{"vulnerability": "CVE-2022-2370", "sightings": [{"uuid": "7dacb6de-3f3d-4536-8088-87edce4bd306", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23700", "type": "seen", "source": "https://t.me/cibsecurity/40127", "content": "\u203c CVE-2022-23700 \u203c\n\nA local unauthorized read access to files vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-05T00:28:07.000000Z"}, {"uuid": "6989f16f-066a-4ef8-aebf-4c1a7307fcf9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23704", "type": "seen", "source": "https://t.me/cibsecurity/42219", "content": "\u203c CVE-2022-23704 \u203c\n\nA potential security vulnerability has been identified in Integrated Lights-Out 4 (iLO 4). The vulnerability could allow remote Denial of Service. The vulnerability is resolved in Integrated Lights-Out 4 (iLO 4) 2.80 and later.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-10T00:33:15.000000Z"}, {"uuid": "0f88cabe-8e2e-493f-8d47-0269982c11b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23700", "type": "seen", "source": "https://t.me/cKure/9325", "content": "\u25a0\u25a0\u25a0\u25a0\u25a1 HPE fixed two vulnerabilities in OneView found by 'PT Swarm' researcher Nikita Abramov.\n\n1\ufe0f\u20e3 CVE-2022-23699 - Authentication Restriction Bypass\n2\ufe0f\u20e3 CVE-2022-23700 - Unauthorized Read Access to Files\n\nhttps://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04252en_us", "creation_timestamp": "2022-04-11T13:12:18.000000Z"}, {"uuid": "5b095974-b77f-4189-bfcc-4218b6b79c13", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23700", "type": "seen", "source": "https://t.me/ptswarm/120", "content": "HPE fixed two vulnerabilities in OneView found by our researcher Nikita Abramov.\n\n1\ufe0f\u20e3 CVE-2022-23699 - Authentication Restriction Bypass\n2\ufe0f\u20e3 CVE-2022-23700 - Unauthorized Read Access to Files\n\nFind out more \u27a1\ufe0f https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04252en_us", "creation_timestamp": "2022-04-11T13:42:01.000000Z"}, {"uuid": "91781e57-1a6e-4fe8-b7d4-5ad88e26ac04", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23705", "type": "seen", "source": "https://t.me/cibsecurity/42218", "content": "\u203c CVE-2022-23705 \u203c\n\nA security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays, and HPE Nimble Storage Secondary Flash Arrays which could potentially allow the upload, but not execution, of unauthorized update binaries to the array. HPE has made the following software updates to resolve the vulnerability in HPE Nimble Storage: 5.0.10.100 or later, 5.2.1.0 or later, 6.0.0.100 or later.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-10T00:33:14.000000Z"}, {"uuid": "fcfce7ae-ce62-4f72-8309-4e8ac3308980", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23708", "type": "seen", "source": "https://t.me/cibsecurity/38403", "content": "\u203c CVE-2022-23708 \u203c\n\nA flaw was discovered in Elasticsearch 7.17.0\u00e2\u20ac\u2122s upgrade assistant, in which upgrading from version 6.x to 7.x would disable the in-built protections on the security index, allowing authenticated users with \u00e2\u20ac\u0153*\u00e2\u20ac\ufffd index permissions access to this index.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-04T01:13:03.000000Z"}, {"uuid": "fdac068d-175c-4950-b5b0-f43a5498449b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23709", "type": "seen", "source": "https://t.me/cibsecurity/38387", "content": "\u203c CVE-2022-23709 \u203c\n\nA flaw was discovered in Kibana in which users with Read access to the Uptime feature could modify alerting rules. A user with this privilege would be able to create new alerting rules or overwrite existing ones. However, any new or modified rules would not be enabled, and a user with this privilege could not modify alerting connectors. This effectively means that Read users could disable existing alerting rules.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-04T00:26:24.000000Z"}, {"uuid": "3a4f5072-9d19-43cc-bf55-7d07c96c1511", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23701", "type": "seen", "source": "https://t.me/cibsecurity/38062", "content": "\u203c CVE-2022-23701 \u203c\n\nA potential remote host header injection security vulnerability has been identified in HPE Integrated Lights-Out 4 (iLO 4) firmware version(s): Prior to 2.60. This vulnerability could be remotely exploited to allow an attacker to supply invalid input to the iLO 4 webserver, causing it to respond with a redirect to an attacker-controlled domain. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 4 (iLO 4).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-25T00:20:05.000000Z"}]}