{"vulnerability": "CVE-2022-3916", "sightings": [{"uuid": "054320d6-d931-442c-96ba-0b12894b7c7f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39163", "type": "seen", "source": "https://t.me/cvedetector/21180", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2022-39163 - IBM Cognos Controller Client-Side Desync Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2022-39163 \nPublished : March 26, 2025, 2:15 p.m. | 28\u00a0minutes ago \nDescription : IBM Cognos Controller 11.0.0 through 11.1.0 is vulnerable to a Client-Side Desync (CSD) attack where an attacker could exploit a desynchronized browser connection that could lead to further cross-site scripting (XSS) attacks. \nSeverity: 4.7 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"26 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-26T16:23:55.000000Z"}, {"uuid": "ff66bc6c-6537-42b3-b51d-f42b4dea3659", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39165", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11813", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-39165\n\ud83d\udd25 CVSS Score: 6.2 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local user to exploit a vulnerability in CAA to cause a denial of service.  IBM X-Force ID:  235183.\n\ud83d\udccf Published: 2022-12-23T18:48:01.722Z\n\ud83d\udccf Modified: 2025-04-15T13:47:17.247Z\n\ud83d\udd17 References:\n1. https://www.ibm.com/support/pages/node/6847947\n2. https://exchange.xforce.ibmcloud.com/vulnerabilities/235183", "creation_timestamp": "2025-04-15T13:54:36.000000Z"}, {"uuid": "27ac7889-6c75-4128-b1ad-043fe8424ed6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39160", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12210", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-39160\n\ud83d\udd25 CVSS Score: 6.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: \nIBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 235064.\n\n\n\ud83d\udccf Published: 2022-12-19T20:57:35.505Z\n\ud83d\udccf Modified: 2025-04-17T13:54:03.000Z\n\ud83d\udd17 References:\n1. https://www.ibm.com/support/pages/node/6841801\n2. https://exchange.xforce.ibmcloud.com/vulnerabilities/235064", "creation_timestamp": "2025-04-17T13:57:37.000000Z"}, {"uuid": "796ea0ee-4106-4d2e-9332-2a5b20367915", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39161", "type": "seen", "source": "https://bsky.app/profile/knaepp.bsky.social/post/3ljidcvzk452r", "content": "", "creation_timestamp": "2025-03-03T16:05:06.303457Z"}, {"uuid": "c68b85b4-5cb1-4a9d-bde6-20e7fea287b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39161", "type": "seen", "source": "https://t.me/cibsecurity/63250", "content": "\u203c CVE-2022-39161 \u203c\n\nIBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and IBM WebSphere Application Server Liberty, when configured to communicate with the Web Server Plug-ins for IBM WebSphere Application Server, could allow an authenticated user to conduct spoofing attacks. A man-in-the-middle attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information. IBM X-Force ID: 235069.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-04T00:32:12.000000Z"}, {"uuid": "aa61f04c-83f0-4c75-95bd-2d219d4cb2f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39167", "type": "seen", "source": "https://t.me/cibsecurity/56722", "content": "\u203c CVE-2022-39167 \u203c\n\nIBM Spectrum Virtualize 8.5, 8.4, 8.3, 8.2, and 7.8, under certain configurations, could disclose sensitive information to an attacker using man-in-the-middle techniques. IBM X-Force ID: 235408.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-19T20:22:10.000000Z"}, {"uuid": "fa85779d-dd03-4ca4-814a-f45f3752183b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39166", "type": "seen", "source": "https://t.me/cibsecurity/55022", "content": "\u203c CVE-2022-39166 \u203c\n\nIBM Security Guardium 11.4 could allow a privileged user to obtain sensitive information inside of an HTTP response. IBM X-Force ID: 235405.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-21T00:12:39.000000Z"}, {"uuid": "46126c0a-08d6-4ad8-bb50-f44183a7f018", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39160", "type": "seen", "source": "https://t.me/cibsecurity/54936", "content": "\u203c CVE-2022-39160 \u203c\n\nIBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 235064.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-20T00:10:49.000000Z"}]}