{"vulnerability": "CVE-2023-4572", "sightings": [{"uuid": "ff6c58dc-8018-4a1d-991b-17a813751170", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-45727", "type": "seen", "source": "https://infosec.exchange/users/edwardk/statuses/113513465135891182", "content": "", "creation_timestamp": "2024-11-20T04:47:00.701616Z"}, {"uuid": "b6fda4a1-a180-468d-adb4-8ddf975fa534", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-45727", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2813838", "content": "", "creation_timestamp": "2024-12-03T16:46:12.572279Z"}, {"uuid": "18f0d78b-6a58-4942-bcec-cfcbc98c28da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-45727", "type": "seen", "source": "https://infosec.exchange/users/screaminggoat/statuses/113589530243414084", "content": "", "creation_timestamp": "2024-12-03T15:11:22.701623Z"}, {"uuid": "c4a97d06-9493-4557-92fd-5c1a4a7cd2f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-45727", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2024-12-12T15:10:02.000000Z"}, {"uuid": "821444ae-a568-4358-a3d5-379cfc8394ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-45720", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13281", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-45720\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: Insufficient default configuration in HCL Leap\nallows anonymous access to directory information.\n\ud83d\udccf Published: 2025-04-24T16:25:16.979Z\n\ud83d\udccf Modified: 2025-04-24T16:25:16.979Z\n\ud83d\udd17 References:\n1. https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0119900", "creation_timestamp": "2025-04-24T17:06:31.000000Z"}, {"uuid": "b48e2ff5-8efa-4554-bcaf-c312f032b30b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-45727", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:11:02.000000Z"}, {"uuid": "5ee306d0-4bcf-4d7f-8434-0f6e15232df2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-45721", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lo37f57hfh2h", "content": "", "creation_timestamp": "2025-05-01T01:56:10.521541Z"}, {"uuid": "6018eeec-ef01-4877-a1d9-7fc03f5f3794", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2023-45727", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/d238f277-bf41-4e5a-b0ea-ca64341d173f", "content": "", "creation_timestamp": "2026-02-02T12:26:20.790295Z"}, {"uuid": "4645bf2a-99aa-49f3-bb42-1ddc770b4a88", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-45724", "type": "seen", "source": "https://t.me/cibsecurity/74269", "content": "\u203c\ufe0fCVE-2023-45724\u203c\ufe0f\n\nHCL DRYiCE MyXalytics product is impacted by unauthenticated file upload vulnerability. The web application permits the upload of a certain file without requiring user authentication. \n\n\ud83d\udcd6 Read more\n\nVia \"National Vulnerability Database\"", "creation_timestamp": "2024-01-04T01:31:40.000000Z"}, {"uuid": "26a01886-b6b0-434b-9bc7-d769c921f2d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-45724", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18761", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-45724\n\ud83d\udd25 CVSS Score: 8.2 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N)\n\ud83d\udd39 Description: HCL DRYiCE MyXalytics product is impacted by unauthenticated file upload vulnerability. The web application permits the upload of a certain file without requiring user authentication.\n\n\ud83d\udccf Published: 2024-01-03T02:53:23.847Z\n\ud83d\udccf Modified: 2025-06-18T15:27:27.226Z\n\ud83d\udd17 References:\n1. https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608", "creation_timestamp": "2025-06-18T15:42:52.000000Z"}, {"uuid": "1c64d9b4-b5ab-40e9-a61e-47c71071db12", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-45721", "type": "seen", "source": "https://t.me/cvedetector/24167", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2023-45721 - HCL Leap Unauthenticated Directory Information Exposure\", \n  \"Content\": \"CVE ID : CVE-2023-45721 \nPublished : April 30, 2025, 10:15 p.m. | 1\u00a0hour, 52\u00a0minutes ago \nDescription : Insufficient default configuration in HCL Leap  \nallows anonymous access to directory information. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-01T02:17:24.000000Z"}, {"uuid": "97712a31-765f-476a-8c3a-8905206f8e79", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-45721", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14185", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-45721\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: Insufficient default configuration in HCL Leap\nallows anonymous access to directory information.\n\ud83d\udccf Published: 2025-04-30T21:13:30.911Z\n\ud83d\udccf Modified: 2025-04-30T21:13:30.911Z\n\ud83d\udd17 References:\n1. https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0120722", "creation_timestamp": "2025-04-30T22:14:22.000000Z"}, {"uuid": "100d1774-828d-4914-8034-99523881ab02", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-45723", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18762", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-45723\n\ud83d\udd25 CVSS Score: 7.6 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L)\n\ud83d\udd39 Description: HCL DRYiCE MyXalytics is impacted by path traversal vulnerability which allows file upload capability. \u00a0Certain endpoints permit users to manipulate the path (including the file name) where these files are stored on the server.