{"vulnerability": "CVE-2024-4982", "sightings": [{"uuid": "9503d504-55be-4d32-b302-985e3c504fc5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-49820", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113669408261272276", "content": "", "creation_timestamp": "2024-12-17T17:45:24.879023Z"}, {"uuid": "4445b55d-7c92-4acb-b5fa-78d55ea6ebf1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-49824", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113850029423865331", "content": "", "creation_timestamp": "2025-01-18T15:19:44.332461Z"}, {"uuid": "f79f7af1-5fb8-4aae-a352-774fc2d044e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-49824", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfzpfz7cwn2p", "content": "", "creation_timestamp": "2025-01-18T16:16:03.156525Z"}, {"uuid": "b929393b-fe45-4c0a-9f42-b1c2996c0b55", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-49824", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfzuesejqm2w", "content": "", "creation_timestamp": "2025-01-18T17:44:53.184301Z"}, {"uuid": "eaf34d01-4e61-44dc-b79f-c4cca18fc2b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-49822", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lkobidb2lj2j", "content": "", "creation_timestamp": "2025-03-18T18:13:33.590650Z"}, {"uuid": "a8370358-f4ba-4618-910c-14ff71b0577d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-49825", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmryimzo222u", "content": "", "creation_timestamp": "2025-04-14T16:33:41.656355Z"}, {"uuid": "631560ef-8633-4542-9686-e006ae86953b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-49822", "type": "seen", "source": "MISP/02fb130c-7874-4693-9b66-81ed91a2e996", "content": "", "creation_timestamp": "2025-08-12T13:33:28.000000Z"}, {"uuid": "2992923b-3541-4441-be09-d97651590de6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-49822", "type": "seen", "source": "MISP/02fb130c-7874-4693-9b66-81ed91a2e996", "content": "", "creation_timestamp": "2025-08-21T03:19:28.000000Z"}, {"uuid": "7045ac27-6a93-4c37-a7eb-f0aab3dd9a3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-49824", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2298", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-49824\n\ud83d\udd39 Description: IBM Robotic Process Automation 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18 and \n\nIBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18\n\ncould allow an authenticated user to perform unauthorized actions as a privileged user due to improper validation of client-side security enforcement.\n\ud83d\udccf Published: 2025-01-18T15:11:58.522Z\n\ud83d\udccf Modified: 2025-01-18T15:11:58.522Z\n\ud83d\udd17 References:\n1. https://www.ibm.com/support/pages/node/7177587", "creation_timestamp": "2025-01-18T15:58:01.000000Z"}, {"uuid": "280bc5e0-0ebc-4166-b8b4-81a21c433d23", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-49823", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7079", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-49823\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 could allow an authenticated user to cause a denial of service in the Hardware Security Module (HSM) using a specially crafted sequence of valid requests.\n\ud83d\udccf Published: 2025-03-11T00:48:05.380Z\n\ud83d\udccf Modified: 2025-03-11T00:48:33.353Z\n\ud83d\udd17 References:\n1. https://www.ibm.com/support/pages/node/7185282", "creation_timestamp": "2025-03-11T01:41:15.000000Z"}, {"uuid": "a2d13bba-edd4-4062-a0e9-0d79871a6030", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-49829", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15098", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-49829\n\ud83d\udd25 CVSS Score: 6.7 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Memory corruption can occur during context user dumps due to inadequate checks on buffer length.\n\ud83d\udccf Published: 2025-05-06T08:32:14.738Z\n\ud83d\udccf Modified: 2025-05-06T13:14:46.682Z\n\ud83d\udd17 References:\n1. https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2025-bulletin.html", "creation_timestamp": "2025-05-06T13:20:47.000000Z"}, {"uuid": "58fe8188-5f94-4804-9bdf-31097ddd6859", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4982", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16022", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-4982\n\ud83d\udd25 CVSS Score: 7.6 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L)\n\ud83d\udd39 Description: A directory traversal vulnerability was discovered in Pagure server. If a malicious user submits a specially cratfted git repository they could discover secrets on the server.