{"vulnerability": "CVE-2022-3528", "sightings": [{"uuid": "5213a318-cb16-4acf-8fa2-fa5ec36f40dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35286", "type": "seen", "source": "https://t.me/cibsecurity/47000", "content": "\u203c CVE-2022-35286 \u203c\n\nIBM Security Verify Information Queue 10.0.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 230814.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-26T18:35:04.000000Z"}, {"uuid": "5479e3ac-64a2-4966-a443-940083bae740", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35282", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17071", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-35282\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_0, Vector: CVSS:3.0/AV:A/S:U/UI:N/I:N/AC:L/PR:N/A:N/C:L/RC:C/RL:O/E:U)\n\ud83d\udd39 Description: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, an attacker with local network access could exploit this vulnerability to obtain sensitive data.\n\ud83d\udccf Published: 2022-09-28T15:55:14.406Z\n\ud83d\udccf Modified: 2025-05-20T20:33:22.362Z\n\ud83d\udd17 References:\n1. https://www.ibm.com/support/pages/node/6824179\n2. https://exchange.xforce.ibmcloud.com/vulnerabilities/230809", "creation_timestamp": "2025-05-20T20:41:01.000000Z"}, {"uuid": "c98dacb2-cde5-433c-910f-28d8a9fbca9d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35282", "type": "seen", "source": "https://t.me/ashaburroyah313/187", "content": "{(D)enial(OFF)ensive(S)ervice[ToolKit]}-{by_(io=psy+/03c8.net)}\n\n===========================================================================\n\n[AI] Abducting target to extract interesting information... Be patient!\n\n======================\n\n -Target URL: https://hy.health.gov.il\n\n -IP    : 62.90.118.183\n -IPv6  : OFF\n -Port  : 443\n\n -Domain: hy.health.gov.il\n\n---------\n\nTrying single visit broadband test (using GET)...\n\n -Bytes in : 58.7 KB\n -Load time: 6.04 seconds\n\n---------\n\nDetermining webserver fingerprint (note that this value can be a fake)...\n\n -Banner: Microsoft-IIS/8.5\n -V\u00eda   : NOT found!\n\n---------\n\nSearching for extra Anti-DDoS protections...\n\n -WAF/IDS: FIREWALL NOT PRESENT (or not discovered yet)! ;-)\n\n---------\n\nSearching at CVE (https://cve.mitre.org) for vulnerabilities...\n\n -Last Reports:\n\n        + CVE-2022-35282 -> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35282\n\n        + CVE-2022-34336 -> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34336\n\n        + CVE-2022-34165 -> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34165\n\n        + CVE-2022-22670 -> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22670\n\n        + CVE-2022-22666 -> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22666\n\n        + CVE-2022-22654 -> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22654\n\n        + CVE-2022-22640 -> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22640\n\n        + CVE-2022-22638 -> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22638\n\n        + CVE-2022-22637 -> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22637\n\n        + CVE-2022-22633 -> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22633\n\n---------\n\n[Info] [AI] Abduction finished! -> [OK!]", "creation_timestamp": "2022-10-01T14:47:50.000000Z"}, {"uuid": "f1e4a18e-b6c3-4e54-83f3-963d84ecc6c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35289", "type": "seen", "source": "https://t.me/cibsecurity/51091", "content": "\u203c CVE-2022-35289 \u203c\n\nA write-what-where condition in hermes caused by an integer overflow, prior to commit 5b6255ae049fa4641791e47fad994e8e8c4da374 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-11T07:25:24.000000Z"}, {"uuid": "f93fe276-c6e2-4438-8609-744902a475c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35280", "type": "seen", "source": "https://t.me/cibsecurity/47878", "content": "\u203c CVE-2022-35280 \u203c\n\nIBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 230634.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-10T20:26:21.000000Z"}, {"uuid": "4e37fe79-0911-4aa5-ab21-0a3edd82d63c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3528", "type": "seen", "source": "https://t.me/cibsecurity/51536", "content": "\u203c CVE-2022-3528 \u203c\n\nA vulnerability, which was classified as problematic, was found in Linux Kernel. Affected is the function mptcp_addr_show of the file ip/ipmptcp.c of the component iproute2. The manipulation leads to memory leak. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. VDB-211026 is the identifier assigned to this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-16T22:42:16.000000Z"}, {"uuid": "54dd85ba-dc75-402b-ba41-7aa63a25cbec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35282", "type": "seen", "source": "https://t.me/cibsecurity/50608", "content": "\u203c CVE-2022-35282 \u203c\n\nIBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, an attacker with local network access could exploit this vulnerability to obtain sensitive data.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-28T20:34:21.000000Z"}, {"uuid": "b2ccbf78-9b86-4d56-b090-1b5b7f5afc77", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35285", "type": "seen", "source": "https://t.me/cibsecurity/46951", "content": "\u203c CVE-2022-35285 \u203c\n\nIBM Security Verify Information Queue 10.0.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 230812.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-25T22:33:19.000000Z"}, {"uuid": "12b22951-09cd-4668-bd01-a3f4a7519fb7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35284", "type": "seen", "source": "https://t.me/cibsecurity/46946", "content": "\u203c CVE-2022-35284 \u203c\n\nIBM Security Verify Information Queue 10.0.2 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie. IBM X-Force ID: 230811.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-25T22:33:15.000000Z"}, {"uuid": "3aee61ea-c8c0-421c-9ee5-076cd11291d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35288", "type": "seen", "source": "https://t.me/cibsecurity/46945", "content": "\u203c CVE-2022-35288 \u203c\n\nIBM Security Verify Information Queue 10.0.2 could allow a user to obtain sensitive information that could be used in further attacks against the system. IBM X-Force ID: 230818.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-25T22:33:13.000000Z"}, {"uuid": "fea61cdd-b4f1-4cdb-b01d-30f65a29e109", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35283", "type": "seen", "source": "https://t.me/cibsecurity/46264", "content": "\u203c CVE-2022-35283 \u203c\n\nIBM Security Verify Information Queue 10.0.2 could allow an authenticated user to cause a denial of service with a specially crafted HTTP request.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-14T20:32:53.000000Z"}, {"uuid": "dd9b91a5-0273-4718-955f-1930268effc0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35287", "type": "seen", "source": "https://t.me/cibsecurity/46961", "content": "\u203c CVE-2022-35287 \u203c\n\nIBM Security Verify Information Queue 10.0.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 230817.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-25T22:33:33.000000Z"}]}