\n\n\ud83d\udccf Published: 2024-01-03T02:50:02.258Z\n\ud83d\udccf Modified: 2025-06-18T15:27:02.999Z\n\ud83d\udd17 References:\n1. https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608", "creation_timestamp": "2025-06-18T15:42:53.000000Z"}, {"uuid": "a160a061-68c6-4688-966a-2ad0f2835aca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-45720", "type": "seen", "source": "https://t.me/cvedetector/23700", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2023-45720 - HCL Leap Directory Information Information Disclosure\", \n  \"Content\": \"CVE ID : CVE-2023-45720 \nPublished : April 24, 2025, 5:15 p.m. | 1\u00a0hour, 17\u00a0minutes ago \nDescription : Insufficient default configuration in HCL Leap  \nallows anonymous access to directory information. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"24 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-24T20:35:34.000000Z"}, {"uuid": "d668fb69-01b3-4edb-8973-9c6205002796", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-45723", "type": "seen", "source": "https://t.me/cibsecurity/74268", "content": "\u203c\ufe0fCVE-2023-45723\u203c\ufe0f\n\nHCL DRYiCE MyXalytics is impacted by path traversal vulnerability which allows file upload capability. \u00a0Certain endpoints permit users to manipulate the path including the file name where these files are stored on the server. \n\n\ud83d\udcd6 Read more\n\nVia \"National Vulnerability Database\"", "creation_timestamp": "2024-01-05T12:18:52.000000Z"}, {"uuid": "58eb106f-984b-4439-a4dd-1fe6ada9f2d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-45722", "type": "seen", "source": "https://t.me/cibsecurity/74267", "content": "\u203c\ufe0fCVE-2023-45722\u203c\ufe0f\n\nHCL DRYiCE MyXalytics is impacted by path traversal arbitrary file read vulnerability because it uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory. \u00a0The product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. Potential exploits can completely disrupt or take over the application. \n\n\ud83d\udcd6 Read more\n\nVia \"National Vulnerability Database\"", "creation_timestamp": "2024-01-04T01:31:30.000000Z"}, {"uuid": "d40aa8e8-a35b-44ad-9d7c-e39ae7e9d666", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-45722", "type": "seen", "source": "https://t.me/ctinow/171808", "content": "https://ift.tt/4l6r0wk\nCVE-2023-45722 | HCL DRYiCE MyXalytics 5.9/6.0/6.1 pathname traversal (KB0109608)", "creation_timestamp": "2024-01-23T09:56:20.000000Z"}, {"uuid": "da969ab5-d65e-40f6-a692-adc23d17a243", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-45724", "type": "seen", "source": "https://t.me/ctinow/171866", "content": "https://ift.tt/wNdR029\nCVE-2023-45724 | HCL DRYiCE MyXalytics 5.9/6.0/6.1 improper authentication (KB0109608)", "creation_timestamp": "2024-01-23T11:27:00.000000Z"}, {"uuid": "3abfac3f-13f8-4508-926a-b48710372655", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-45723", "type": "seen", "source": "https://t.me/ctinow/171790", "content": "https://ift.tt/th4WonT\nCVE-2023-45723 | HCL DRYiCE MyXalytics 5.9/6.0/6.1 Endpoint path traversal (KB0109608)", "creation_timestamp": "2024-01-23T09:21:36.000000Z"}, {"uuid": "7c23c6e4-0ded-4e4a-a53b-81bca5419cac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-45727", "type": "seen", "source": "https://t.me/cibsecurity/72502", "content": "\u203c CVE-2023-45727 \u203c\n\nProself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and earlier allow a remote unauthenticated attacker to conduct XML External Entity (XXE) attacks. By processing a specially crafted request containing malformed XML data, arbitrary files on the server containing account information may be read by the attacker.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-18T14:33:44.000000Z"}, {"uuid": "ab1e8a27-bb1b-441c-9b41-ae6218c04908", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-45725", "type": "seen", "source": "https://t.me/ctinow/162848", "content": "https://ift.tt/ba0l4Oz\nCVE-2023-45725 | Apache CouchDB up to 3.3.2 Design Document improper authorization", "creation_timestamp": "2024-01-04T09:07:02.000000Z"}, {"uuid": "3d692840-ab0e-4f8a-b055-3574c65e40a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-45724", "type": "seen", "source": "https://t.me/ctinow/162177", "content": "https://ift.tt/JGknZsO\nCVE-2023-45724", "creation_timestamp": "2024-01-03T04:26:59.000000Z"}, {"uuid": "8f6d5351-7eb4-4fc4-a73d-6fd91cc15950", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-45723", "type": "seen", "source": "https://t.me/ctinow/162176", "content": "https://ift.tt/vDwfWUA\nCVE-2023-45723", "creation_timestamp": "2024-01-03T04:26:58.000000Z"}, {"uuid": "3e14c338-cf3c-44b9-a4d4-faf3b71a11a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-45722", "type": "seen", "source": "https://t.me/ctinow/162175", "content": "https://ift.tt/FNq4lyV\nCVE-2023-45722", "creation_timestamp": "2024-01-03T04:26:58.000000Z"}, {"uuid": "3eae72df-c330-401c-8462-2597841c9992", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-4572", "type": "seen", "source": "https://t.me/cibsecurity/69386", "content": "\u203c CVE-2023-4572 \u203c\n\nUse after free in MediaStream in Google Chrome prior to 116.0.5845.140 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-30T00:17:39.000000Z"}]}