{"vulnerability": "CVE-2023-3943", "sightings": [{"uuid": "8810387c-38a8-492e-8cb4-7e317d6e865f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3943", "type": "published-proof-of-concept", "source": "https://t.me/ZeroEthical_Course/441", "content": "QR code SQL injection and other vulnerabilities in a popular biometric terminal (CVE-2023-3938, CVE-2023-3939, CVE-2023-3940, CVE-2023-3941, CVE-2023-3942, CVE-2023-3943)\nhttps://securelist.com/biometric-terminal-vulnerabilities/112800/", "creation_timestamp": "2024-06-12T18:41:36.000000Z"}, {"uuid": "127885a0-78c2-42ef-ab86-77b17297b4ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3943", "type": "published-proof-of-concept", "source": "https://t.me/BlackHat0Hackers/52", "content": "QR code SQL injection and other vulnerabilities in a popular biometric terminal (CVE-2023-3938, CVE-2023-3939, CVE-2023-3940, CVE-2023-3941, CVE-2023-3942, CVE-2023-3943)\nhttps://securelist.com/biometric-terminal-vulnerabilities/112800/", "creation_timestamp": "2024-06-12T15:10:04.000000Z"}, {"uuid": "cdd42646-ed1e-4bd9-a68f-e05f6698398c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39439", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5797", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-39439\n\ud83d\udd25 CVSS Score: 8.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: SAP Commerce Cloud may accept an empty passphrase for user ID and passphrase authentication, allowing users to log into the system without a passphrase.\n\ud83d\udccf Published: 2023-08-08T00:49:01.594Z\n\ud83d\udccf Modified: 2025-02-27T21:10:56.748Z\n\ud83d\udd17 References:\n1. https://me.sap.com/notes/3346500\n2. https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", "creation_timestamp": "2025-02-27T21:26:01.000000Z"}, {"uuid": "8d2f8c61-65bf-4735-8167-68ee85514d23", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39434", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14550", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-39434\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. Processing web content may lead to arbitrary code execution.\n\ud83d\udccf Published: 2023-09-26T20:14:45.109Z\n\ud83d\udccf Modified: 2025-05-02T17:46:48.633Z\n\ud83d\udd17 References:\n1. https://support.apple.com/en-us/HT213938\n2. https://support.apple.com/en-us/HT213940\n3. https://support.apple.com/en-us/HT213937\n4. http://www.openwall.com/lists/oss-security/2023/09/28/3\n5. http://seclists.org/fulldisclosure/2023/Oct/8\n6. http://seclists.org/fulldisclosure/2023/Oct/9\n7. http://seclists.org/fulldisclosure/2023/Oct/3\n8. https://security.gentoo.org/glsa/202401-33", "creation_timestamp": "2025-05-02T18:19:43.000000Z"}, {"uuid": "a6f92282-c5bf-4535-8b45-dfc194dda1dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39439", "type": "seen", "source": "https://t.me/arpsyndicate/2414", "content": "#ExploitObserverAlert\n\nCVE-2023-39439\n\nDESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-39439. SAP Commerce Cloud may accept an empty passphrase for user ID and passphrase authentication, allowing users to log into the system without a passphrase.\n\nFIRST-EPSS: 0.000910000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2024-01-04T03:02:23.000000Z"}, {"uuid": "1a480312-e75b-4742-a30f-63ca201ef79a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39431", "type": "seen", "source": "https://t.me/cibsecurity/72612", "content": "\u203c CVE-2023-39431 \u203c\n\nSante DICOM Viewer Pro lacks proper validation of user-supplied data when parsing DICOM files. This could lead to an out-of-bounds write. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-19T22:34:55.000000Z"}, {"uuid": "b24d8475-b735-45dd-87d8-1775ad24a774", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39432", "type": "seen", "source": "https://t.me/ctinow/201394", "content": "https://ift.tt/LaPMB9c\nCVE-2023-39432 | Intel Ethernet Tools and Driver Install Software prior 28.2 access control (intel-sa-00993)", "creation_timestamp": "2024-03-06T14:41:22.000000Z"}, {"uuid": "fb822131-7ff7-45fe-9cbe-3320179adb81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39437", "type": "seen", "source": "https://t.me/cibsecurity/67943", "content": "\u203c CVE-2023-39437 \u203c\n\nSAP business One allows - version 10.0, allows an attacker to insert malicious code into the content of a web page or application and gets it delivered to the client, resulting to Cross-site scripting. This could lead to harmful action affecting the Confidentiality, Integrity and Availability of the application.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-08T07:14:01.000000Z"}, {"uuid": "b37fe8a7-0819-4965-9273-823341999f35", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39438", "type": "seen", "source": "https://t.me/cibsecurity/68555", "content": "\u203c CVE-2023-39438 \u203c\n\nA missing authorization check allows an arbitrary authenticated user to perform certain operations through the API of CLA-assistant by executing specific additional steps. This allows an arbitrary authenticated user to read CLA information including information of the persons who signed them as well as custom fields the CLA requester had configured. In addition, an arbitrary authenticated user can update or delete the CLA-configuration for repositories or organizations using CLA-assistant. The stored access tokens for GitHub are not affected, as these are redacted from the API-responses.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-15T20:30:53.000000Z"}, {"uuid": "96251774-05b9-4061-980b-d0fbad9518d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39432", "type": "seen", "source": "https://t.me/ctinow/184815", "content": "https://ift.tt/jyVEhQC\nCVE-2023-39432", "creation_timestamp": "2024-02-14T17:03:09.000000Z"}, {"uuid": "0e2dace5-724f-4c5e-9d2b-780ec0ab5a85", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39436", "type": "seen", "source": "https://t.me/cibsecurity/67941", "content": "\u203c CVE-2023-39436 \u203c\n\nSAP Supplier Relationship Management -versions 600, 602, 603, 604, 605, 606, 616, 617, allows an unauthorized attacker to discover information relating to\u00c2\u00a0SRM within Vendor Master Data for Business Partners replication functionality.This information could be used to allow the attacker to specialize their attacks against\u00c2\u00a0SRM.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-08T07:13:56.000000Z"}, {"uuid": "cdc5cdd2-c8f6-466f-a111-5cc4ea469e80", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3943", "type": "seen", "source": "https://t.me/androidMalware/2248", "content": "QR code SQL injection and other vulnerabilities in a popular biometric terminal (CVE-2023-3938, CVE-2023-3939, CVE-2023-3940, CVE-2023-3941, CVE-2023-3942, CVE-2023-3943)\nhttps://securelist.com/biometric-terminal-vulnerabilities/112800/", "creation_timestamp": "2024-07-17T13:08:30.000000Z"}, {"uuid": "64be0b0f-bafd-4ae1-9c71-0bdd737506bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39439", "type": "seen", "source": "https://t.me/cibsecurity/67933", "content": "\u203c CVE-2023-39439 \u203c\n\nSAP Commerce Cloud may accept an empty passphrase for user ID and passphrase authentication, allowing users to log into the system without a passphrase.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-08T07:13:47.000000Z"}]}