{"vulnerability": "CVE-2023-4420", "sightings": [{"uuid": "387185a6-8560-4f2f-b53b-5f82874b80a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-44208", "type": "seen", "source": "https://t.me/cibsecurity/71563", "content": "\u203c CVE-2023-44208 \u203c\n\nSensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40713.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-04T16:11:52.000000Z"}, {"uuid": "11564c61-a0e9-46d4-96ff-eb166ab4dfd0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-44209", "type": "seen", "source": "https://t.me/cibsecurity/71644", "content": "\u203c CVE-2023-44209 \u203c\n\nLocal privilege escalation due to improper soft link handling. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 29051.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-05T00:13:39.000000Z"}, {"uuid": "99f335ce-b45a-4af5-af76-1a1888fe6345", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-44207", "type": "seen", "source": "https://t.me/cibsecurity/71114", "content": "\u203c CVE-2023-44207 \u203c\n\nStored cross-site scripting (XSS) vulnerability in protection plan name. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-27T18:48:54.000000Z"}, {"uuid": "030c784f-b4f9-43fd-b56e-da4e18654dde", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-4420", "type": "seen", "source": "https://t.me/cibsecurity/69135", "content": "\u203c CVE-2023-4420 \u203c\n\nA remote unprivileged attacker can intercept the communication via e.g. Man-In-The-Middle, due to the absence of Transport Layer Security (TLS) in the SICK LMS5xx. This lack of encryption in the communication channel can lead to the unauthorized disclosure of sensitive information. The attacker can exploit this weakness to eavesdrop on the communication between the LMS5xx and the Client, and potentially manipulate the data being transmitted.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-24T22:13:28.000000Z"}]}