{"vulnerability": "CVE-2022-4167", "sightings": [{"uuid": "54e73553-277b-43f0-be9f-d7eacc3c5ceb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41678", "type": "seen", "source": "https://bsky.app/profile/ytroncal.bsky.social/post/3lvkqlwckcc2c", "content": "", "creation_timestamp": "2025-08-04T08:10:28.456684Z"}, {"uuid": "920f199d-95f2-4e09-8e31-bf39b682eeef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41678", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-261-04", "content": "", "creation_timestamp": "2025-09-18T10:00:00.000000Z"}, {"uuid": "ce1f56e0-085b-49a3-9635-1d4163141d90", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41678", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2022/CVE-2022-41678.yaml", "content": "", "creation_timestamp": "2026-03-31T15:35:48.000000Z"}, {"uuid": "9443fa11-039e-45b6-a62e-9fac1ca6a8ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41678", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3mihlnmgxcq2d", "content": "", "creation_timestamp": "2026-04-01T21:02:36.591824Z"}, {"uuid": "44402745-0cb7-43f2-a69f-6019be5853a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41678", "type": "seen", "source": "https://t.me/GithubRedTeam/81019", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a ActiveMQ-EXPtools\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a Catherines77\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Java\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-04-20 03:28:09\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\n\u652f\u6301\u68c0\u6d4b\u548c\u5229\u7528ActiveMQ\u6f0f\u6d1e\uff0cCVE-2015-5254\uff0cCVE-2016-3088\uff0cCVE-2022-41678\uff0cCVE-2023-46604\uff0cCVE-2024-32114\uff0cCVE-2026-34197\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-04-20T04:00:04.000000Z"}, {"uuid": "83f1495c-05d0-4e3a-921e-c21925c2cd8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41678", "type": "published-proof-of-concept", "source": "Telegram/e-NDV7JUXFjV7ZYm9J_MRokEu-SU9MarRYVSx0rnLWFHt3U", "content": "", "creation_timestamp": "2025-10-14T21:00:05.000000Z"}, {"uuid": "4591bb66-0cc8-4af3-9900-4bf2bf53e4e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4167", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10938", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-4167\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: Incorrect Authorization check affecting all versions of GitLab EE from 13.11 prior to 15.5.7, 15.6 prior to 15.6.4, and 15.7 prior to 15.7.2 allows group access tokens to continue working even after the group owner loses the ability to revoke them.\n\ud83d\udccf Published: 2023-01-12T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-08T16:28:42.595Z\n\ud83d\udd17 References:\n1. https://gitlab.com/gitlab-org/gitlab/-/issues/367740\n2. https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4167.json", "creation_timestamp": "2025-04-08T16:46:24.000000Z"}, {"uuid": "cf1373e1-9746-46d5-a339-efd4ac4672a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41671", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14372", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-41671\n\ud83d\udd25 CVSS Score: 7 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: A CWE-89: Improper Neutralization of Special Elements used in SQL Command (\u2018SQL Injection\u2019) vulnerability exists that allows adversaries with local user privileges to craft a malicious SQL query and execute as part of project migration which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior).\n\ud83d\udccf Published: 2022-11-04T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-01T19:03:13.270Z\n\ud83d\udd17 References:\n1. https://www.se.com/ww/en/download/document/SEVD-2022-284-01/", "creation_timestamp": "2025-05-01T19:14:52.000000Z"}, {"uuid": "2aead904-1cae-405b-af07-3da4f878f49b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41676", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13313", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-41676\n\ud83d\udd25 CVSS Score: 5.