{"vulnerability": "CVE-2023-3140", "sightings": [{"uuid": "ac44b189-5a6f-4f68-94a9-98375e311b72", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3140", "type": "seen", "source": "https://t.me/cibsecurity/65033", "content": "\u203c CVE-2023-3140 \u203c\n\nMissing HTTP headers (X-Frame-Options, Content-Security-Policy) in KNIME Business Hub before 1.4.0 has left users vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item, such as a button or link, to another server in which they have an identical webpage. The attacker essentially hijacks the user activity intended for the original server and sends them to the other server.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-07T14:35:01.000000Z"}, {"uuid": "f319e309-8182-4124-b817-9a55e1b5c735", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3140", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/232", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-3140\n\ud83d\udd39 Description: Missing HTTP headers (X-Frame-Options, Content-Security-Policy) in KNIME\n Business Hub before 1.4.0 has left users vulnerable to click \njacking. Clickjacking is an attack that occurs when an attacker uses a \ntransparent iframe in a window to trick a user into clicking on an \nactionable item, such as a button or link, to another server in which \nthey have an identical webpage. The attacker essentially hijacks the \nuser activity intended for the original server and sends them to the \nother server.\n\ud83d\udccf Published: 2023-06-07T09:15:00.112Z\n\ud83d\udccf Modified: 2025-01-06T21:27:10.274Z\n\ud83d\udd17 References:\n1. https://www.knime.com/security/advisories#CVE-2023-3140", "creation_timestamp": "2025-01-06T21:35:36.000000Z"}, {"uuid": "e1836a73-365f-4141-b892-e7756ba95d9f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-31409", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2785", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-31409\n\ud83d\udd39 Description: \nUncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an remote attacker to influence the availability of the webserver by invocing a Slowloris style attack via HTTP requests.\n\n\n\ud83d\udccf Published: 2023-05-15T10:55:57.836Z\n\ud83d\udccf Modified: 2025-01-23T17:32:30.188Z\n\ud83d\udd17 References:\n1. https://sick.com/psirt\n2. https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf\n3. https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json", "creation_timestamp": "2025-01-23T18:03:19.000000Z"}, {"uuid": "dc16a3eb-f3cc-4d26-8b30-e5254a310df0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-31408", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2784", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-31408\n\ud83d\udd39 Description: \nCleartext Storage of Sensitive Information in SICK FTMg AIR FLOW SENSOR with\nPartnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote\nattacker to potentially steal user credentials that are stored in the user\u2019s browsers local storage via\ncross-site-scripting attacks.\n\n\n\ud83d\udccf Published: 2023-05-15T10:55:39.301Z\n\ud83d\udccf Modified: 2025-01-23T17:33:18.976Z\n\ud83d\udd17 References:\n1. https://sick.com/psirt\n2. https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf\n3. https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json", "creation_timestamp": "2025-01-23T18:03:18.000000Z"}, {"uuid": "1c6c2523-4780-4710-a9e5-7723a020266a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2023-3140", "type": "seen", "source": "https://www.knime.com/security/advisories#CVE-2026-4649", "content": "", "creation_timestamp": "2026-03-25T03:00:10.000000Z"}, {"uuid": "abfe43ad-54ea-466e-a47a-42308e5bddbf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-31408", "type": "seen", "source": "https://t.me/cibsecurity/64097", "content": "\u203c CVE-2023-31408 \u203c\n\nCleartext Storage of Sensitive Information in SICK FTMg AIR FLOW SENSOR withPartnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remoteattacker to potentially steal user credentials that are stored in the user\u00e2\u20ac\u2122s browsers local storage viacross-site-scripting attacks.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-15T14:29:43.000000Z"}, {"uuid": "7e638bc0-0e59-49b8-a4bb-2d91451490f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-31409", "type": "seen", "source": "https://t.me/cibsecurity/64089", "content": "\u203c CVE-2023-31409 \u203c\n\nUncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an remote attacker to influence the availability of the webserver by invocing a Slowloris style attack via HTTP requests.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-15T14:29:32.000000Z"}, {"uuid": "c4eec927-a6f6-4494-97c6-1d3afeab565d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-31406", "type": "seen", "source": "https://t.me/cibsecurity/63566", "content": "\u203c CVE-2023-31406 \u203c\n\nDue to insufficient input validation, SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an unauthenticated attacker to redirect users to untrusted site using a malicious link. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-09T07:43:24.000000Z"}]}