{"vulnerability": "CVE-2022-4677", "sightings": [{"uuid": "72a80259-767d-49cd-a396-e5c8819ee31b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46770", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:49.000000Z"}, {"uuid": "9d14e3d7-8dcb-456a-8e6e-919309437e4e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46770", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:45.000000Z"}, {"uuid": "d767eadf-16ec-4305-b74d-7b946efa76e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4677", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8757", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-4677\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The Leaflet Maps Marker WordPress plugin before 3.12.7 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.\n\ud83d\udccf Published: 2023-02-06T19:59:40.495Z\n\ud83d\udccf Modified: 2025-03-25T20:12:16.710Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/9c293098-de54-4a04-b13d-2a702200f02e", "creation_timestamp": "2025-03-25T20:24:22.000000Z"}, {"uuid": "eb7244cb-ea66-4c16-8829-de2c63835b2d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46773", "type": "seen", "source": "https://t.me/cibsecurity/60094", "content": "\u203c CVE-2022-46773 \u203c\n\nIBM Robotic Process Automation 21.0.0 - 21.0.7 and 23.0.0 is vulnerable to client-side validation bypass for credential pools. Invalid credential pools may be created as a result. IBM X-Force ID: 242951.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-15T23:30:15.000000Z"}, {"uuid": "bc389aa1-5013-4e31-a17b-ebc8c7ae0d58", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46774", "type": "seen", "source": "https://t.me/cibsecurity/60078", "content": "\u203c CVE-2022-46774 \u203c\n\nIBM Manage Application 8.8.0 and 8.9.0 in the IBM Maximo Application Suite is vulnerable to incorrect default permissions which could give access to a user to actions that they should not have access to. IBM X-Force ID: 242953.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-15T21:30:03.000000Z"}, {"uuid": "551f4e17-4e9d-4b51-9281-a4b9ceadf061", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46770", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/mirageos/qubes_mirage_firewall_dos.rb", "content": "", "creation_timestamp": "2023-01-17T23:17:21.000000Z"}, {"uuid": "76b82e1e-cfe2-4ee4-8f69-bb747196a729", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46773", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5521", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-46773\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)\n\ud83d\udd39 Description: IBM Robotic Process Automation 21.0.0 - 21.0.7 and 23.0.0 is vulnerable to client-side validation bypass for credential pools. Invalid credential pools may be created as a result.  IBM X-Force ID:  242951.\n\ud83d\udccf Published: 2023-03-15T19:57:22.981Z\n\ud83d\udccf Modified: 2025-02-26T16:11:32.849Z\n\ud83d\udd17 References:\n1. https://www.ibm.com/support/pages/node/6962155\n2. https://exchange.xforce.ibmcloud.com/vulnerabilities/242951", "creation_timestamp": "2025-02-26T16:24:13.000000Z"}, {"uuid": "e7ba56e6-e26c-4839-86ad-b76d2964374a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46771", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12058", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-46771\n\ud83d\udd25 CVSS Score: 4.6 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N)\n\ud83d\udd39 Description: \nIBM UrbanCode Deploy (UCD) 6.2.0.0 through 6.2.7.18, 7.0.5.0 through 7.0.5.13, 7.1.0.0 through 7.1.2.9, 7.2.0.0 through 7.2.3.2 and 7.3.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 242273.\n\n\n\ud83d\udccf Published: 2022-12-20T19:40:41.039Z\n\ud83d\udccf Modified: 2025-04-16T14:49:50.868Z\n\ud83d\udd17 References:\n1. https://www.ibm.com/support/pages/node/6848897\n2. https://exchange.xforce.ibmcloud.com/vulnerabilities/242273", "creation_timestamp": "2025-04-16T14:56:27.000000Z"}, {"uuid": "f920f000-acc6-4842-9b2a-e9dcaa020b17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46770", "type": "seen", "source": "https://t.me/cibsecurity/54139", "content": "\u203c CVE-2022-46770 \u203c\n\nqubes-mirage-firewall (aka Mirage firewall for QubesOS) 0.8.x through 0.8.3 allows guest OS users to cause a denial of service (CPU consumption and loss of forwarding) via a crafted multicast UDP packet (IP address range of 224.0.0.0 through 239.255.255.255).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-07T22:11:53.000000Z"}, {"uuid": "0e46acfc-10bb-4274-af18-c0b15f5efba9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46771", "type": "seen", "source": "https://t.me/cibsecurity/54994", "content": "\u203c CVE-2022-46771 \u203c\n\nIBM UrbanCode Deploy (UCD) 6.2.0.0 through 6.2.7.18, 7.0.5.0 through 7.0.5.13, 7.1.0.0 through 7.1.2.9, 7.2.0.0 through 7.2.3.2 and 7.3.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 242273.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-20T22:12:36.000000Z"}]}