{"vulnerability": "cve-2023-2628", "sightings": [{"uuid": "28c7d618-63ee-4b84-b413-316c38bba1b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26280", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113544420719052499", "content": "", "creation_timestamp": "2024-11-25T15:59:25.602892Z"}, {"uuid": "358346e3-ae5a-4de9-a0be-16c1e66c19be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26284", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5609", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-26284\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: IBM MQ Certified Container 9.3.0.1 through 9.3.0.3 and 9.3.1.0 through 9.3.1.1 could allow authenticated users with the cluster to be granted administration access to the MQ console due to improper access controls.  IBM X-Force ID:  248417.\n\ud83d\udccf Published: 2023-03-15T17:26:21.136Z\n\ud83d\udccf Modified: 2025-02-26T21:16:33.240Z\n\ud83d\udd17 References:\n1. https://www.ibm.com/support/pages/node/6960201\n2. https://exchange.xforce.ibmcloud.com/vulnerabilities/248417", "creation_timestamp": "2025-02-26T21:25:22.000000Z"}, {"uuid": "1ac9af35-c86b-4df8-bc9f-ae1af560b219", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26282", "type": "seen", "source": "https://t.me/ctinow/200703", "content": "https://ift.tt/lDuHkTO\nCVE-2023-26282", "creation_timestamp": "2024-03-05T21:26:32.000000Z"}, {"uuid": "21d4950d-1908-4339-87ee-f65ce09e1a31", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26285", "type": "seen", "source": "https://t.me/cibsecurity/63385", "content": "\u203c CVE-2023-26285 \u203c\n\nIBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow a remote attacker to cause a denial of service due to an error processing invalid data. IBM X-Force ID: 248418.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-05T20:24:35.000000Z"}, {"uuid": "771c6e12-160f-427d-be03-d05eee4ba5cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26284", "type": "seen", "source": "https://t.me/cibsecurity/60079", "content": "\u203c CVE-2023-26284 \u203c\n\nIBM MQ Certified Container 9.3.0.1 through 9.3.0.3 and 9.3.1.0 through 9.3.1.1 could allow authenticated users with the cluster to be granted administration access to the MQ console due to improper access controls. IBM X-Force ID: 248417.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-15T21:30:04.000000Z"}, {"uuid": "3b035011-a1fe-405f-8da2-e513597858cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26283", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5350", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-26283\n\ud83d\udd25 CVSS Score: 5.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: IBM WebSphere Application Server 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  248416.\n\ud83d\udccf Published: 2023-03-22T21:35:07.785Z\n\ud83d\udccf Modified: 2025-02-25T19:10:14.350Z\n\ud83d\udd17 References:\n1. https://www.ibm.com/support/pages/node/6964836\n2. https://exchange.xforce.ibmcloud.com/vulnerabilities/248416", "creation_timestamp": "2025-02-25T19:23:39.000000Z"}, {"uuid": "ff9c9540-b360-4b60-987f-f11f5bb1cc0d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26288", "type": "seen", "source": "https://t.me/cvedetector/2055", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2023-26288 - IBM Aspera Orchestrator Session Impersonation vulnerable\", \n  \"Content\": \"CVE ID : CVE-2023-26288 \nPublished : July 30, 2024, 5:15 p.m. | 33\u00a0minutes ago \nDescription : IBM Aspera Orchestrator 4.0.1 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system.  IBM X-Force ID:  248477. \nSeverity: 5.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"30 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-30T19:55:47.000000Z"}, {"uuid": "f77450ed-aa6b-4b2e-8d2e-1aa77343eed0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26289", "type": "seen", "source": "https://t.me/cvedetector/2054", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2023-26289 - IBM Aspera Orchestrator Cross-Site Scripting (XSS) via HOST Header Injection\", \n  \"Content\": \"CVE ID : CVE-2023-26289 \nPublished : July 30, 2024, 5:15 p.m. | 33\u00a0minutes ago \nDescription : IBM Aspera Orchestrator 4.0.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers.  This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.  IBM X-Force ID:  248478. \nSeverity: 5.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"30 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-30T19:55:46.000000Z"}, {"uuid": "6d0e5ba4-09d7-4fc4-82f8-e8e9512fb0fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26282", "type": "seen", "source": "https://t.me/ctinow/200712", "content": "https://ift.tt/lDuHkTO\nCVE-2023-26282", "creation_timestamp": "2024-03-05T21:26:44.000000Z"}, {"uuid": "5c24878a-0375-49a3-a0b5-e56b46a8634b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26286", "type": "seen", "source": "https://t.me/cibsecurity/62891", "content": "\u203c CVE-2023-26286 \u203c\n\nIBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX runtime services library to execute arbitrary commands. IBM X-Force ID: 248421.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-26T16:25:47.000000Z"}]}