{"vulnerability": "CVE-2023-2727", "sightings": [{"uuid": "725ae158-4740-4416-af72-475e744375ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27272", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmsmvunge52r", "content": "", "creation_timestamp": "2025-04-14T22:38:59.995016Z"}, {"uuid": "d4ea4d1a-5e92-45ff-a331-bffa869b1547", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2727", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4330", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-2727\n\ud83d\udd25 CVSS Score: 6.4 (CVSS_V3)\n\ud83d\udd39 Description: Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers.\n\ud83d\udccf Published: 2023-07-03T21:30:57Z\n\ud83d\udccf Modified: 2025-02-13T19:00:59Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2023-2727\n2. https://github.com/kubernetes/kubernetes/issues/118640\n3. https://github.com/kubernetes/kubernetes/pull/118356\n4. https://github.com/kubernetes/kubernetes/pull/118471\n5. https://github.com/kubernetes/kubernetes/pull/118473\n6. https://github.com/kubernetes/kubernetes/pull/118474\n7. https://github.com/kubernetes/kubernetes/pull/118512\n8. https://github.com/kubernetes/kubernetes\n9. https://groups.google.com/g/kubernetes-security-announce/c/vPWYJ_L84m8\n10. https://security.netapp.com/advisory/ntap-20230803-0004\n11. http://www.openwall.com/lists/oss-security/2023/07/06/2", "creation_timestamp": "2025-02-13T19:21:04.000000Z"}, {"uuid": "f7d265a6-c022-46c5-90b9-24f302cff2a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27271", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5740", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-27271\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: In\u00a0SAP BusinessObjects Business Intelligence Platform (Web Services) - versions 420, 430, an attacker can control a malicious BOE server, forcing the application server to connect to its own admintools, leading to a high impact on availability.\n\n\n\ud83d\udccf Published: 2023-03-14T05:01:07.144Z\n\ud83d\udccf Modified: 2025-02-27T18:05:13.758Z\n\ud83d\udd17 References:\n1. https://launchpad.support.sap.com/#/notes/3287120\n2. https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", "creation_timestamp": "2025-02-27T18:26:58.000000Z"}, {"uuid": "b51b1f14-9497-41a8-bdac-e63c9f02c9d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27270", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5697", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-27270\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, has multiple vulnerabilities in a class for test purposes in which an attacker authenticated as a non-administrative user can craft a request with certain parameters, which will consume the server's resources sufficiently to make it unavailable. There is no ability to view or modify any information.\n\n\n\ud83d\udccf Published: 2023-03-14T04:58:44.671Z\n\ud83d\udccf Modified: 2025-02-27T15:02:08.114Z\n\ud83d\udd17 References:\n1. https://launchpad.support.sap.com/#/notes/3296328\n2. https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", "creation_timestamp": "2025-02-27T15:29:45.000000Z"}, {"uuid": "61d1434f-74e0-427a-81ae-b01930394691", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27272", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11701", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-27272\n\ud83d\udd25 CVSS Score: 3.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: IBM Aspera Console 3.4.0 through 3.4.4\u00a0allows passwords to be reused when a new user logs into the system.\n\ud83d\udccf Published: 2025-04-14T20:38:20.988Z\n\ud83d\udccf Modified: 2025-04-14T20:38:20.988Z\n\ud83d\udd17 References:\n1. https://www.ibm.com/support/pages/node/7169766", "creation_timestamp": "2025-04-14T20:54:37.000000Z"}, {"uuid": "9193b4f2-11b0-4065-9aa5-c0d120336a32", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27272", "type": "seen", "source": "https://t.me/cvedetector/22893", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2023-27272 - IBM Aspera Console Password Reuse Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2023-27272 \nPublished : April 14, 2025, 9:15 p.m. | 1\u00a0hour, 31\u00a0minutes ago \nDescription : IBM Aspera Console 3.4.0 through 3.4.4\u00a0allows passwords to be reused when a new user logs into the system. \nSeverity: 3.1 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-15T01:32:48.000000Z"}, {"uuid": "b8f326db-10df-4801-ab78-3ec9e7980ee4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2727", "type": "seen", "source": "https://t.me/cibsecurity/65888", "content": "\u203c CVE-2023-2727 \u203c\n\nUsers may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-04T00:22:58.000000Z"}, {"uuid": "1d50ca79-aedf-4531-a09c-02fce720ad00", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27270", "type": "seen", "source": "https://t.me/cibsecurity/59956", "content": "\u203c CVE-2023-27270 \u203c\n\nSAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, has multiple vulnerabilities in a class for test purposes in which an attacker authenticated as a non-administrative user can craft a request with certain parameters, which will consume the server's resources sufficiently to make it unavailable. There is no ability to view or modify any information.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-14T12:54:15.000000Z"}]}