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: Raiden MAILD Mail Server website mail field has insufficient filtering for user input. A remote attacker with general user privilege can send email using the website with malicious JavaScript in the input field, which triggers XSS (Reflected Cross-Site Scripting) attack to the mail recipient.\n\ud83d\udccf Published: 2022-11-29T03:30:29.550Z\n\ud83d\udccf Modified: 2025-04-24T18:47:54.040Z\n\ud83d\udd17 References:\n1. https://www.twcert.org.tw/tw/cp-132-6743-0a2c4-1.html", "creation_timestamp": "2025-04-24T19:06:40.000000Z"}, {"uuid": "b7ee78c4-b63c-4594-abea-5608ee9145db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41679", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14580", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-41679\n\ud83d\udd25 CVSS Score: 4.7 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N)\n\ud83d\udd39 Description: Forma LMS version 3.1.0 and earlier are affected by an Cross-Site scripting vulnerability, that could allow a remote attacker to inject javascript code on the \u201cback_url\u201d parameter in appLms/index.php?modname=faq&op=play function. The exploitation of this vulnerability could allow an attacker to steal the user\u00b4s cookies in order to log in to the application.\n\ud83d\udccf Published: 2022-10-31T19:59:49.293Z\n\ud83d\udccf Modified: 2025-05-02T19:57:29.942Z\n\ud83d\udd17 References:\n1. https://www.incibe-cert.es/en/early-warning/security-advisories/multiple-vulnerabilities-forma-lms", "creation_timestamp": "2025-05-02T20:16:26.000000Z"}, {"uuid": "70e3c11b-7c5b-4c70-a7ce-fef47f7af965", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41674", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16509", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-41674\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c.\n\ud83d\udccf Published: 2022-10-13T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-15T14:26:34.892Z\n\ud83d\udd17 References:\n1. https://bugzilla.suse.com/show_bug.cgi?id=1203770\n2. https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/net/mac80211/scan.c\n3. http://www.openwall.com/lists/oss-security/2022/10/13/2\n4. https://www.openwall.com/lists/oss-security/2022/10/13/5\n5. https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=aebe9f4639b13a1f4e9a6b42cdd2e38c617b442d\n6. https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY/\n7. https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNN3VFQPECS6D4PS6ZWD7AFXTOSJDSSR/\n8. https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2KTU5LFZNQS7YNGE56MT46VHMXL3DD2/\n9. https://www.debian.org/security/2022/dsa-5257\n10. https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html\n11. http://packetstormsecurity.com/files/169951/Kernel-Live-Patch-Security-Notice-LSN-0090-1.html", "creation_timestamp": "2025-05-15T14:35:10.000000Z"}, {"uuid": "b95ba256-a075-4e6a-ae2d-9d9548352444", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41678", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/55456", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1awebshell\n\u63cf\u8ff0\uff1aCVE-2022-41678 \u662f Apache ActiveMQ \u4e2d\u7684\u4e00\u4e2a\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u5141\u8bb8\u653b\u51fb\u8005\u901a\u8fc7 JMX (Java Management Extensions) \u63a5\u53e3\u4fee\u6539 Log4j \u914d\u7f6e\u6216 JFR (Java Flight Recorder) \u914d\u7f6e\uff0c\u4ece\u800c\u5199\u5165\u6076\u610f\u7684 JSP webshell \u5230\u670d\u52a1\u5668\u7684 web \u76ee\u5f55\u4e2d\uff0c\u6700\u7ec8\u5b9e\u73b0\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u3002\nURL\uff1ahttps://github.com/URJACK2025/CVE-2022-41678\n\n\u6807\u7b7e\uff1a#webshell", "creation_timestamp": "2025-10-14T14:25:33.000000Z"}, {"uuid": "08c72833-b82c-458c-bbb0-8f1ce946ea79", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41678", "type": "seen", "source": "https://t.me/ctinow/155663", "content": "https://ift.tt/SQjn9fk\nCVE-2022-41678 | Apache ActiveMQ up to 5.16.5/5.17.3 