{"vulnerability": "CVE-2024-2223", "sightings": [{"uuid": "4c82dcca-0562-4300-8fc7-69dd1a196312", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22234", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/6661", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1a env of CVE-2024-22243&amp;CVE-2024-22234\nURL\uff1ahttps://github.com/shellfeel/CVE-2024-22243-CVE-2024-22234\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-02-23T10:13:50.000000Z"}, {"uuid": "0ca6319d-73ff-4435-9a53-9666d7d71e3d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22233", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4337", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-22233\n\ud83d\udd25 CVSS Score: 7.5 (CVSS_V3)\n\ud83d\udd39 Description: In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition.\n\nSpecifically, an application is vulnerable when all of the following are true:\n\n  *  the application uses Spring MVC\n  *  Spring Security 6.1.6+ or 6.2.1+ is on the classpath\n\n\nTypically, Spring Boot applications need the org.springframework.boot:spring-boot-starter-web\u00a0and org.springframework.boot:spring-boot-starter-security\u00a0dependencies to meet all conditions.\n\ud83d\udccf Published: 2024-01-22T15:30:23Z\n\ud83d\udccf Modified: 2025-02-13T19:33:11Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-22233\n2. https://security.netapp.com/advisory/ntap-20240614-0005\n3. https://spring.io/security/cve-2024-22233", "creation_timestamp": "2025-02-13T20:13:10.000000Z"}, {"uuid": "d3b88efa-a34a-47b2-b5bd-d106f9a8e393", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22235", "type": "seen", "source": "Telegram/zrvacZcryUZoZQ5LgUhbPwGnbu1ZPJMJ8nn1SWMYvliqSnz2", "content": "", "creation_timestamp": "2025-02-14T10:05:08.000000Z"}, {"uuid": "efe10584-beb1-4567-8450-b526ddd79d9d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22235", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4106", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-22235\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2024-02-21T05:15:08.880\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://www.vmware.com/security/advisories/VMSA-2024-0004.html\n2. https://www.vmware.com/security/advisories/VMSA-2024-0004.html", "creation_timestamp": "2025-02-12T17:07:54.000000Z"}, {"uuid": "643a3a24-69b8-4978-b4ae-a7e88a1b4398", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22233", "type": "seen", "source": "https://t.me/arpsyndicate/3191", "content": "#ExploitObserverAlert\n\nCVE-2024-22233\n\nDESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to CVE-2024-22233. In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition.  Specifically, an application is vulnerable when all of the following are true:    *  the application uses Spring MVC   *  Spring Security 6.1.6+ or 6.2.1+ is on the classpath   Typically, Spring Boot applications need the org.springframework.boot:spring-boot-starter-web\u00a0and org.springframework.boot:spring-boot-starter-security\u00a0dependencies to meet all conditions.\n\nFIRST-EPSS: 0.000430000", "creation_timestamp": "2024-01-28T03:50:07.000000Z"}, {"uuid": "9e6ecfcf-acd8-4630-8ea6-0505e30c416d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2223", "type": "seen", "source": "https://t.me/arpsyndicate/4499", "content": "#ExploitObserverAlert\n\nCVE-2024-2223\n\nDESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to CVE-2024-2223. An Incorrect Regular Expression vulnerability in Bitdefender GravityZone Update Server allows an attacker to cause a Server Side Request Forgery and reconfigure the relay. This issue affects the following products that include the vulnerable component:\u00a0  Bitdefender Endpoint Security for Linux version 7.0.5.200089 Bitdefender Endpoint Security for\u00a0 Windows version 7.9.9.380 GravityZone Control Center (On Premises) version 6.36.1\n\nFIRST-EPSS: 0.000430000", "creation_timestamp": "2024-04-11T10:02:49.000000Z"}, {"uuid": "5a8495ab-d7f0-4be0-8827-07f31d4bfcbe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22234", "type": "seen", "source": "https://t.me/arpsyndicate/3733", "content": "#ExploitObserverAlert\n\nCVE-2024-22234\n\nDESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-22234. In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the AuthenticationTrustResolver.isFullyAuthenticated(Authentication)\u00a0method.  