{"vulnerability": "CVE-2023-3741", "sightings": [{"uuid": "6ad802de-8469-4311-9cac-c9f0fbb3c50f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37413", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113912641522577917", "content": "", "creation_timestamp": "2025-01-29T16:42:49.137864Z"}, {"uuid": "013bbd9c-bf37-4f44-ba06-73560e62347f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37412", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113912641506655123", "content": "", "creation_timestamp": "2025-01-29T16:42:48.927746Z"}, {"uuid": "ce2cd61f-ee50-479b-8aa0-1caf1d7e5db7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37412", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgvhuynxbi2c", "content": "", "creation_timestamp": "2025-01-29T17:15:48.764830Z"}, {"uuid": "a639a2e1-f1a3-4ed8-9bb8-a3a4a89b3cdf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37413", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgvhv3dkl62j", "content": "", "creation_timestamp": "2025-01-29T17:15:51.430597Z"}, {"uuid": "0dcf7f63-efe9-4f2e-8025-9d7a47073b2c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37415", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4332", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-37415\n\ud83d\udd25 CVSS Score: 8.7 (CVSS_V3)\n\ud83d\udd39 Description: Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Apache Hive Provider.\n\nPatching on top of CVE-2023-35797\nBefore\u00a06.1.2\u00a0the proxy_user option can also inject semicolon.\n\nThis issue affects Apache Airflow Apache Hive Provider: before 6.1.2.\n\nIt is recommended updating provider version to 6.1.2 in order to avoid this vulnerability.\n\ud83d\udccf Published: 2023-07-13T09:30:28Z\n\ud83d\udccf Modified: 2025-02-13T19:00:55Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2023-37415\n2. https://github.com/apache/airflow\n3. https://lists.apache.org/thread/9wx0jlckbnycjh8nj5qfwxo423zvm41k\n4. http://www.openwall.com/lists/oss-security/2023/07/12/3", "creation_timestamp": "2025-02-13T19:21:09.000000Z"}, {"uuid": "bf728bf4-3b66-4e1f-a8fc-bd188f076f55", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37412", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgvojthjhp2w", "content": "", "creation_timestamp": "2025-01-29T19:14:53.347608Z"}, {"uuid": "9797535e-3d1b-432b-ab80-5fde7c75b40e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37413", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgvoju3kt72k", "content": "", "creation_timestamp": "2025-01-29T19:14:57.039459Z"}, {"uuid": "9773192a-a643-4849-bbb6-1bc48d32ec61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37413", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3387", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-37413\n\ud83d\udd25 CVSS Score: 5.3 (CVSS_V3)\n\ud83d\udd39 Description: IBM Aspera Faspex 5.0.0 through 5.0.10 could disclose sensitive username information due to an observable response discrepancy.\n\ud83d\udccf Published: 2025-01-29T18:31:22Z\n\ud83d\udccf Modified: 2025-01-29T18:31:22Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2023-37413\n2. https://www.ibm.com/support/pages/node/7181814", "creation_timestamp": "2025-01-29T19:11:23.000000Z"}, {"uuid": "468fdcc0-bba9-44dc-bc6c-7018883ab2ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37412", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3385", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-37412\n\ud83d\udd25 CVSS Score: 4.3 (CVSS_V3)\n\ud83d\udd39 Description: IBM Aspera Faspex 5.0.0 through 5.0.10 could allow a privileged user to make system changes without proper access controls.\n\ud83d\udccf Published: 2025-01-29T18:31:22Z\n\ud83d\udccf Modified: 2025-01-29T18:31:22Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2023-37412\n2. https://www.ibm.com/support/pages/node/7181814", "creation_timestamp": "2025-01-29T19:11:21.000000Z"}, {"uuid": "14e407c6-9b27-4365-abc4-a46390167b99", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3741", "type": "seen", "source": "https://t.me/ctinow/157040", "content": "https://ift.tt/VydLPca\nCVE-2023-3741 | NEC DT900/DT900S os command injection", "creation_timestamp": "2023-12-20T14:46:32.000000Z"}, {"uuid": "a1585894-4667-4c14-b3f2-ff954c41f18b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37412", "type": "seen", "source": "https://t.me/cvedetector/16693", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2023-37412 - \"IBM Aspera Faspex Privilege Escalation Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2023-37412 \nPublished : Jan. 29, 2025, 5:15 p.m. | 59\u00a0minutes ago \nDescription : IBM Aspera Faspex 5.0.0 through 5.0.10 could allow a privileged user to make system changes without proper access controls. \nSeverity: 4.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"29 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-29T19:52:04.000000Z"}, {"uuid": "d639ea2d-1ab4-4ee9-a829-9324f241200d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37413", "type": "seen", "source": "https://t.me/cvedetector/16694", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2023-37413 - IBM Aspera Faspex Information Disclosure Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2023-37413 \nPublished : Jan. 29, 2025, 5:15 p.m. | 59\u00a0minutes ago \nDescription : IBM Aspera Faspex 5.0.0 through 5.0.10 could disclose sensitive username information due to an observable response discrepancy. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"29 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-29T19:52:08.000000Z"}, {"uuid": "543366e2-330b-42eb-a638-b65d8f9b2af2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37410", "type": "seen", "source": "https://t.me/cibsecurity/70839", "content": "\u203c CVE-2023-37410 \u203c\n\nIBM Personal Communications 14.05, 14.06, and 15.0.0 could allow a local user to escalate their privileges to the SYSTEM user due to overly permissive access controls. IBM X-Force ID: 260138.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-21T00:30:25.000000Z"}]}