{"vulnerability": "CVE-2022-2961", "sightings": [{"uuid": "a5e91518-87bb-41cc-b646-496838f1cef6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2022-2961", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "bf69669e-c498-4eda-8f34-eff2cb7b2d42", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2961", "type": "seen", "source": "https://t.me/cibsecurity/48971", "content": "\u203c CVE-2022-2961 \u203c\n\nA use-after-free flaw was found in the Linux kernel\u00e2\u20ac\u2122s PLP Rose functionality in the way a user triggers a race condition by calling bind while simultaneously triggering the rose_bind() function. This flaw allows a local user to crash or potentially escalate their privileges on the system.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-29T18:34:17.000000Z"}, {"uuid": "67889d60-a5af-435b-9eb2-de924f2bcead", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29614", "type": "seen", "source": "https://t.me/cibsecurity/44446", "content": "\u203c CVE-2022-29614 \u203c\n\nSAP startservice - of SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform and HANA Database - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, SAPHOSTAGENT 7.22, - on Unix systems, s-bit helper program sapuxuserchk, can be abused physically resulting in a privilege escalation of an attacker leading to low impact on confidentiality and integrity, but a profound impact on availability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-14T22:19:17.000000Z"}, {"uuid": "2be9870e-8110-4520-aebd-aff4503e197e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29617", "type": "seen", "source": "https://t.me/cibsecurity/43895", "content": "\u203c CVE-2022-29617 \u203c\n\nDue to improper error handling an authenticated user can crash CLA assistant instance. This could impact the availability of the application.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-07T00:30:24.000000Z"}, {"uuid": "97896d90-6b14-4a3c-b165-64d801926853", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29615", "type": "seen", "source": "https://t.me/cibsecurity/44448", "content": "\u203c CVE-2022-29615 \u203c\n\nSAP NetWeaver Developer Studio (NWDS) - version 7.50, is based on Eclipse, which contains the logging framework log4j in version 1.x. The application's confidentiality and integrity could have a low impact due to the vulnerabilities associated with version 1.x.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-14T22:19:19.000000Z"}, {"uuid": "5cb586dd-9c3f-44dd-aa56-12e2355d6ce1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29618", "type": "seen", "source": "https://t.me/cibsecurity/44437", "content": "\u203c CVE-2022-29618 \u203c\n\nDue to insufficient input validation, SAP NetWeaver Development Infrastructure (Design Time Repository) - versions 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to inject script into the URL and execute code in the user\u00e2\u20ac\u2122s browser. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-14T22:19:05.000000Z"}, {"uuid": "363af2dc-d384-41b2-916b-b3a8a7bd1087", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29616", "type": "seen", "source": "https://t.me/cibsecurity/42389", "content": "\u203c CVE-2022-29616 \u203c\n\nSAP Host Agent, SAP NetWeaver and ABAP Platform allow an attacker to leverage logical errors in memory management to cause a memory corruption.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-11T20:34:38.000000Z"}, {"uuid": "c0a3f6b7-dedb-4768-a060-f15a93f59726", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29613", "type": "seen", "source": "https://t.me/cibsecurity/42373", "content": "\u203c CVE-2022-29613 \u203c\n\nDue to insufficient input validation, SAP Employee Self Service allows an authenticated attacker with user privileges to alter employee number. On successful exploitation, the attacker can view personal details of other users causing a limited impact on confidentiality of the application.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-11T18:35:51.000000Z"}, {"uuid": "13810c88-cfd4-4f9f-af38-722a8b67ef83", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29611", "type": "seen", "source": "https://t.me/cibsecurity/42367", "content": "\u203c CVE-2022-29611 \u203c\n\nSAP NetWeaver Application Server for ABAP and ABAP Platform do not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-11T18:35:43.000000Z"}, {"uuid": "a21f5273-1a78-4abf-bbb7-6c1f2e7a0fe2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29610", "type": "seen", "source": "https://t.me/cibsecurity/42362", "content": "\u203c CVE-2022-29610 \u203c\n\nSAP NetWeaver Application Server ABAP allows an authenticated attacker to upload malicious files and delete (theme) data, which could result in Stored Cross-Site Scripting (XSS) attack.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-11T18:35:38.000000Z"}]}