{"vulnerability": "cve-2023-2286", "sightings": [{"uuid": "b1f9d60b-7f68-427e-9e22-52030cb26104", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22862", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/817", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-22862\n\ud83d\udd39 Description: IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 transmits authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.\n\ud83d\udccf Published: 2023-06-04T23:42:57.221Z\n\ud83d\udccf Modified: 2025-01-08T19:50:48.115Z\n\ud83d\udd17 References:\n1. https://www.ibm.com/support/pages/node/7001053", "creation_timestamp": "2025-01-08T20:14:16.000000Z"}, {"uuid": "406215ca-53e3-4a21-9bbb-2db5c80a861e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22868", "type": "seen", "source": "https://t.me/cibsecurity/58458", "content": "\u203c CVE-2023-22868 \u203c\n\nIBM Aspera Faspex 4.4.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244117.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-17T20:13:30.000000Z"}, {"uuid": "2426d673-8cc4-4a85-a948-62b01f20910c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22860", "type": "seen", "source": "https://t.me/cibsecurity/58950", "content": "\u203c CVE-2023-22860 \u203c\n\nIBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244100.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-27T18:27:52.000000Z"}, {"uuid": "a17c9f34-7d7a-42ae-b09a-f0c71bad70d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22860", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7008", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-22860\n\ud83d\udd25 CVSS Score: 5.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  244100.\n\ud83d\udccf Published: 2023-02-27T14:23:44.782Z\n\ud83d\udccf Modified: 2025-03-10T13:48:36.149Z\n\ud83d\udd17 References:\n1. https://www.ibm.com/support/pages/node/6958062\n2. https://exchange.xforce.ibmcloud.com/vulnerabilities/244100", "creation_timestamp": "2025-03-10T14:38:53.000000Z"}, {"uuid": "109198a0-3132-47c9-9e11-c3ecf027519f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22868", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7384", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-22868\n\ud83d\udd25 CVSS Score: 5.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: IBM Aspera Faspex 4.4.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  244117.\n\ud83d\udccf Published: 2023-02-17T16:01:36.702Z\n\ud83d\udccf Modified: 2025-03-12T20:08:02.937Z\n\ud83d\udd17 References:\n1. https://www.ibm.com/support/pages/node/6952319\n2. https://exchange.xforce.ibmcloud.com/vulnerabilities/244117", "creation_timestamp": "2025-03-12T20:42:50.000000Z"}, {"uuid": "1da58251-ec7d-4ed6-808c-8d08adaff7aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22863", "type": "seen", "source": "https://t.me/cibsecurity/56705", "content": "\u203c CVE-2023-22863 \u203c\n\nIBM Robotic Process Automation 20.12.0 through 21.0.2 defaults to HTTP in some RPA commands when the prefix is not explicitly specified in the URL. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 244109.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-18T22:21:40.000000Z"}]}