Specifically, an application is vulnerable if:    *  The application uses AuthenticationTrustResolver.isFullyAuthenticated(Authentication)\u00a0directly and a null\u00a0authentication parameter is passed to it resulting in an erroneous true\u00a0return value.   An application is not vulnerable if any of the following is true:    *  The application does not use AuthenticationTrustResolver.isFullyAuthenticated(Authentication)\u00a0directly.   *  The application does not pass null\u00a0to AuthenticationTrustResolver.isFullyAuthenticated   *  The application only uses isFullyAuthenticated\u00a0via  Method Security https://docs.spring.io/spring-security/reference/servlet/authorization/method-security.html \u00a0or  HTTP Request Security https://docs.spring.io/spring-security/reference/servlet/authorization/authorize-http-requests.html\n\nFIRST-EPSS: 0.000430000", "creation_timestamp": "2024-02-21T07:35:04.000000Z"}, {"uuid": "32d26fde-5e54-43e7-9452-802a2829e722", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22235", "type": "seen", "source": "https://t.me/arpsyndicate/3894", "content": "#ExploitObserverAlert\n\nCVE-2024-22235\n\nDESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-22235. VMware Aria Operations contains a local privilege escalation vulnerability.\u00a0A malicious actor with administrative access to the local system can escalate privileges to 'root'.\n\nFIRST-EPSS: 0.000430000", "creation_timestamp": "2024-02-22T03:39:57.000000Z"}, {"uuid": "a195c22a-43db-4c91-8f68-63294f8dc9e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22233", "type": "seen", "source": "https://t.me/arpsyndicate/3055", "content": "#ExploitObserverAlert\n\nCVE-2024-22233\n\nDESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2024-22233. In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition.  Specifically, an application is vulnerable when all of the following are true:    *  the application uses Spring MVC   *  Spring Security 6.1.6+ or 6.2.1+ is on the classpath   Typically, Spring Boot applications need the org.springframework.boot:spring-boot-starter-web\u00a0and org.springframework.boot:spring-boot-starter-security\u00a0dependencies to meet all conditions.\n\nFIRST-EPSS: 0.000430000", "creation_timestamp": "2024-01-26T20:14:50.000000Z"}, {"uuid": "1b58bb05-9693-43da-a02a-fe0da790e125", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22239", "type": "seen", "source": "https://t.me/true_secator/5391", "content": "\u0412\u0441\u043b\u0435\u0434 \u0437\u0430 Cisco \u0438 Fortinet, \u0437\u0430\u0432\u0435\u0440\u0448\u0430\u0435\u0442 \u00ab\u0442\u0440\u043e\u0439\u043a\u0443\u00bb \u043d\u0430 \u044d\u0442\u043e\u0439 \u043d\u0435\u0434\u0435\u043b\u0435 VMware, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u043b\u0430 \u043e\u00a0\u043f\u044f\u0442\u0438 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u0445\u00a0\u0432 Aria Operations for Networks (\u0440\u0430\u043d\u0435\u0435 vRealize Network Insight). \u0421\u0440\u0435\u0434\u0438 \u043d\u0438\u0445:\n\n- CVE-2024-22237 (CVSS: 7,8): \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044e \u043a\u043e\u043d\u0441\u043e\u043b\u0438 \u043f\u043e\u043b\u0443\u0447\u0430\u0442\u044c \u0440\u0435\u0433\u0443\u043b\u044f\u0440\u043d\u044b\u0439 root-\u0434\u043e\u0441\u0442\u0443\u043f.