{"vulnerability": "CVE-2020-1424", "sightings": [{"uuid": "94848c9a-0fac-437b-a92c-1bb552ae459c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-14247", "type": "seen", "source": "https://t.me/cibsecurity/23058", "content": "\u203c CVE-2020-14247 \u203c\n\nHCL OneTest Performance V9.5, V10.0, V10.1 contains an inadequate session timeout, which could allow an attacker time to guess and use a valid session ID.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-04T12:34:14.000000Z"}, {"uuid": "f6211eee-f149-49e2-bb6e-d6ea636a6745", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-14246", "type": "seen", "source": "https://t.me/cibsecurity/23051", "content": "\u203c CVE-2020-14246 \u203c\n\nHCL OneTest Performance V9.5, V10.0, V10.1 uses basic authentication which is relatively weak. An attacker could potentially decode the encoded credentials.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-04T12:34:08.000000Z"}, {"uuid": "f3523703-00fe-4f86-b4e9-938b26a4b98f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-14245", "type": "seen", "source": "https://t.me/cibsecurity/23050", "content": "\u203c CVE-2020-14245 \u203c\n\nHCL OneTest UI V9.5, V10.0, and V10.1 does not perform authentication for functionality that either requires a provable user identity or consumes a significant amount of resources.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-04T12:34:07.000000Z"}, {"uuid": "3c21e2ec-4a05-4ea1-a62e-e4582f6ca306", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-14244", "type": "seen", "source": "https://t.me/cibsecurity/20741", "content": "\u203c CVE-2020-14244 \u203c\n\nA vulnerability in the MIME message handling of the Domino server (versions 9 and 10) could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote attacker to crash the server or inject code into the system which would execute with the privileges of the server.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-14T18:39:04.000000Z"}, {"uuid": "aa5714db-d02d-4d92-bb7b-07f176760848", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-14240", "type": "seen", "source": "https://t.me/cibsecurity/15874", "content": "\u203c CVE-2020-14240 \u203c\n\nHCL Notes versions previous to releases 9.0.1 FP10 IF8, 10.0.1 FP6 and 11.0.1 FP1 is susceptible to a Stored Cross-site Scripting (XSS) vulnerability. An attacker could use this vulnerability to execute script in a victim's Web browser within the security context of the hosting Web site and/or steal the victim's cookie-based authentication credentials.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-11-05T20:49:22.000000Z"}, {"uuid": "57aab342-27b7-46ea-b630-13873cd26a93", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-14248", "type": "seen", "source": "https://t.me/cibsecurity/20931", "content": "\u203c CVE-2020-14248 \u203c\n\nBigFix Inventory up to v10.0.2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-16T18:41:47.000000Z"}]}