{"vulnerability": "cve-2023-3234", "sightings": [{"uuid": "4a75a9b1-6060-498c-bd89-d7136e478fc1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32340", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgew5gvm4j2n", "content": "", "creation_timestamp": "2025-01-23T03:15:49.039284Z"}, {"uuid": "0b639d4b-d0ba-443c-a2fe-fa09c16de72e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32340", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgexahe4yh2i", "content": "", "creation_timestamp": "2025-01-23T03:35:23.965981Z"}, {"uuid": "999c69e8-398e-471f-af9a-a76465c35d8e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32340", "type": "seen", "source": "https://t.me/cvedetector/16156", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2023-32340 - IBM Sterling B2B Integrator XSS\", \n  \"Content\": \"CVE ID : CVE-2023-32340 \nPublished : Jan. 23, 2025, 3:15 a.m. | 39\u00a0minutes ago \nDescription : IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. \nSeverity: 4.6 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"23 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-23T04:56:33.000000Z"}, {"uuid": "0aae9d1d-a3d1-4737-b0c1-2e9b0480293b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32340", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2708", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-32340\n\ud83d\udd39 Description: IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.\n\ud83d\udccf Published: 2025-01-23T02:37:33.010Z\n\ud83d\udccf Modified: 2025-01-23T02:37:33.010Z\n\ud83d\udd17 References:\n1. https://www.ibm.com/support/pages/node/7176082", "creation_timestamp": "2025-01-23T03:02:49.000000Z"}, {"uuid": "1751d212-8e67-4fcc-966f-c25b8674e035", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32349", "type": "seen", "source": "https://t.me/cibsecurity/64557", "content": "\u203c CVE-2023-32349 \u203c\n\nVersions 00.07.00 through 00.07.03.4 of Teltonika\u00e2\u20ac\u2122s RUT router firmware contain a packet dump utility that contains proper validation for filter parameters. However, variables for validation checks are stored in an external configuration file. An authenticated attacker could use an exposed UCI configuration utility to change these variables and enable malicious parameters in the dump utility, which could result in arbitrary code execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-22T20:25:59.000000Z"}, {"uuid": "f07e0bb1-8ebc-40a0-9291-5700ad48670b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32341", "type": "seen", "source": "https://t.me/ctinow/181762", "content": "https://ift.tt/5TKDZIB\nCVE-2023-32341", "creation_timestamp": "2024-02-09T02:26:17.000000Z"}, {"uuid": "db060f41-8820-43ad-9bef-711560e935c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32346", "type": "seen", "source": "https://t.me/cibsecurity/64534", "content": "\u203c CVE-2023-32346 \u203c\n\nTeltonika\u00e2\u20ac\u2122s Remote Management System versions prior to 4.10.0 contain a function that allows users to claim their devices. This function returns information based on whether the serial number of a device has already been claimed, the MAC address of a device has already been claimed, or whether the attempt to claim a device was successful. An attacker could exploit this to create a list of the serial numbers and MAC addresses of all devices cloud-connected to the Remote Management System.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-22T18:24:38.000000Z"}, {"uuid": "67d2b76f-665a-47d7-a673-f6c90345768f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32348", "type": "seen", "source": "https://t.me/cibsecurity/64549", "content": "\u203c CVE-2023-32348 \u203c\n\nTeltonika\u00e2\u20ac\u2122s Remote Management System versions prior to 4.10.0 contain a virtual private network (VPN) hub feature for cross-device communication that uses OpenVPN. It connects new devices in a manner that allows the new device to communicate with all Teltonika devices connected to the VPN. The OpenVPN server also allows users to route through it. An attacker could route a connection to a remote server through the OpenVPN server, enabling them to scan and access data from other Teltonika devices connected to the VPN.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-22T20:25:39.000000Z"}, {"uuid": "8d5203d7-90ce-4c63-ab36-f237aa226fc4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32347", "type": "seen", "source": "https://t.me/cibsecurity/64535", "content": "\u203c CVE-2023-32347 \u203c\n\nTeltonika\u00e2\u20ac\u2122s Remote Management System versions prior to 4.10.0 use device serial numbers and MAC addresses to identify devices from the user perspective for device claiming and from the device perspective for authentication. If an attacker obtained the serial number and MAC address of a device, they could authenticate as that device and steal communication credentials of the device. This could allow an attacker to enable arbitrary command execution as root by utilizing management options within the newly registered devices.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-22T18:24:39.000000Z"}]}