{"vulnerability": "CVE-2022-2344", "sightings": [{"uuid": "92341494-556f-4eb8-bd73-9116656850a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23447", "type": "seen", "source": "https://t.me/cibsecurity/66411", "content": "\u203c CVE-2022-23447 \u203c\n\nAn improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in FortiExtender management interface 7.0.0 through 7.0.3, 4.2.0 through 4.2.4, 4.1.1 through 4.1.8, 4.0.0 through 4.0.2, 3.3.0 through 3.3.2, 3.2.1 through 3.2.3, 5.3 all versions may allow an unauthenticated and remote attacker to retrieve\u00c2\u00a0arbitrary files from the underlying filesystem via specially crafted web requests.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-11T20:29:50.000000Z"}, {"uuid": "d39e06d2-ccee-4413-ba5b-93d29ffbe2d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2344", "type": "seen", "source": "https://t.me/cibsecurity/45843", "content": "\u203c CVE-2022-2344 \u203c\n\nHeap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0045.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-08T22:18:48.000000Z"}, {"uuid": "216dd15f-38ea-4d92-93d6-14b7f68ec08f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23442", "type": "seen", "source": "https://t.me/cibsecurity/47488", "content": "\u203c CVE-2022-23442 \u203c\n\nAn improper access control vulnerability [CWE-284] in FortiOS versions 6.2.0 through 6.2.11, 6.4.0 through 6.4.8 and 7.0.0 through 7.0.5 may allow an authenticated attacker with a restricted user profile to gather the checksum information about the other VDOMs via CLI commands.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-03T18:18:39.000000Z"}, {"uuid": "6278d2ea-69dc-43e8-99b4-4ab4cfd39a45", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23448", "type": "seen", "source": "https://t.me/cibsecurity/40597", "content": "\u203c CVE-2022-23448 \u203c\n\nA vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1), SIMATIC Energy Manager PRO (All versions < V7.3 Update 1). Affected applications improperly assign permissions to critical directories and files used by the application processes. This could allow a local unprivileged attacker to achieve code execution with ADMINISTRATOR or even NT AUTHORITY/SYSTEM privileges.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-12T12:23:17.000000Z"}, {"uuid": "3076253b-b178-4915-820f-e3b1b4a13d13", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23443", "type": "seen", "source": "https://t.me/cibsecurity/41947", "content": "\u203c CVE-2022-23443 \u203c\n\nAn improper access control in Fortinet FortiSOAR before 7.2.0 allows unauthenticated attackers to access gateway API data via crafted HTTP GET requests.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-04T20:35:41.000000Z"}, {"uuid": "27dfa20b-b00f-4cd3-946d-bb78874eda86", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23441", "type": "seen", "source": "https://t.me/cibsecurity/40225", "content": "\u203c CVE-2022-23441 \u203c\n\nA use of hard-coded cryptographic key vulnerability [CWE-321] in FortiEDR versions 5.0.2, 5.0.1, 5.0.0, 4.0.0 may allow an unauthenticated attacker on the network to disguise as and forge messages from other collectors.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-06T12:35:34.000000Z"}, {"uuid": "e431012c-19f6-44b1-a469-56e634b6dd08", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23446", "type": "seen", "source": "https://t.me/cibsecurity/40224", "content": "\u203c CVE-2022-23446 \u203c\n\nA improper control of a resource through its lifetime in Fortinet FortiEDR version 5.0.3 and earlier allows attacker to make the whole application unresponsive via changing its root directory access permission.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-06T12:30:07.000000Z"}]}