{"vulnerability": "CVE-2023-3447", "sightings": [{"uuid": "1a519f8d-cd34-4d80-87e1-e9d06b0dc944", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34478", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lwpcbpffyy2b", "content": "", "creation_timestamp": "2025-08-18T21:02:48.556948Z"}, {"uuid": "f3624ff8-76d5-4e89-84a4-c89ddd42be98", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3447", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mizzm5wvik2v", "content": "", "creation_timestamp": "2026-04-09T05:00:14.032885Z"}, {"uuid": "e11e3db1-a821-49e8-99f7-9ba02161b787", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34473", "type": "seen", "source": "https://t.me/cibsecurity/66005", "content": "\u203c CVE-2023-34473 \u203c\n\nAMI SPx contains a vulnerability in the BMC where a valid user may cause a use of hard-coded credentials. A successful exploit of this vulnerability\u00c2\u00a0may lead to a loss of confidentiality, integrity, and availability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-05T22:22:10.000000Z"}, {"uuid": "f561abce-f62d-4031-bfd1-d9dcc22ad8ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34478", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4326", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-34478\n\ud83d\udd25 CVSS Score: 9.8 (CVSS_V3)\n\ud83d\udd39 Description: Apache Shiro, before 1.12.0 or 2.0.0-alpha-3, may be susceptible to a path traversal attack that results in an authentication bypass when used together with APIs or other web frameworks that route requests based on non-normalized requests.\n\nMitigation:\u00a0Update to Apache Shiro 1.12.0+ or 2.0.0-alpha-3+\n\ud83d\udccf Published: 2023-07-24T21:30:39Z\n\ud83d\udccf Modified: 2025-02-13T19:01:43Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2023-34478\n2. https://github.com/apache/shiro/commit/c3ede3f94efb442acb0795714a022c2c121d1da0\n3. https://github.com/apache/shiro\n4. https://lists.apache.org/thread/mbv26onkgw9o35rldh7vmq11wpv2t2qk\n5. https://security.netapp.com/advisory/ntap-20230915-0005\n6. http://www.openwall.com/lists/oss-security/2023/07/24/4", "creation_timestamp": "2025-02-13T19:20:10.000000Z"}, {"uuid": "d20c3a88-468e-4935-a3b5-74d4740ce0cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34470", "type": "seen", "source": "https://t.me/cibsecurity/70311", "content": "\u203c CVE-2023-34470 \u203c\n\nAMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper access control via the local network. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity and availability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-12T20:23:19.000000Z"}, {"uuid": "295ecce7-8524-4ad2-bd5f-0b3b194218b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34477", "type": "seen", "source": "https://t.me/cibsecurity/67898", "content": "\u203c CVE-2023-34477 \u203c\n\nImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-07T20:18:33.000000Z"}, {"uuid": "c5508ee6-a144-4183-90a6-3a4f0cff6476", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34476", "type": "seen", "source": "https://t.me/cibsecurity/67896", "content": "\u203c CVE-2023-34476 \u203c\n\nImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-07T20:18:28.000000Z"}, {"uuid": "9eccdf81-8a80-4d78-a314-70caf0a85c76", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34472", "type": "seen", "source": "https://t.me/cibsecurity/66007", "content": "\u203c CVE-2023-34472 \u203c\n\nAMI SPx contains a vulnerability in the BMC where an Attacker may cause an improper neutralization of CRLF sequences in HTTP Headers. A successful exploit of this vulnerability may lead to a loss of integrity.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-05T22:22:15.000000Z"}, {"uuid": "a8462924-e538-48f3-9681-81e0b3fec95c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34471", "type": "seen", "source": "https://t.me/cibsecurity/65997", "content": "\u203c CVE-2023-34471 \u203c\n\nAMI SPx contains a vulnerability in the BMC where a user may cause a missing cryptographic step by generating a hash-based message authentication code (HMAC). A successful exploit of this vulnerability may lead to the loss confidentiality, integrity, and authentication.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-05T22:22:02.000000Z"}, {"uuid": "791cc51d-db65-4011-9d3c-1ea61cb0efcf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3447", "type": "seen", "source": "https://t.me/cibsecurity/65708", "content": "\u203c CVE-2023-3447 \u203c\n\nThe Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP Injection in versions up to, and including, 4.1.5. This is due to insufficient escaping on the supplied username value. This makes it possible for unauthenticated attackers to extract potentially sensitive information from the LDAP directory.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-29T12:14:00.000000Z"}, {"uuid": "64fd32e4-6492-4cf8-8aae-d607d0c33f88", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34478", "type": "seen", "source": "https://t.me/cibsecurity/67180", "content": "\u203c CVE-2023-34478 \u203c\n\nApache Shiro, before 1.12.0 or 2.0.0-alpha-3, may be susceptible to a path traversal attack that results in an authentication bypass when used together with APIs or other web frameworks that route requests based on non-normalized requests.Mitigation:\u00c2\u00a0Update to Apache Shiro 1.12.0+ or 2.0.0-alpha-3+\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-24T22:26:15.000000Z"}]}