\n\n- CVE-2024-22238 (CVSS: 6,4): \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u043e\u0433\u043e \u0441\u043a\u0440\u0438\u043f\u0442\u0438\u043d\u0433\u0430 (XSS), \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0441 \u043f\u0440\u0430\u0432\u0430\u043c\u0438 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u0432\u043d\u0435\u0434\u0440\u0438\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u043a\u043e\u0434 \u0432 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0444\u0438\u043b\u0435\u0439 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439.\n\n- CVE-2024-22239 (CVSS: 5,3): \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044e \u043a\u043e\u043d\u0441\u043e\u043b\u0438 \u043f\u043e\u043b\u0443\u0447\u0430\u0442\u044c \u043e\u0431\u044b\u0447\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043e\u0431\u043e\u043b\u043e\u0447\u043a\u0435.\n\n- CVE-2024-22240 (CVSS: 4,9): \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0447\u0442\u0435\u043d\u0438\u044f \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0444\u0430\u0439\u043b\u0430, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0441 \u043f\u0440\u0430\u0432\u0430\u043c\u0438 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438.\n\n- CVE-2024-22241 (CVSS: 4,3): \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u043e\u0433\u043e \u0441\u043a\u0440\u0438\u043f\u0442\u0438\u043d\u0433\u0430 (XSS), \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0441 \u043f\u0440\u0430\u0432\u0430\u043c\u0438 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u0432\u043d\u0435\u0434\u0440\u0438\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u043a\u043e\u0434 \u0438 \u0437\u0430\u0432\u043b\u0430\u0434\u0435\u0442\u044c \u0443\u0447\u0435\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u044c\u044e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f.\n\n\u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c VMware Aria Operations for Networks \u0432\u0435\u0440\u0441\u0438\u0438 6.x \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f\u00a0\u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c\u00a0\u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 6.12.0.\n\n\u0423\u0447\u0438\u0442\u044b\u0432\u0430\u044f \u0432\u0441\u0435\u043c\u0438 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0439 \u043f\u0435\u0447\u0430\u043b\u044c\u043d\u044b\u0439 \u043e\u043f\u044b\u0442 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u043e\u0432 Cisco, Fortinet \u0438 VMware, \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u044b\u043c \u0438 \u0433\u043b\u0430\u0432\u043d\u044b\u043c \u0448\u0430\u0433\u043e\u043c \u0434\u043b\u044f \u043a\u0443\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u0440\u0438\u0441\u043a\u043e\u0432.", "creation_timestamp": "2024-02-08T11:40:05.000000Z"}, {"uuid": "d691794d-d7bb-43c5-8fc5-1857d45f1658", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22238", "type": "seen", "source": "https://t.me/true_secator/5391", "content": "\u0412\u0441\u043b\u0435\u0434 \u0437\u0430 Cisco \u0438 Fortinet, \u0437\u0430\u0432\u0435\u0440\u0448\u0430\u0435\u0442 \u00ab\u0442\u0440\u043e\u0439\u043a\u0443\u00bb \u043d\u0430 \u044d\u0442\u043e\u0439 \u043d\u0435\u0434\u0435\u043b\u0435 VMware, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u043b\u0430 \u043e\u00a0\u043f\u044f\u0442\u0438 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u0445\u00a0\u0432 Aria Operations for Networks (\u0440\u0430\u043d\u0435\u0435 vRealize Network Insight). \u0421\u0440\u0435\u0434\u0438 \u043d\u0438\u0445:\n\n- CVE-2024-22237 (CVSS: 7,8): \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044e \u043a\u043e\u043d\u0441\u043e\u043b\u0438 \u043f\u043e\u043b\u0443\u0447\u0430\u0442\u044c \u0440\u0435\u0433\u0443\u043b\u044f\u0440\u043d\u044b\u0439 root-\u0434\u043e\u0441\u0442\u0443\u043f.