apache.ignite.cache.jta.jndi.CacheJndiTmLookup, org.apache.ignite.cache.jta.jndi.CacheJndiTmFactory, and org.quartz.utils.JNDIConnectionProvider.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-26T22:40:58.000000Z"}, {"uuid": "ae403045-bece-43d8-ae9f-90d0a9040ceb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-10656", "type": "seen", "source": "https://t.me/cibsecurity/21659", "content": "\u203c CVE-2020-10656 \u203c\n\nThe Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a vulnerability in the ITM application server's WriteWindowMouseWithChunksV2 API. The vulnerability allows an anonymous remote attacker to execute arbitrary code with local administrator privileges. The vulnerability is caused by improper deserialization.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-06T16:39:17.000000Z"}, {"uuid": "fbbbe2ab-58b5-4faa-9fb9-0a1c6e2c5410", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-10655", "type": "seen", "source": "https://t.me/cibsecurity/21658", "content": "\u203c CVE-2020-10655 \u203c\n\nThe Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a vulnerability in the ITM application server's WriteWindowMouse API. The vulnerability allows an anonymous remote attacker to execute arbitrary code with local administrator privileges. The vulnerability is caused by improper deserialization.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-06T16:39:16.000000Z"}, {"uuid": "a7dba18c-b1b8-45f3-86e1-271c46984753", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-10658", "type": "seen", "source": "https://t.me/cibsecurity/21657", "content": "\u203c CVE-2020-10658 \u203c\n\nThe Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a vulnerability in the ITM application server's WriteImage API. The vulnerability allows an anonymous remote attacker to execute arbitrary code with local administrator privileges. The vulnerability is caused by improper deserialization.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-06T16:39:15.000000Z"}, {"uuid": "982a4c27-69f1-49cb-8b33-1130a134e0d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-10657", "type": "seen", "source": "https://t.me/cibsecurity/21656", "content": "\u203c CVE-2020-10657 \u203c\n\nThe Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a vulnerability in the ITM web console's ImportAlertRules feature. The vulnerability allows a remote attacker (with admin or config-admin privileges in the console) to execute arbitrary code with local administrator privileges. The vulnerability is caused by improper deserialization.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-06T16:39:14.000000Z"}]}