deserialization", "creation_timestamp": "2023-12-17T20:17:53.000000Z"}, {"uuid": "76ea1afc-e9b7-47cd-b3b5-36a31cb4b797", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41678", "type": "seen", "source": "https://t.me/ctinow/152559", "content": "https://ift.tt/7ejXGkt\nApache ActiveMQ Jolokia Remote Code Execution Vulnerability (CVE-2022-41678) Notification", "creation_timestamp": "2023-11-30T12:31:42.000000Z"}, {"uuid": "3b726e12-62b6-4c1d-bef7-d5c0ba6a1965", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41678", "type": "seen", "source": "https://t.me/arpsyndicate/3243", "content": "#ExploitObserverAlert\n\nCVE-2022-41678\n\nDESCRIPTION: Exploit Observer has 10 entries in 4 file formats related to CVE-2022-41678. Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution.\u00a0  In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia  org.jolokia.http.HttpRequestHandler#handlePostRequest is able to create JmxRequest through JSONObject. And calls to org.jolokia.http.HttpRequestHandler#executeRequest.  Into deeper calling stacks, org.jolokia.handler.ExecHandler#doHandleRequest is able to invoke through refection.  And then, RCE is able to be achieved via jdk.management.jfr.FlightRecorderMXBeanImpl which exists on Java version above 11.  1 Call newRecording.  2 Call setConfiguration. And a webshell data hides in it.  3 Call startRecording.  4 Call copyTo method. The webshell will be written to a .jsp file.  The mitigation is to restrict (by default) the actions authorized on Jolokia, or disable Jolokia. A more restrictive Jolokia configuration has been defined in default ActiveMQ distribution. We encourage users to upgrade to ActiveMQ distributions version including updated Jolokia configuration: 5.16.6, 5.17.4, 5.18.0, 6.0.0.\n\nFIRST-EPSS: 0.001030000\nNVD-IS: 5.9\nNVD-ES: 2.8", "creation_timestamp": "2024-01-28T07:04:53.000000Z"}, {"uuid": "c053fb30-7b71-47e3-90e1-71f6aedb7b2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41678", "type": "seen", "source": "https://t.me/arpsyndicate/1484", "content": "#ExploitObserverAlert\n\nCVE-2022-41678\n\nDESCRIPTION: Exploit Observer has 4 entries related to CVE-2022-41678. Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution.\u00a0  In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia  org.jolokia.http.HttpRequestHandler", "creation_timestamp": "2023-12-06T12:50:53.000000Z"}, {"uuid": "da96429d-e125-4c9c-b6e4-6754ed6d18ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41678", "type": "seen", "source": "https://t.me/arpsyndicate/1179", "content": "#ExploitObserverAlert\n\nCVE-2022-41678\n\nDESCRIPTION: Exploit Observer has 4 entries related to CVE-2022-41678. Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution.\u00a0  In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia  org.jolokia.http.HttpRequestHandler", "creation_timestamp": "2023-12-04T10:25:34.000000Z"}, {"uuid": "d0349db6-3553-44de-8802-e72034d68fd1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41678", "type": "seen", "source": "https://t.me/arpsyndicate/1549", "content": "#ExploitObserverAlert\n\nCVE-2022-41678\n\nDESCRIPTION: Exploit Observer has 4 entries related to CVE-2022-41678. Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution.\u00a0  In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia  org.jolokia.http.HttpRequestHandler", "creation_timestamp": "2023-12-08T11:40:19.000000Z"}, {"uuid": "a8ad0147-d0f7-448e-9b3b-659d809cd3f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41678", "type": "seen", "source": "https://t.me/arpsyndicate/1642", "content": "#ExploitObserverAlert\n\nCVE-2022-41678\n\nDESCRIPTION: Exploit Observer has 4 entries related to CVE-2022-41678. Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution.\u00a0  In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia  org.jolokia.http.HttpRequestHandler", "creation_timestamp": "2023-12-10T15:02:59.000000Z"}, {"uuid": "b81858be-10c8-4004-8da5-4c26577ff811", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41678", "type": "seen", "source": "https://t.me/ctinow/186445", "content": "https://ift.tt/kylmIni\nCVE-2022-41678 Apache ActiveMQ Vulnerability in NetApp Products", "creation_timestamp": "2024-02-16T15:31:52.000000Z"}, {"uuid": "d82c9127-e113-4d01-b54d-9c2a20c4a42d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41677", "type": "seen", "source": "https://t.me/ctinow/167157", "content": "https://ift.tt/7RWIeUO\nCVE-2022-41677 | Bosch Camera access control", "creation_timestamp": "2024-01-12T09:36:59.000000Z"}, {"uuid": "2c473978-5714-4090-a116-07347c38736f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4167", "type": "seen", "source": "https://t.me/cibsecurity/56405", "content": "\u203c CVE-2022-4167 \u203c\n\nIncorrect Authorization check affecting all versions of GitLab EE from 13.11 prior to 15.5.7, 15.6 prior to 15.6.4, and 15.7 prior to 15.7.2 allows group access tokens to continue working even after the group owner loses the ability to revoke them.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-12T07:29:55.000000Z"}, {"uuid": "bbf345b9-a070-47dd-868d-5f268ad0181b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41675", "type": "seen", "source": "https://t.me/cibsecurity/53633", "content": "\u203c CVE-2022-41675 \u203c\n\nA remote attacker with general user privilege can inject malicious code in the form content of Raiden MAILD Mail Server website. Other users export form content as CSV file can trigger arbitrary code execution and allow the attacker to perform arbitrary system operation or disrupt service on the user side.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-29T07:28:52.000000Z"}, {"uuid": "ca36a602-6003-4c66-ac86-f2c40b627243", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41676", "type": "seen", "source": "https://t.me/cibsecurity/53635", "content": "\u203c CVE-2022-41676 \u203c\n\nRaiden MAILD Mail Server website mail field has insufficient filtering for user input. A remote attacker with general user privilege can send email using the website with malicious JavaScript in the input field, which triggers XSS (Reflected Cross-Site Scripting) attack to the mail recipient.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-29T07:28:53.000000Z"}, {"uuid": "5cfce516-7cca-4075-8362-9295068863a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41671", "type": "seen", "source": "https://t.me/cibsecurity/52565", "content": "\u203c CVE-2022-41671 \u203c\n\nA CWE-89: Improper Neutralization of Special Elements used in SQL Command (\u00e2\u20ac\u02dcSQL Injection\u00e2\u20ac\u2122) vulnerability exists that allows adversaries with local user privileges to craft a malicious SQL query and execute as part of project migration which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-04T17:46:05.000000Z"}, {"uuid": "13682e8c-1f18-4260-bff7-195bd6ba46cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41674", "type": "seen", "source": "https://t.me/cibsecurity/51389", "content": "\u203c CVE-2022-41674 \u203c\n\nAn issue was discovered in the Linux kernel through 5.19.11. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-14T07:28:20.000000Z"}, {"uuid": "08e3c8f9-006e-4f07-848d-6c3d55a52eab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41679", "type": "seen", "source": "https://t.me/cibsecurity/52324", "content": "\u203c CVE-2022-41679 \u203c\n\nForma LMS version 3.1.0 and earlier are affected by an Cross-Site scripting vulnerability, that could allow a remote attacker to inject javascript code on the \u00e2\u20ac\u0153back_url\u00e2\u20ac\ufffd parameter in appLms/index.php?modname=faq&op=play function. The exploitation of this vulnerability could allow an attacker to steal the user\u00c2\u00b4s cookies in order to log in to the application.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-31T23:13:31.000000Z"}, {"uuid": "41225c4d-d886-4a08-8520-4ad840398ed3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41670", "type": "seen", "source": "https://t.me/cibsecurity/52564", "content": "\u203c CVE-2022-41670 \u203c\n\nA CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-04T17:43:01.000000Z"}]}