\n\ud83d\udccf Published: 2025-05-12T19:01:45.824Z\n\ud83d\udccf Modified: 2025-05-12T19:16:28.730Z\n\ud83d\udd17 References:\n1. https://access.redhat.com/security/cve/CVE-2024-4982\n2. https://bugzilla.redhat.com/show_bug.cgi?id=2279411\n3. https://bugzilla.redhat.com/show_bug.cgi?id=2280726\n4. https://pagure.io/pagure/c/c43844d23c919133fc983fe8c0f1dfb3b86e67d0", "creation_timestamp": "2025-05-12T19:29:10.000000Z"}, {"uuid": "77160fda-f4a8-4cbc-8624-0d0ce3d5ed74", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4982", "type": "published-proof-of-concept", "source": "https://t.me/tech_b0lt_Genona/5127", "content": "PoC'\u0438 \u043a\u0440\u0430\u0441\u0438\u0432\u044b\u0435\n\n- \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2024-4981 \u0438 CVE-2024-47515 \u0432\u044b\u0437\u0432\u0430\u043d\u044b \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0439 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u043e\u0439 \u0441\u0438\u043c\u0432\u043e\u043b\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0441\u0441\u044b\u043b\u043e\u043a \u0432 \u0444\u0443\u043d\u043a\u0446\u0438\u044f\u0445 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0444\u0430\u0439\u043b\u0430 \u0438 \u0433\u0435\u043d\u0435\u0440\u0430\u0446\u0438\u0438 \u0430\u0440\u0445\u0438\u0432\u043e\u0432. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u043f\u0440\u043e\u0447\u0438\u0442\u0430\u0442\u044c \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u043c\u043e\u0435 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u044b\u0445 \u0444\u0430\u0439\u043b\u043e\u0432 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\n\n- \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2024-4982 \u0432 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 view_issue_raw_file() \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0432\u044b\u0439\u0442\u0438 \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u044b \u0431\u0430\u0437\u043e\u0432\u043e\u0433\u043e \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0430 \u0447\u0435\u0440\u0435\u0437 \u0443\u043a\u0430\u0437\u0430\u043d\u0438\u0435 \u0441\u0438\u043c\u0432\u043e\u043b\u043e\u0432 \"/..\" \u0432 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u0430\u0445 \u0437\u0430\u043f\u0440\u043e\u0448\u0435\u043d\u043d\u043e\u0433\u043e Issue. \u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u0440\u043e\u0447\u0438\u0442\u0430\u0442\u044c \u0444\u0430\u0439\u043b\u044b \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435, \u043d\u0430\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u043f\u0440\u0430\u0432\u0430 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430 \u043f\u043e\u0434 \u043a\u043e\u0442\u043e\u0440\u044b\u043c \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u0442\u0441\u044f web-\u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\n\n- \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2024-47516 \u0432 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 PagureRepo.log(), \u0434\u0430\u0451\u0442 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0434\u043e\u0431\u0438\u0442\u044c\u0441\u044f \u043f\u043e\u0434\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 \u0441\u0432\u043e\u0438\u0445 \u043a\u043e\u043c\u0430\u043d\u0434 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435. \u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0432\u044b\u0437\u0432\u0430\u043d\u0430 \u0442\u0435\u043c, \u0447\u0442\u043e \u043f\u0440\u0438 \u043f\u0440\u043e\u0441\u043c\u043e\u0442\u0440\u0435 \u0438\u0441\u0442\u043e\u0440\u0438\u0438 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f \u0444\u0430\u0439\u043b\u0430 \u0447\u0435\u0440\u0435\u0437 web-\u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441 \u0432\u044b\u0437\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u043e\u043c\u0430\u043d\u0434\u0430 \"git\" \u0441 \u043f\u0435\u0440\u0435\u0434\u0430\u0447\u0435\u0439 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u0430 \u0432\u0435\u0442\u043a\u0438 \u0432 \u043a\u043e\u043c\u0430\u043d\u0434\u043d\u043e\u0439 \u0441\u0442\u0440\u043e\u043a\u0435 (\u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, \"/usr/bin/git --pretty=oneline --abbrev-commit  -- README.md\"). \u041a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0441\u0442\u044c \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u0430 \u043d\u0435 \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u0442\u0441\u044f, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u043c\u043e\u0436\u043d\u043e \u0432\u043c\u0435\u0441\u0442\u043e \u043d\u0435\u0433\u043e \u043f\u0435\u0440\u0435\u0434\u0430\u0442\u044c \u043b\u044e\u0431\u0443\u044e \u043e\u043f\u0446\u0438\u044e \u043a\u043e\u043c\u0430\u043d\u0434\u043d\u043e\u0439 \u0441\u0442\u0440\u043e\u043a\u0438, \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, \"--output=/tmp/foo.bar\" \u0434\u043b\u044f \u043f\u0435\u0440\u0435\u043d\u0430\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0432\u044b\u0432\u043e\u0434\u0430 \u0432 \u0444\u0430\u0439\u043b. \u0410\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0439 \u043c\u043e\u0436\u0435\u0442 \u043f\u0435\u0440\u0435\u0437\u0430\u043f\u0438\u0441\u0430\u0442\u044c \u0444\u0430\u0439\u043b \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0447\u0435\u0440\u0435\u0437 \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0443 \u0437\u0430\u043f\u0440\u043e\u0441\u0430 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0435\u0433\u043e \u0432\u0438\u0434\u0430:\n\n   