\n\n- CVE-2024-22238 (CVSS: 6,4): \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u043e\u0433\u043e \u0441\u043a\u0440\u0438\u043f\u0442\u0438\u043d\u0433\u0430 (XSS), \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0441 \u043f\u0440\u0430\u0432\u0430\u043c\u0438 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u0432\u043d\u0435\u0434\u0440\u0438\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u043a\u043e\u0434 \u0432 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0444\u0438\u043b\u0435\u0439 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439.\n\n- CVE-2024-22239 (CVSS: 5,3): \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044e \u043a\u043e\u043d\u0441\u043e\u043b\u0438 \u043f\u043e\u043b\u0443\u0447\u0430\u0442\u044c \u043e\u0431\u044b\u0447\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043e\u0431\u043e\u043b\u043e\u0447\u043a\u0435.\n\n- CVE-2024-22240 (CVSS: 4,9): \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0447\u0442\u0435\u043d\u0438\u044f \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0444\u0430\u0439\u043b\u0430, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0441 \u043f\u0440\u0430\u0432\u0430\u043c\u0438 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438.\n\n- CVE-2024-22241 (CVSS: 4,3): \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u043e\u0433\u043e \u0441\u043a\u0440\u0438\u043f\u0442\u0438\u043d\u0433\u0430 (XSS), \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0441 \u043f\u0440\u0430\u0432\u0430\u043c\u0438 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u0432\u043d\u0435\u0434\u0440\u0438\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u043a\u043e\u0434 \u0438 \u0437\u0430\u0432\u043b\u0430\u0434\u0435\u0442\u044c \u0443\u0447\u0435\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u044c\u044e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f.\n\n\u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c VMware Aria Operations for Networks \u0432\u0435\u0440\u0441\u0438\u0438 6.x \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f\u00a0\u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c\u00a0\u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 6.12.0.\n\n\u0423\u0447\u0438\u0442\u044b\u0432\u0430\u044f \u0432\u0441\u0435\u043c\u0438 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0439 \u043f\u0435\u0447\u0430\u043b\u044c\u043d\u044b\u0439 \u043e\u043f\u044b\u0442 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u043e\u0432 Cisco, Fortinet \u0438 VMware, \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u044b\u043c \u0438 \u0433\u043b\u0430\u0432\u043d\u044b\u043c \u0448\u0430\u0433\u043e\u043c \u0434\u043b\u044f \u043a\u0443\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u0440\u0438\u0441\u043a\u043e\u0432.", "creation_timestamp": "2024-02-08T11:40:05.000000Z"}, {"uuid": "9a758785-7bb5-4a61-ab23-6ebdaddc9c79", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22237", "type": "seen", "source": "https://t.me/true_secator/5391", "content": "\u0412\u0441\u043b\u0435\u0434 \u0437\u0430 Cisco \u0438 Fortinet, \u0437\u0430\u0432\u0435\u0440\u0448\u0430\u0435\u0442 \u00ab\u0442\u0440\u043e\u0439\u043a\u0443\u00bb \u043d\u0430 \u044d\u0442\u043e\u0439 \u043d\u0435\u0434\u0435\u043b\u0435 VMware, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u043b\u0430 \u043e\u00a0\u043f\u044f\u0442\u0438 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u0445\u00a0\u0432 Aria Operations for Networks (\u0440\u0430\u043d\u0435\u0435 vRealize Network Insight). \u0421\u0440\u0435\u0434\u0438 \u043d\u0438\u0445:\n\n- CVE-2024-22237 (CVSS: 7,8): \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044e \u043a\u043e\u043d\u0441\u043e\u043b\u0438 \u043f\u043e\u043b\u0443\u0447\u0430\u0442\u044c \u0440\u0435\u0433\u0443\u043b\u044f\u0440\u043d\u044b\u0439 root-\u0434\u043e\u0441\u0442\u0443\u043f.\n\n- CVE-2024-22238 (CVSS: 6,4): \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u043e\u0433\u043e \u0441\u043a\u0440\u0438\u043f\u0442\u0438\u043d\u0433\u0430 (XSS), \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0441 \u043f\u0440\u0430\u0432\u0430\u043c\u0438 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u0432\u043d\u0435\u0434\u0440\u0438\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u043a\u043e\u0434 \u0432 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0444\u0438\u043b\u0435\u0439 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439.