{"vulnerability": "CVE-2022-3436", "sightings": [{"uuid": "e4c0139c-2aec-4236-8a64-d4b5ff12659c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34361", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13037", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-34361\n\ud83d\udd25 CVSS Score: 5.9 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: \nIBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 230522.\n\n\n\ud83d\udccf Published: 2022-12-06T17:52:40.621Z\n\ud83d\udccf Modified: 2025-04-23T13:44:40.796Z\n\ud83d\udd17 References:\n1. https://www.ibm.com/support/pages/node/6844763\n2. https://exchange.xforce.ibmcloud.com/vulnerabilities/230522", "creation_timestamp": "2025-04-23T14:05:17.000000Z"}, {"uuid": "2cfd6e1b-1e75-4aed-8cfa-2dc5d358498e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34362", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8554", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-34362\n\ud83d\udd25 CVSS Score: 4.6 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N)\n\ud83d\udd39 Description: \nIBM Sterling Secure Proxy 6.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 230523.\n\n\n\ud83d\udccf Published: 2023-02-08T18:30:03.902Z\n\ud83d\udccf Modified: 2025-03-24T20:49:37.610Z\n\ud83d\udd17 References:\n1. https://www.ibm.com/support/pages/node/6890663\n2. https://exchange.xforce.ibmcloud.com/vulnerabilities/230523", "creation_timestamp": "2025-03-24T21:23:37.000000Z"}, {"uuid": "b1275745-afec-4f5e-914b-03495f8ef5fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34361", "type": "seen", "source": "https://t.me/cibsecurity/54079", "content": "\u203c CVE-2022-34361 \u203c\n\nIBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 230522.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-06T20:40:58.000000Z"}, {"uuid": "dadbdd43-3b1c-4315-aff7-ad5a313a7505", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34362", "type": "seen", "source": "https://t.me/cibsecurity/57789", "content": "\u203c CVE-2022-34362 \u203c\n\nIBM Sterling Secure Proxy 6.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 230523.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-08T22:25:18.000000Z"}, {"uuid": "10cae901-66ce-46fc-8b9c-30a5da278396", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34365", "type": "seen", "source": "https://t.me/cibsecurity/47866", "content": "\u203c CVE-2022-34365 \u203c\n\nWMS 3.7 contains a Path Traversal Vulnerability in Device API. An attacker could potentially exploit this vulnerability, to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-10T20:26:05.000000Z"}, {"uuid": "f790afa9-9209-4fc1-b978-d2074154b3e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34369", "type": "seen", "source": "https://t.me/cibsecurity/49260", "content": "\u203c CVE-2022-34369 \u203c\n\nDell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3 , contain an insertion of sensitive information in log files vulnerability. A remote unprivileged attacker could potentially exploit this vulnerability, leading to exposure of this sensitive data.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-02T22:39:34.000000Z"}, {"uuid": "4ed198c1-7899-42c8-b2a2-0a4db0593351", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34367", "type": "seen", "source": "https://t.me/cibsecurity/46739", "content": "\u203c CVE-2022-34367 \u203c\n\nDell EMC Data Protection Central versions 19.1, 19.2, 19.3, 19.4, 19.5, 19.6, contain(s) a Cross-Site Request Forgery Vulnerability. A(n) remote unauthenticated attacker could potentially exploit this vulnerability, leading to processing of unintended server operations.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-21T07:13:03.000000Z"}, {"uuid": "13b90efc-6d4d-4b26-88f5-ff7940e1545c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34368", "type": "seen", "source": "https://t.me/cibsecurity/49066", "content": "\u203c CVE-2022-34368 \u203c\n\nDell EMC NetWorker 19.2.1.x 19.3.x, 19.4.x, 19.5.x, 19.6.x and 19.7.0.0 contain an Improper Handling of Insufficient Permissions or Privileges vulnerability. Authenticated non admin user could exploit this vulnerability and gain access to restricted resources.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-31T00:35:56.000000Z"}]}