{"vulnerability": "CVE-2020-3572", "sightings": [{"uuid": "49d349d5-8d2d-48b7-bc45-7d88a0abf290", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35729", "type": "exploited", "source": "https://www.exploit-db.com/exploits/49474", "content": "", "creation_timestamp": "2021-01-25T00:00:00.000000Z"}, {"uuid": "fe1a35aa-8a28-4bd0-a105-ebec92ed820d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35728", "type": "seen", "source": "MISP/337e569a-66d0-4110-a75e-434df9e9581c", "content": "", "creation_timestamp": "2024-11-14T06:07:28.000000Z"}, {"uuid": "6c0d1681-5d1f-4006-ad76-ccae26926daf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35729", "type": "exploited", "source": "https://www.exploit-db.com/exploits/49366", "content": "", "creation_timestamp": "2021-01-05T00:00:00.000000Z"}, {"uuid": "ee93b6f4-33c4-44e3-b4ee-5364a856e2e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35729", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:44.000000Z"}, {"uuid": "7c54e929-1020-4e33-af62-5ac1688bfc83", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35729", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:28.000000Z"}, {"uuid": "57b65bf6-4e7a-41df-b35f-09b1411574b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35728", "type": "seen", "source": "https://t.me/arpsyndicate/190", "content": "#ExploitObserverAlert\n\nCVE-2020-35728\n\nDESCRIPTION: Exploit Observer has 16 entries related to CVE-2020-35728. FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).\n\nFIRST-EPSS: 0.006740000\nNVD-IS: 5.9\nNVD-ES: 2.2", "creation_timestamp": "2023-11-17T03:29:20.000000Z"}, {"uuid": "7030acb7-6de9-46ce-a76d-d3ce6d48a287", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35726", "type": "seen", "source": "https://t.me/cibsecurity/21883", "content": "\u203c CVE-2020-35726 \u203c\n\n** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the /WebCM/Applications/Reports/index.jsp file via the by parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-11T07:45:05.000000Z"}, {"uuid": "e875de7c-2af6-4c28-8944-cb55dbef8525", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35729", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/klog_server_authenticate_user_unauth_command_injection.rb", "content": "", "creation_timestamp": "2021-02-12T17:48:56.000000Z"}, {"uuid": "ff8e0f12-0a71-460f-ade3-6fa3ee40726d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35722", "type": "seen", "source": "https://t.me/cibsecurity/21893", "content": "\u203c CVE-2020-35722 \u203c\n\n** UNSUPPORTED WHEN ASSIGNED ** CSRF in Web Compliance Manager in Quest Policy Authority 8.1.2.200 allows remote attackers to force user modification/creation via a specially crafted link to the submitUser.jsp file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-11T07:45:16.000000Z"}, {"uuid": "10a4d4ef-e81c-434e-b724-190e0a9e3ccf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35724", "type": "seen", "source": "https://t.me/cibsecurity/21891", "content": "\u203c CVE-2020-35724 \u203c\n\n** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the Error.jsp file via the err parameter (or indirectly via the cpr, tcp, or abs parameter). NOTE: This vulnerability only affects products that are no longer supported by the maintainer.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-11T07:45:14.000000Z"}, {"uuid": "547b6444-7ade-4682-97ff-53fca47aa7c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35721", "type": "seen", "source": "https://t.me/cibsecurity/21890", "content": "\u203c CVE-2020-35721 \u203c\n\n** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the BrowseAssets.do file via the title parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-11T07:45:13.000000Z"}, {"uuid": "9ce0d3da-db06-4719-b331-697debaae508", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35723", "type": "seen", "source": "https://t.me/cibsecurity/21886", "content": "\u203c CVE-2020-35723 \u203c\n\n** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the ReportPreview.do file via the referer parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-11T07:45:09.000000Z"}, {"uuid": "2d96f3bb-c4ef-40ab-a61b-f8093d5beef5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35720", "type": "seen", "source": "https://t.me/cibsecurity/21885", "content": "\u203c CVE-2020-35720 \u203c\n\n** UNSUPPORTED WHEN ASSIGNED ** Stored XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to store malicious code in multiple fields (first name, last name, and logon name) when creating or modifying a user via the submitUser.jsp file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-11T07:45:07.000000Z"}, {"uuid": "4412078c-eead-41d7-a827-3e6de342a700", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35725", "type": "seen", "source": "https://t.me/cibsecurity/21884", "content": "\u203c CVE-2020-35725 \u203c\n\n** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the /WebCM/index.jsp file via the msg parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-11T07:45:06.000000Z"}, {"uuid": "25fcbb95-dfd9-4e41-857b-ca98169b025a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35727", "type": "seen", "source": "https://t.me/cibsecurity/21882", "content": "\u203c CVE-2020-35727 \u203c\n\n** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the BrowseDirs.do file via the title parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-11T07:45:03.000000Z"}, {"uuid": "451d309c-bac7-4ae1-ab46-2a32abaae128", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35729", "type": "seen", "source": "https://t.me/pwnwiki_zhchannel/541", "content": "CVE-2020-35729 Klog Server 2.4.1 \u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\nhttps://www.pwnwiki.org/index.php?title=CVE-2020-35729_Klog_Server_2.4.1_%E5%91%BD%E4%BB%A4%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E", "creation_timestamp": "2021-05-30T02:56:18.000000Z"}]}