{"vulnerability": "cve-2023-2152", "sightings": [{"uuid": "21d68767-49fe-4ab5-992a-c246d17691d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-21529", "type": "seen", "source": "https://www.thezdi.com/blog/2024/9/11/exploiting-exchange-powershell-after-proxynotshell-part-2-approvedapplicationcollection", "content": "", "creation_timestamp": "2024-09-12T15:00:00.000000Z"}, {"uuid": "b2acdfd5-31a2-401e-8dd8-6a6de7def5b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-21529", "type": "seen", "source": "https://www.thezdi.com/blog/2024/9/4/exploiting-exchange-powershell-after-proxynotshell-part-1-multivaluedproperty", "content": "", "creation_timestamp": "2024-09-05T15:39:37.000000Z"}, {"uuid": "09bfa227-ae30-4969-babc-640c3041cea3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2023-21526", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=1062", "content": "", "creation_timestamp": "2023-07-12T04:00:00.000000Z"}, {"uuid": "bfaf4edb-3b53-4981-83fd-e52763d113ff", "vulnerability_lookup_origin": "405284c2-e461-4670-8979-7fd2c9755a60", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2023-21529", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/ba529bfb-ebc6-44c5-b1d5-f100a54f716e", "content": "", "creation_timestamp": "2026-04-13T18:00:03.003950Z"}, {"uuid": "460a2547-15d6-4813-a446-326d096da121", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-21529", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3miwohygpw52y", "content": "", "creation_timestamp": "2026-04-07T21:03:05.404427Z"}, {"uuid": "17cd733d-5f59-4bb9-9a5c-bbecbf11030b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-21529", "type": "seen", "source": "MISP/f3b16ca9-f749-4169-9a68-b159e6aaf5ed", "content": "", "creation_timestamp": "2026-04-08T07:25:53.000000Z"}, {"uuid": "17b9846a-53c5-4cb9-95d2-2df11b85c4e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2023-21529", "type": "exploited", "source": "https://www.microsoft.com/en-us/security/blog/2026/04/06/storm-1175-focuses-gaze-on-vulnerable-web-facing-assets-in-high-tempo-medusa-ransomware-operations/", "content": "", "creation_timestamp": "2026-04-06T04:00:00.000000Z"}, {"uuid": "6e2df7b4-c493-4f47-8b4c-ea0be78a9db8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-21529", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/6244767", "content": "", "creation_timestamp": "2026-04-13T18:07:29.137156Z"}, {"uuid": "250731e9-fd36-44e0-af17-89e8e1dda6d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-21529", "type": "seen", "source": "https://gist.github.com/stone776/3d08ecfe13c93ecafaa4d45bb1ff7634", "content": "", "creation_timestamp": "2026-04-14T14:13:46.000000Z"}, {"uuid": "4ab933a2-d7b3-4a8c-a620-8358a662ffa9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-21529", "type": "seen", "source": "https://infosec.exchange/users/AAKL/statuses/116399043810586963", "content": "", "creation_timestamp": "2026-04-13T19:27:37.468249Z"}, {"uuid": "80a3c934-6d89-448c-9c10-dc9dba3eced2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-21529", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3mjibqckjjn26", "content": "", "creation_timestamp": "2026-04-14T21:03:03.205357Z"}, {"uuid": "a39265fe-1b45-4191-a923-d6c6fc3e0175", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-21529", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3mjgngqylg22i", "content": "", "creation_timestamp": "2026-04-14T05:27:05.679328Z"}, {"uuid": "455404d5-6362-4e19-85d7-9d209591464a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-21529", "type": "seen", "source": "https://bsky.app/profile/malwhere.bsky.social/post/3mjh2cc5xwk2s", "content": "", "creation_timestamp": "2026-04-14T09:17:28.126707Z"}, {"uuid": "46adaa51-f195-4bca-ae55-a5490ca883c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-21529", "type": "seen", "source": "https://bsky.app/profile/malwhere.bsky.social/post/3mjh2cor2ek2s", "content": "", "creation_timestamp": "2026-04-14T09:17:28.654840Z"}, {"uuid": "b2b2ab3d-03b1-4afc-aee4-c614475439c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-21524", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11542", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-21524\n\ud83d\udd25 CVSS Score: 7.8 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)\n\ud83d\udd39 Description: Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability\n\ud83d\udccf Published: 2023-01-10T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-12T03:55:14.464Z\n\ud83d\udd17 References:\n1. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21524", "creation_timestamp": "2025-04-12T04:51:20.000000Z"}, {"uuid": "e3607c23-ee93-4b33-9a46-f0a72ded5a64", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-21529", "type": "seen", "source": "MISP/f3b16ca9-f749-4169-9a68-b159e6aaf5ed", "content": "", "creation_timestamp": "2026-04-18T13:07:25.000000Z"}, {"uuid": "0b5fb391-9cdc-4412-b1cd-02edd3597c81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-21522", "type": "seen", "source": "https://t.me/cibsecurity/70337", "content": "\u203c CVE-2023-21522 \u203c\n\nA Reflected Cross-site Scripting (XSS) vulnerability in the Management Console (Reports) of Blackberry AtHoc version 7.15 could allow an attacker to potentially control a script that is executed in the victim's browser then they can execute script commands in the context of the affected user account.\u00c2\u00a0\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-12T22:23:04.000000Z"}, {"uuid": "9cdfaf74-30e5-462c-9f22-1a3da70d5340", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-21529", "type": "seen", "source": "https://t.me/realvulnerabilities/6", "content": "February Microsoft Patch. I decided to change the format a bit. I will share the general impression right away, but the full blog post/video will be released with a delay.\n\n1. RCE - Windows Graphics Component (CVE-2023-21823) seems the most critical. Interestingly, ZDI marked this vulnerability as EoP and did not add it to their review. Apparently MS changed the type of vulnerability before the release. Let's hope that the EDRs will promptly start blocking the exploitation.\n2. EoP - Windows Common Log File System Driver (CVE-2023-23376) with a sign of active exploitation.\n3. Multiple RCEs for Exchange (CVE-2023-21529, CVE-2023-21706, CVE-2023-21707, CVE-2023-21710). But so far no signs of exploitation.\n4. A funny Inf. Disclosure in augmented reality devices HoloLens 1 (CVE-2019-15126), it's an old Broadcom vulnerability with a bunch of exploits. \n\nRaw Vulristics report. There are problems with software detections, I will fix them later.", "creation_timestamp": "2023-02-22T03:33:02.000000Z"}, {"uuid": "984d7652-6924-445b-bcc9-f21ecdbb9187", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-21521", "type": "seen", "source": "https://t.me/cibsecurity/70338", "content": "\u203c CVE-2023-21521 \u203c\n\nAn SQL Injection vulnerability in the Management Console?\u00c2\u00a0(Operator Audit Trail) of BlackBerry AtHoc version 7.15 could allow an attacker to potentially read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database, recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-12T22:23:05.000000Z"}, {"uuid": "d796a021-a701-46b6-ac57-02766fdbe11a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-21529", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/6762", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aRCE\n\u63cf\u8ff0\uff1a A Remote Code Execution (RCE) vulnerability impacting Microsoft Exchange Server CVE-2023-21529 POC\nURL\uff1ahttps://github.com/tr1pl3ight/CVE-2023-21529-POC\n\n\u6807\u7b7e\uff1a#RCE", "creation_timestamp": "2024-03-08T16:03:05.000000Z"}, {"uuid": "bea42869-dc01-4055-9e77-75058bfa6deb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-21529", "type": "seen", "source": "https://t.me/ctinow/203557", "content": "https://ift.tt/nEX6LNq\nCVE-2023-21529 Exploit", "creation_timestamp": "2024-03-08T20:16:21.000000Z"}, {"uuid": "210447c5-ff21-4b95-b356-e520a9d989f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-21528", "type": "seen", "source": "https://t.me/cibsecurity/58153", "content": "\u203c CVE-2023-21528 \u203c\n\nMicrosoft SQL Server Remote Code Execution Vulnerability\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-14T22:36:02.000000Z"}, {"uuid": "2e1b8344-c944-411b-b249-2d63aaebdaa8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-21523", "type": "seen", "source": "https://t.me/cibsecurity/70342", "content": "\u203c CVE-2023-21523 \u203c\n\nA Stored Cross-site Scripting (XSS) vulnerability in the Management Console (User Management and Alerts) of BlackBerry AtHoc version 7.15 could allow an attacker to execute script commands in the context of the affected user account.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-13T00:23:08.000000Z"}, {"uuid": "07d51e69-fdfe-4a96-b01a-8602642f31fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2152", "type": "seen", "source": "https://t.me/cibsecurity/62354", "content": "\u203c CVE-2023-2152 \u203c\n\nA vulnerability has been found in SourceCodester Student Study Center Desk Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulation of the argument page leads to file inclusion. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226273 was assigned to this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-18T18:29:11.000000Z"}, {"uuid": "65bc30e8-1b4b-4991-b45d-72da60b44d7b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-21527", "type": "seen", "source": "https://t.me/cibsecurity/56263", "content": "\u203c CVE-2023-21527 \u203c\n\nWindows iSCSI Service Denial of Service Vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-11T00:28:57.000000Z"}]}