{"vulnerability": "CVE-2022-4509", "sightings": [{"uuid": "db70e9f1-91e6-4784-a4c2-4879502712fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45099", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8956", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-45099\n\ud83d\udd25 CVSS Score: 7.8 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: \nDell PowerScale OneFS, versions 8.2.x-9.4.x, contain a weak encoding for a NDMP password. A malicious and privileged local attacker could potentially exploit this vulnerability, leading to a full system compromise\n\n\n\n\n\n\n\ud83d\udccf Published: 2023-02-01T05:03:38.102Z\n\ud83d\udccf Modified: 2025-03-26T20:20:19.280Z\n\ud83d\udd17 References:\n1. https://www.dell.com/support/kbdoc/en-us/000206357/dell-emc-powerscale-onefs-security-updates-for-multiple-security-vulnerabilities", "creation_timestamp": "2025-03-26T20:25:42.000000Z"}, {"uuid": "f3e9b61a-ab12-45eb-8840-aa0688feb0fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45091", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8504", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-45091\n\ud83d\udd25 CVSS Score: 5.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Group Arge Energy and Control Systems Smartpower Web allows Cross-Site Scripting (XSS).This issue affects Smartpower Web: before 23.01.01.\n\n\n\ud83d\udccf Published: 2023-02-08T19:27:17.083Z\n\ud83d\udccf Modified: 2025-03-24T19:11:45.416Z\n\ud83d\udd17 References:\n1. https://www.usom.gov.tr/bildirim/tr-23-0066", "creation_timestamp": "2025-03-24T19:23:10.000000Z"}, {"uuid": "7a46e0c2-a139-47cb-8ee9-791799f22ca0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45098", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8954", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-45098\n\ud83d\udd25 CVSS Score: 6.1 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L)\n\ud83d\udd39 Description: \nDell PowerScale OneFS, 9.0.0.x-9.4.0.x, contain a cleartext storage of sensitive information vulnerability in S3 component. An authenticated local attacker could potentially exploit this vulnerability, leading to information disclosure.\n\n\n\n\n\n\n\ud83d\udccf Published: 2023-02-01T05:00:45.367Z\n\ud83d\udccf Modified: 2025-03-26T20:20:55.103Z\n\ud83d\udd17 References:\n1. https://www.dell.com/support/kbdoc/en-us/000206357/dell-emc-powerscale-onefs-security-updates-for-multiple-security-vulnerabilities", "creation_timestamp": "2025-03-26T20:25:41.000000Z"}, {"uuid": "47ed0035-9cd3-47f2-93f4-3986d58300d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45093", "type": "seen", "source": "https://t.me/cibsecurity/56223", "content": "\u203c CVE-2022-45093 \u203c\n\nA vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticated remote attacker with access to the Web Based Management (443/tcp) of the affected product as well as with access to the SFTP server of the affected product (22/tcp), could potentially read and write arbitrary files from and to the device's file system. An attacker might leverage this to trigger remote code execution on the affected component.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-10T14:28:28.000000Z"}, {"uuid": "2538f694-4d84-40af-ab66-80d17d39d3ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45095", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9064", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-45095\n\ud83d\udd25 CVSS Score: 6.7 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: \nDell PowerScale OneFS, 8.2.x-9.4.x, contain a command injection vulnerability. An authenticated user having access local shell and having the privilege to gather logs from the cluster could potentially exploit this vulnerability, leading to execute arbitrary commands, denial of service, information disclosure, and data deletion.\n\n\n\n\n\n\n\ud83d\udccf Published: 2023-02-01T04:45:08.879Z\n\ud83d\udccf Modified: 2025-03-27T13:24:03.236Z\n\ud83d\udd17 References:\n1. https://www.dell.com/support/kbdoc/en-us/000206357/dell-emc-powerscale-onefs-security-updates-for-multiple-security-vulnerabilities", "creation_timestamp": "2025-03-27T13:26:40.000000Z"}, {"uuid": "4706567b-1033-467c-be09-4e50eb3d3dc9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45094", "type": "seen", "source": "https://t.me/cibsecurity/56221", "content": "\u203c CVE-2022-45094 \u203c\n\nA vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticated remote attacker with access to the Web Based Management (443/tcp) of the affected product, could potentially inject commands into the dhcpd configuration of the affected product. An attacker might leverage this to trigger remote code execution on the affected component.