{"vulnerability": "CVE-2020-2902", "sightings": [{"uuid": "bc2f87ad-7cd5-4cc6-b824-8f4838578636", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-2902", "type": "seen", "source": "https://t.me/arpsyndicate/721", "content": "#ExploitObserverAlert\n\nCVE-2020-2902\n\nDESCRIPTION: Exploit Observer has 4 entries related to CVE-2020-2902. Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).\n\nFIRST-EPSS: 0.000430000\nNVD-IS: 6.0\nNVD-ES: 2.0", "creation_timestamp": "2023-11-29T11:01:08.000000Z"}, {"uuid": "0969cdd6-5ce3-4bc0-b030-48e2c3ebd49f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-29028", "type": "seen", "source": "https://t.me/arpsyndicate/1825", "content": "#ExploitObserverAlert\n\nCVE-2020-29028\n\nDESCRIPTION: Exploit Observer has 1 entries related to CVE-2020-29028. Cross-site Scripting (XSS) vulnerability in web GUI of Secomea GateManager allows an attacker to inject arbitrary javascript code. This issue affects: Secomea GateManager all versions prior to 9.4.\n\nFIRST-EPSS: 0.000780000\nNVD-IS: 2.7\nNVD-ES: 2.8", "creation_timestamp": "2023-12-16T13:48:25.000000Z"}, {"uuid": "df172ff4-99cd-4581-b00e-0a81d20fa710", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-29026", "type": "seen", "source": "https://t.me/cibsecurity/23601", "content": "\u203c CVE-2020-29026 \u203c\n\nA directory traversal vulnerability exists in the file upload function of the GateManager that allows an authenticated attacker with administrative permissions to read and write arbitrary files in the Linux file system. This issue affects: GateManager all versions prior to 9.2c.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-15T18:46:46.000000Z"}, {"uuid": "f934877f-d988-43b7-8b25-06ffe0cda023", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-29025", "type": "seen", "source": "https://t.me/cibsecurity/23647", "content": "\u203c CVE-2020-29025 \u203c\n\nA vulnerability in SiteManager-Embedded (SM-E) Web server which may allow attacker to construct a URL that if visited by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application. This issue affects all versions and variants of SM-E prior to version 9.3\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-16T18:48:06.000000Z"}, {"uuid": "27514f05-52bc-49f9-a02f-5d9a3314b376", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-29024", "type": "seen", "source": "https://t.me/cibsecurity/23646", "content": "\u203c CVE-2020-29024 \u203c\n\nSensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in (GTA) GoToAppliance of Secomea GateManager could allow an attacker to gain access to sensitive cookies. This issue affects: Secomea GateManager all versions prior to 9.3.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-16T18:48:05.000000Z"}, {"uuid": "dcea011a-7e39-40b3-b157-79b483398783", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-29027", "type": "seen", "source": "https://t.me/cibsecurity/23643", "content": "\u203c CVE-2020-29027 \u203c\n\nCross-site Scripting (XSS) vulnerability in GUI of Secomea SiteManager could allow an attacker to cause an XSS Attack. This issue affects: Secomea SiteManager all versions prior to 9.3.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-16T18:47:59.000000Z"}, {"uuid": "00d3c29f-8e31-4734-af61-839c0bdf8d18", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-29022", "type": "seen", "source": "https://t.me/cibsecurity/23654", "content": "\u203c CVE-2020-29022 \u203c\n\nFailure to Sanitize host header value on output in the GateManager Web server could allow an attacker to conduct web cache poisoning attacks. This issue affects Secomea GateManager all versions prior to 9.3\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-16T18:48:15.000000Z"}, {"uuid": "c8c7a73e-3b1e-400f-858f-df0e93e5fd24", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-29023", "type": "seen", "source": "https://t.me/cibsecurity/23641", "content": "\u203c CVE-2020-29023 \u203c\n\nImproper Encoding or Escaping of Output from CSV Report Generator of Secomea GateManager allows an authenticated administrator to generate a CSV file that may run arbitrary commands on a victim's computer when opened in a spreadsheet program (like Excel). This issue affects: Secomea GateManager all versions prior to 9.3.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-16T18:47:58.000000Z"}, {"uuid": "03647f4c-1d77-4625-931b-b194a7d8abf0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-29021", "type": "seen", "source": "https://t.me/cibsecurity/23284", "content": "\u203c CVE-2020-29021 \u203c\n\nA vulnerability in web UI input field of GateManager allows authenticated attacker to enter script tags that could cause XSS. This issue affects: GateManager all versions prior to 9.3.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-09T02:39:45.000000Z"}]}