http://pagure.local:5000/test/history/README.md?identifier=--output=/tmp/foo.bar\n\n- \u0412 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435 OBS (Open Build Service), \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u0435\u043c\u043e\u0439 \u0432 openSUSE \u0438 \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0434\u0440\u0443\u0433\u0438\u0445 \u0434\u0438\u0441\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0432\u0430\u0445 \u0434\u043b\u044f \u0441\u0431\u043e\u0440\u043a\u0438 \u043f\u0430\u043a\u0435\u0442\u043e\u0432, \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0430 \u043e\u0434\u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c (CVE-2024-22033), \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u0441\u0432\u043e\u0439 \u043a\u043e\u0434 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0430 27 \u0438\u044e\u043d\u044f 2024 \u0433\u043e\u0434\u0430, \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0430 \u043f\u0440\u043e\u0435\u043a\u0442\u0443 openSUSE 29 \u0438\u044e\u043d\u044f \u0438 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430 10 \u0438\u044e\u043b\u044f.\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 Pagure \u0438 OBS, \u0434\u043e\u043f\u0443\u0441\u043a\u0430\u0432\u0448\u0438\u0435 \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u044e \u043f\u0430\u043a\u0435\u0442\u043e\u0432 \u0432 \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f\u0445 Fedora \u0438 openSUSE\nhttps://www.opennet.ru/opennews/art.shtml?num=62928\n\n\u041e\u0440\u0438\u0433\u0438\u043d\u0430\u043b\nhttps://fenrisk.com/supply-chain-attacks\n\n\u0414\u043e\u043a\u043b\u0430\u0434 \u0431\u044b\u043b \u0441\u0434\u0435\u043b\u0430\u043d \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 insomni'hack 2025 (https://insomnihack.ch/), \u0441\u043b\u0430\u0439\u0434\u044b \u0441\u043a\u0438\u043d\u0443 \u0432 \u043a\u043e\u043c\u043c\u0435\u043d\u0442\u044b", "creation_timestamp": "2025-03-22T21:04:30.000000Z"}, {"uuid": "27da770f-e6a6-4748-bebe-614f080fab6a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4982", "type": "seen", "source": "https://t.me/cvedetector/25112", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-4982 - Pagure Git Directory Traversal Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-4982 \nPublished : May 12, 2025, 7:15 p.m. | 1\u00a0hour, 13\u00a0minutes ago \nDescription : A directory traversal vulnerability was discovered in Pagure server. If a malicious user submits a specially cratfted git repository they could discover secrets on the server. \nSeverity: 7.6 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-12T22:48:37.000000Z"}, {"uuid": "bfdb3398-7f51-4824-8a6e-22ff8298e80a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-49825", "type": "seen", "source": "https://t.me/cvedetector/22877", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-49825 - IBM Robotic Process Automation Session Impersonation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-49825 \nPublished : April 14, 2025, 3:15 p.m. | 1\u00a0hour, 19\u00a0minutes ago \nDescription : IBM Robotic Process Automation and Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.20 and 23.0.0 through 23.0.20 does not invalidate session after a logout which could allow an authenticated user to impersonate another user on the system. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-14T18:51:38.000000Z"}, {"uuid": "5f0723a6-33f2-4726-8a84-c8c0c6514909", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-49824", "type": "seen", "source": "https://t.me/cvedetector/15807", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-49824 - IBM Robotic Process Automation Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-49824 \nPublished : Jan. 18, 2025, 4:15 p.m. | 37\u00a0minutes ago \nDescription : IBM Robotic Process Automation 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18 and   \n  \nIBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18  \n  \ncould allow an authenticated user to perform unauthorized actions as a privileged user due to improper validation of client-side security enforcement. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-18T17:54:04.000000Z"}, {"uuid": "f46e1f98-3f7d-410a-b705-0202eda3dd61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-49820", "type": "seen", "source": "https://t.me/cvedetector/13119", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-49820 - IBM Security Guardium Key Lifecycle Manager Insecure HSTS Disablement\", \n  \"Content\": \"CVE ID : CVE-2024-49820 \nPublished : Dec. 17, 2024, 6:15 p.m. | 43\u00a0minutes ago \nDescription : IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1\u00a0could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. \nSeverity: 3.7 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-17T20:07:41.000000Z"}, {"uuid": "2622d823-cfa7-478f-a91e-a9ac98c5cb2a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-49823", "type": "seen", "source": "Telegram/SxSx8U--99185zCwggK_3tweLBYZnm8XDZAJUgwUx4w2mMsU", "content": "", "creation_timestamp": "2025-03-11T04:41:14.000000Z"}]}