{"vulnerability": "CVE-2022-3870", "sightings": [{"uuid": "fc346f14-3dca-428a-926b-44cad9027d84", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38705", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14160", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-38705\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N)\n\ud83d\udd39 Description: \nIBM CICS TX 11.1 Standard and Advanced could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a victim to a phishing site. IBM X-Force ID: 234172.\n\n\n\ud83d\udccf Published: 2022-11-14T17:56:59.006Z\n\ud83d\udccf Modified: 2025-04-30T19:50:53.598Z\n\ud83d\udd17 References:\n1. https://www.ibm.com/support/pages/node/6833216\n2. https://www.ibm.com/support/pages/node/6833218\n3. https://exchange.xforce.ibmcloud.com/vulnerabilities/234172", "creation_timestamp": "2025-04-30T20:14:41.000000Z"}, {"uuid": "88ac5c86-0910-4159-9b4f-1325e35bbf08", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38700", "type": "seen", "source": "https://t.me/cibsecurity/49512", "content": "\u203c CVE-2022-38700 \u203c\n\nOpenHarmony-v3.1.1 and prior versions have a permission bypass vulnerability. LAN attackers can bypass permission control and get control of camera service.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-09T18:29:31.000000Z"}, {"uuid": "16f23656-9001-41ba-a510-7f098cf8aec6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38704", "type": "seen", "source": "https://t.me/cibsecurity/50397", "content": "\u203c CVE-2022-38704 \u203c\n\nCross-Site Request Forgery (CSRF) vulnerability in SEO Redirection plugin <= 8.9 at WordPress, leading to deletion of 404 errors and redirection history.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-23T22:19:57.000000Z"}, {"uuid": "b1917391-9551-4042-b9ea-e10f0de69e1d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38707", "type": "seen", "source": "https://t.me/cibsecurity/63379", "content": "\u203c CVE-2022-38707 \u203c\n\nIBM Cognos Command Center 10.2.4.1 could allow a local attacker to obtain sensitive information due to insufficient session expiration. IBM X-Force ID: 234179.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-05T18:25:20.000000Z"}, {"uuid": "eb5454c5-66e6-47ec-b026-1af820d68607", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3870", "type": "seen", "source": "https://t.me/cibsecurity/56407", "content": "\u203c CVE-2022-3870 \u203c\n\nAn issue has been discovered in GitLab CE/EE affecting all versions starting from 10.0 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. GitLab allows unauthenticated users to download user avatars using the victim's user ID, on private instances that restrict public level visibility.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-12T07:29:57.000000Z"}, {"uuid": "54cd2059-e3b3-4d46-8f04-2f5d60f8ded2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38708", "type": "seen", "source": "https://t.me/cibsecurity/54934", "content": "\u203c CVE-2022-38708 \u203c\n\nIBM Cognos Analytics 11.1.7 11.2.0, and 11.2.1 could be vulnerable to a Server-Side Request Forgery Attack (SSRF) attack by constructing URLs from user-controlled data. This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 234180.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-20T00:10:47.000000Z"}, {"uuid": "9c5f561c-0e7b-4560-898b-21c2844f2a74", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38701", "type": "seen", "source": "https://t.me/cibsecurity/49523", "content": "\u203c CVE-2022-38701 \u203c\n\nOpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-09T18:29:43.000000Z"}, {"uuid": "b952e206-4e87-4f3b-b3ad-b2bcbf4df456", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38703", "type": "seen", "source": "https://t.me/cibsecurity/50324", "content": "\u203c CVE-2022-38703 \u203c\n\nAuthenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Max Foundry Button Plugin MaxButtons plugin <= 9.2 at WordPress\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-23T18:13:37.000000Z"}]}