\n\n- CVE-2024-22239 (CVSS: 5,3): \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044e \u043a\u043e\u043d\u0441\u043e\u043b\u0438 \u043f\u043e\u043b\u0443\u0447\u0430\u0442\u044c \u043e\u0431\u044b\u0447\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043e\u0431\u043e\u043b\u043e\u0447\u043a\u0435.\n\n- CVE-2024-22240 (CVSS: 4,9): \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0447\u0442\u0435\u043d\u0438\u044f \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0444\u0430\u0439\u043b\u0430, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0441 \u043f\u0440\u0430\u0432\u0430\u043c\u0438 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438.\n\n- CVE-2024-22241 (CVSS: 4,3): \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u043e\u0433\u043e \u0441\u043a\u0440\u0438\u043f\u0442\u0438\u043d\u0433\u0430 (XSS), \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0441 \u043f\u0440\u0430\u0432\u0430\u043c\u0438 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u0432\u043d\u0435\u0434\u0440\u0438\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u043a\u043e\u0434 \u0438 \u0437\u0430\u0432\u043b\u0430\u0434\u0435\u0442\u044c \u0443\u0447\u0435\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u044c\u044e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f.\n\n\u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c VMware Aria Operations for Networks \u0432\u0435\u0440\u0441\u0438\u0438 6.x \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f\u00a0\u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c\u00a0\u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 6.12.0.\n\n\u0423\u0447\u0438\u0442\u044b\u0432\u0430\u044f \u0432\u0441\u0435\u043c\u0438 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0439 \u043f\u0435\u0447\u0430\u043b\u044c\u043d\u044b\u0439 \u043e\u043f\u044b\u0442 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u043e\u0432 Cisco, Fortinet \u0438 VMware, \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u044b\u043c \u0438 \u0433\u043b\u0430\u0432\u043d\u044b\u043c \u0448\u0430\u0433\u043e\u043c \u0434\u043b\u044f \u043a\u0443\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u0440\u0438\u0441\u043a\u043e\u0432.", "creation_timestamp": "2024-02-08T11:40:05.000000Z"}, {"uuid": "3082d1d5-1322-4c06-b690-6fe40d2f871b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22230", "type": "seen", "source": "https://t.me/ctinow/198807", "content": "https://ift.tt/A3Mq9lK\nCVE-2024-22230 | Dell Unity up to 5.3 cross site scripting (dsa-2024-042)", "creation_timestamp": "2024-03-03T16:21:54.000000Z"}, {"uuid": "270de619-b053-4df1-8810-69a81185316f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22234", "type": "seen", "source": "https://t.me/ctinow/188213", "content": "https://ift.tt/MXekWIG\nCVE-2024-22234", "creation_timestamp": "2024-02-20T08:22:02.000000Z"}, {"uuid": "9bbb41d7-a9b6-4e0c-868d-927bc9fc6d19", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22234", "type": "seen", "source": "https://t.me/ctinow/208640", "content": "https://ift.tt/oICwzRG\nCVE-2024-22234 Spring Security Vulnerability in NetApp