{"vulnerability": "cve-2023-4498", "sightings": [{"uuid": "4327e640-c5fa-4e63-9258-e325f6d590aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-44988", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113758678589631396", "content": "", "creation_timestamp": "2025-01-02T12:08:01.232706Z"}, {"uuid": "2b69b2a8-d0b5-4fc3-a262-cafbd014e8f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-44988", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3ler2j6yt6a25", "content": "", "creation_timestamp": "2025-01-02T12:15:31.823774Z"}, {"uuid": "f57757f3-49b7-4507-8853-678723a06ab5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-44987", "type": "seen", "source": "https://t.me/cibsecurity/72312", "content": "\u203c CVE-2023-44987 \u203c\n\nAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Timely - Appointment software Timely Booking Button plugin <=\u00c2\u00a02.0.2 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-16T16:31:44.000000Z"}, {"uuid": "a8780113-3a25-4f81-bb2c-b9804628a809", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-44982", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2023/CVE-2023-44982.yaml", "content": "", "creation_timestamp": "2026-02-07T09:14:27.000000Z"}, {"uuid": "487fbc59-c439-4f98-9fe0-996c4d0febc3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-44982", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3meetgdhvdl2i", "content": "", "creation_timestamp": "2026-02-08T21:02:54.994365Z"}, {"uuid": "adeea0d0-d37b-4d9a-9086-c7c03fbbff15", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-44988", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/210", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-44988\n\ud83d\udd39 Description: Missing Authorization vulnerability in Martin Gibson WP Custom Admin Interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Admin Interface: from n/a through 7.32.\n\ud83d\udccf Published: 2025-01-02T11:59:46.731Z\n\ud83d\udccf Modified: 2025-01-06T20:31:13.579Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/wp-custom-admin-interface/vulnerability/wordpress-wp-custom-admin-interface-plugin-7-32-broken-access-control-vulnerability?_s_id=cve", "creation_timestamp": "2025-01-06T20:48:06.000000Z"}, {"uuid": "940ab03b-2a22-4781-b2dc-30d29fe5d8fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-44981", "type": "seen", "source": "https://t.me/ctinow/180568", "content": "https://ift.tt/e3fuc9w\nCVE-2023-44981 | Oracle Communications Service Catalog and Design 7.4.2.8.0 PSR Designer authorization", "creation_timestamp": "2024-02-07T08:41:43.000000Z"}, {"uuid": "a1466394-56aa-4f2d-a143-bc3ddef8a566", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-4498", "type": "seen", "source": "https://t.me/cibsecurity/70017", "content": "\u203c CVE-2023-4498 \u203c\n\nTenda N300 Wireless N VDSL2 Modem Router allows unauthenticated access to pages that in turn should be accessible to authenticated users only\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-06T20:17:47.000000Z"}, {"uuid": "ecfdff91-7836-48be-9d68-e89d11cf7ece", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-44981", "type": "seen", "source": "https://t.me/ctinow/181158", "content": "https://ift.tt/L4sXpOw\nCVE-2023-44981 | Oracle Primavera Unifier up to 19.12.16/20.12.16/21.12.17/22.12.11 Document Manager information disclosure", "creation_timestamp": "2024-02-08T05:06:23.000000Z"}, {"uuid": "51089e82-d191-4468-beaf-76d04231b0ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-44981", "type": "seen", "source": "https://t.me/ctinow/180732", "content": "https://ift.tt/7EiR80e\nCVE-2023-44981 | Oracle Communications Cloud Native Core Network Data Analytics Function Automated Test Suite authorization", "creation_timestamp": "2024-02-07T15:16:57.000000Z"}, {"uuid": "07e5ec24-e449-40f9-b986-228c582abdb0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-44983", "type": "seen", "source": "https://t.me/ctinow/167631", "content": "https://ift.tt/wXnbtFy\nCVE-2023-44983 | Aruba HiSpeed Cache Plugin up to 2.0.6 on WordPress information disclosure", "creation_timestamp": "2024-01-13T00:26:45.000000Z"}, {"uuid": "1d765132-3bbb-4f94-85c2-a8e917be3224", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-44982", "type": "seen", "source": "https://t.me/ctinow/167243", "content": "https://ift.tt/zoFOdJ9\nCVE-2023-44982 | Jordy Meow Perfect Images Plugin up to 6.4.5 on WordPress information disclosure", "creation_timestamp": "2024-01-12T13:46:37.000000Z"}, {"uuid": "bd9156fa-d8e6-4017-904b-292e3197f27e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-44981", "type": "seen", "source": "https://t.me/cibsecurity/72093", "content": "\u203c CVE-2023-44981 \u203c\n\nAuthorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper (quorum.auth.enableSasl=true), the authorization is done by verifying that the instance part in SASL authentication ID is listed in zoo.cfg server list. The instance part in SASL auth ID is optional and if it's missing, like 'eve@EXAMPLE.COM', the authorization check will be skipped.\u00c2\u00a0As a result an arbitrary endpoint could join the cluster and begin propagating counterfeit changes to the leader, essentially giving it complete read-write access to the data tree.\u00c2\u00a0Quorum Peer authentication is not enabled by default.Users are recommended to upgrade to version 3.9.1, 3.8.3, 3.7.2, which fixes the issue.Alternately ensure the ensemble election/quorum communication is protected by a firewall as this will mitigate the issue.See the documentation for more details on correct cluster administration.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-11T16:22:47.000000Z"}]}