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-10T14:28:25.000000Z"}, {"uuid": "716b9af3-f011-4aa9-bdaf-485200354f1f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45092", "type": "seen", "source": "https://t.me/cibsecurity/56220", "content": "\u203c CVE-2022-45092 \u203c\n\nA vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticated remote attacker with access to the Web Based Management (443/tcp) of the affected product, could potentially read and write arbitrary files from and to the device's file system. An attacker might leverage this to trigger remote code execution on the affected component.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-10T14:28:24.000000Z"}, {"uuid": "6537a925-12bb-4b0b-a07c-2db9dcd761ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4509", "type": "seen", "source": "https://t.me/cibsecurity/56835", "content": "\u203c CVE-2022-4509 \u203c\n\nThe Content Control WordPress plugin before 1.1.10 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high privilege users such as admins.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-23T18:25:01.000000Z"}, {"uuid": "a9e7bbb2-0666-4aeb-ba44-10d80082dd19", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45090", "type": "seen", "source": "https://t.me/cibsecurity/57960", "content": "\u203c CVE-2022-45090 \u203c\n\nImproper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection.This issue affects Smartpower Web: before 23.01.01.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-12T07:35:02.000000Z"}, {"uuid": "b7121095-5c20-4c81-a04a-b4038bfa254e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45097", "type": "seen", "source": "https://t.me/cibsecurity/57244", "content": "\u203c CVE-2022-45097 \u203c\n\nDell PowerScale OneFS 9.0.0.x-9.4.0.x contains an Incorrect User Management vulnerability. A low privileged network attacker could potentially exploit this vulnerability, leading to escalation of privileges, and information disclosure.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-01T07:13:56.000000Z"}, {"uuid": "b5ca23cc-e058-4303-8184-7cee77db395f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45098", "type": "seen", "source": "https://t.me/cibsecurity/57270", "content": "\u203c CVE-2022-45098 \u203c\n\nDell PowerScale OneFS, 9.0.0.x-9.4.0.x, contain a cleartext storage of sensitive information vulnerability in S3 component. An authenticated local attacker could potentially exploit this vulnerability, leading to information disclosure.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-01T12:14:13.000000Z"}, {"uuid": "260f4c79-e55d-4441-9c65-d07e1d7eaee1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45099", "type": "seen", "source": "https://t.me/cibsecurity/57260", "content": "\u203c CVE-2022-45099 \u203c\n\nDell PowerScale OneFS, versions 8.2.x-9.4.x, contain a weak encoding for a NDMP password. A malicious and privileged local attacker could potentially exploit this vulnerability, leading to a full system compromise\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-01T12:14:00.000000Z"}, {"uuid": "7b6800cd-8c78-4077-b1db-a4430b769806", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45095", "type": "seen", "source": "https://t.me/cibsecurity/57240", "content": "\u203c CVE-2022-45095 \u203c\n\nDell PowerScale OneFS, 8.2.x-9.4.x, contain a command injection vulnerability. An authenticated user having access local shell and having the privilege to gather logs from the cluster could potentially exploit this vulnerability, leading to execute arbitrary commands, denial of service, information disclosure, and data deletion.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-01T07:13:52.000000Z"}, {"uuid": "89c3fa04-5deb-4374-87d8-897034a2e035", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45096", "type": "seen", "source": "https://t.me/cibsecurity/57248", "content": "\u203c CVE-2022-45096 \u203c\n\nDell PowerScale OneFS, 8.2.0 through 9.3.0, contain an User Interface Security Issue. An unauthenticated remote user could unintentionally lead an administrator to enable this vulnerability, leading to disclosure of information.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-01T07:14:03.000000Z"}]}