Products", "creation_timestamp": "2024-03-15T11:26:47.000000Z"}, {"uuid": "89ad626b-2219-4f37-8158-6de44aace532", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22234", "type": "seen", "source": "https://t.me/ctinow/188210", "content": "https://ift.tt/MXekWIG\nCVE-2024-22234", "creation_timestamp": "2024-02-20T08:22:00.000000Z"}, {"uuid": "cc4c33da-687e-473c-b1ba-b8d487270ef0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22235", "type": "seen", "source": "https://t.me/ctinow/189246", "content": "https://ift.tt/1rYf3CZ\nCVE-2024-22235", "creation_timestamp": "2024-02-21T06:21:34.000000Z"}, {"uuid": "518e3eb6-f2b4-468b-94df-6b1099b71ffb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22235", "type": "seen", "source": "https://t.me/ctinow/189250", "content": "https://ift.tt/1rYf3CZ\nCVE-2024-22235", "creation_timestamp": "2024-02-21T06:26:46.000000Z"}, {"uuid": "6df1a82f-ecbe-47c3-97c1-5537230ced0e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22234", "type": "seen", "source": "https://t.me/ctinow/188908", "content": "https://ift.tt/eLdX7qz\nCVE-2024-22234", "creation_timestamp": "2024-02-20T20:57:30.000000Z"}, {"uuid": "1388d1ce-12c9-446f-860b-c148664a1d50", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22233", "type": "seen", "source": "https://t.me/ctinow/186199", "content": "https://ift.tt/3zVDk28\nCVE-2024-22233 | VMware Spring Framework 6.0.15/6.1.2 HTTP Request denial of service", "creation_timestamp": "2024-02-16T09:11:52.000000Z"}, {"uuid": "f3f54380-cc6b-48a2-8727-8aab86df6010", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22236", "type": "seen", "source": "https://t.me/ctinow/190723", "content": "https://ift.tt/6sDYS5a\nCVE-2024-22236 | Spring Cloud Contract up to 3.1.9/4.0.4/4.1.0 Guava temp file", "creation_timestamp": "2024-02-22T13:42:22.000000Z"}, {"uuid": "60c41ab4-9b06-42da-9112-4fecbc9578ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22230", "type": "seen", "source": "https://t.me/ctinow/183385", "content": "https://ift.tt/6DU1XFv\nCVE-2024-22230", "creation_timestamp": "2024-02-12T20:27:05.000000Z"}, {"uuid": "32479fe9-09e5-4e4f-878b-981621e05e54", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22239", "type": "seen", "source": "https://t.me/ctinow/180335", "content": "https://ift.tt/5OtFInK\nCVE-2024-22239", "creation_timestamp": "2024-02-06T21:26:41.000000Z"}, {"uuid": "1ae0c1d5-4b76-4a4d-84b3-f92d6a877d9e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22238", "type": "seen", "source": "https://t.me/ctinow/180334", "content": "https://ift.tt/vPJ7Ef2\nCVE-2024-22238", "creation_timestamp": "2024-02-06T21:26:40.000000Z"}, {"uuid": "bad98b33-073d-4cd6-9ced-de7a069a5ec0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22236", "type": "seen", "source": "https://t.me/ctinow/176541", "content": "https://ift.tt/MtYVrhg\nCVE-2024-22236", "creation_timestamp": "2024-01-31T08:22:10.000000Z"}, {"uuid": "a541f72e-37bd-4061-8087-3e6b00cced4c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22233", "type": "seen", "source": "https://t.me/ctinow/171471", "content": "https://ift.tt/V1ivojg\nCVE-2024-22233", "creation_timestamp": "2024-01-22T22:16:35.000000Z"}, {"uuid": "81a27e77-e901-450a-adfa-85ec552e283e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22233", "type": "seen", "source": "https://t.me/ctinow/171173", "content": "https://ift.tt/VMTzYd6\nCVE-2024-22233", "creation_timestamp": "2024-01-22T14:21:53.000000Z"}, {"uuid": "33acbc0e-4ee3-439b-a6c0-e8621e523fc2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22237", "type": "seen", "source": "https://t.me/ctinow/197582", "content": "https://ift.tt/vVbWM9k\nCVE-2024-22237 | VMware Aria Operations for Networks prior 6.12 privileges management (VMSA-2024-0002)", "creation_timestamp": "2024-03-01T13:11:37.000000Z"}, {"uuid": "bebbd1a8-efd3-422e-9d35-2adccf90e0fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22238", "type": "seen", "source": "https://t.me/ctinow/197583", "content": "https://ift.tt/pWGD8hw\nCVE-2024-22238 | VMware Aria Operations for Networks prior 6.12 cross site scripting (VMSA-2024-0002)", "creation_timestamp": "2024-03-01T13:11:38.000000Z"}, {"uuid": "8f4a78c2-99fa-428e-979e-874c0e442614", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22239", "type": "seen", "source": "https://t.me/ctinow/197610", "content": "https://ift.tt/RpKEsPx\nCVE-2024-22239 | VMware Aria Operations for Networks prior 6.12 Console privileges management (VMSA-2024-0002)", "creation_timestamp": "2024-03-01T13:41:32.000000Z"}]}