{"vulnerability": "cve-2022-4457", "sightings": [{"uuid": "ab03b15a-9dab-445e-88f4-3ed756b7f11c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44578", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113645987638383204", "content": "", "creation_timestamp": "2024-12-13T14:29:14.258990Z"}, {"uuid": "29c4ddd4-af7c-4295-8f52-e45d7f5f105c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4457", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11048", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-4457\n\ud83d\udd25 CVSS Score: 5.5 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L)\n\ud83d\udd39 Description: Due to a misconfiguration in the manifest file of the WARP client for Android, it was possible to a perform a task hijacking attack. An attacker could create a malicious mobile application which could hijack legitimate app and steal potentially sensitive information when installed on the victim's device.\n\n\n\ud83d\udccf Published: 2023-01-11T16:32:28.382Z\n\ud83d\udccf Modified: 2025-04-09T13:43:50.264Z\n\ud83d\udd17 References:\n1. https://github.com/cloudflare/advisories/security/advisories/GHSA-35f7-fqrc-4hhj", "creation_timestamp": "2025-04-09T13:47:21.000000Z"}, {"uuid": "52d99d34-8c4c-41e7-be8a-d18225189c73", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44575", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12793", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-44575\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A vulnerability has been identified in PLM Help Server V4.2 (All versions). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link.\n\ud83d\udccf Published: 2022-12-13T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-22T03:25:24.922Z\n\ud83d\udd17 References:\n1. https://cert-portal.siemens.com/productcert/pdf/ssa-274282.pdf", "creation_timestamp": "2025-04-22T04:03:17.000000Z"}, {"uuid": "6050b68c-d699-428c-9ea6-429765fafff5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44572", "type": "seen", "source": "Telegram/O6OhE1aymL4DX5SvrMok3-oZwM6LoabBSeKUfelXQ_AifIsE", "content": "", "creation_timestamp": "2025-02-14T10:08:10.000000Z"}, {"uuid": "d5d0e86a-6489-49c8-8b4d-367eccf1b9fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44571", "type": "seen", "source": "Telegram/g1e4ge5b1YBoHhcu_y2c5BVoan6dMBrj4qBk_jZUyN-iLHGG", "content": "", "creation_timestamp": "2025-02-14T10:08:10.000000Z"}, {"uuid": "c964935e-7734-4c54-896a-bf63af18c897", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44570", "type": "seen", "source": "Telegram/CV1B3rZr5khK25YAobIJ1q14lZYG4ckN0CAy1N-SVmCsv3a7", "content": "", "creation_timestamp": "2025-02-14T10:08:10.000000Z"}, {"uuid": "9ae53bc1-b673-4599-9c2f-f840ef1a47c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44574", "type": "seen", "source": "https://t.me/cibsecurity/59833", "content": "\u203c CVE-2022-44574 \u203c\n\nAn improper authentication vulnerability exists in Avalanche version 6.3.x and below allows unauthenticated attacker to modify properties on specific port.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-11T00:21:27.000000Z"}, {"uuid": "8091f389-4763-4091-9af4-3a1128384293", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4457", "type": "seen", "source": "https://t.me/cibsecurity/56358", "content": "\u203c CVE-2022-4457 \u203c\n\nDue to a misconfiguration in the manifest file of the WARP client for Android, it was possible to a perform a task hijacking attack. An attacker could create a malicious mobile application which could hijack legitimate app and steal potentially sensitive information when installed on the victim's device.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-11T20:57:13.000000Z"}, {"uuid": "c69a44b2-ef8f-416f-8518-b6a365ed666d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44576", "type": "seen", "source": "https://t.me/cibsecurity/52493", "content": "\u203c CVE-2022-44576 \u203c\n\nAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in AgentEasy Properties plugin &lt;= 1.0.4 on WordPress.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-03T01:20:00.000000Z"}, {"uuid": "cc079e9a-0219-41c6-b457-77172f90c575", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44570", "type": "seen", "source": "https://t.me/critical_bug/1342", "content": "[\u2620\ufe0f\ud83d\udd25\ud83d\udd27] [CVE-2022-44570] \u0412\u043e\u0437\u043c\u043e\u0436\u043d\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c Denial of Service \u0432 \u0440\u0430\u0437\u0431\u043e\u0440\u0435 \u0437\u0430\u0433\u043e\u043b\u043e\u0432\u043a\u0430 Range \u043d\u0430 Rack\n\n\ud83d\udcb0 \u0411\u0430\u0443\u043d\u0442\u0438: $480\n\u26a0\ufe0f \u041a\u0440\u0438\u0442\u0438\u0447\u043d\u043e\u0441\u0442\u044c: \u041d\u0438\u0437\u043a\u0430\u044f\n\n\ud83d\udee0\ufe0f \u0425\u0430\u043a\u0435\u0440 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c DoS \u0432 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0435 \u0440\u0430\u0437\u0431\u043e\u0440\u0430 \u0437\u0430\u0433\u043e\u043b\u043e\u0432\u043a\u0430 Range \u043d\u0430 Rack. \u0425\u0438\u0442\u0440\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0432\u0445\u043e\u0434\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u0437\u0430\u0441\u0442\u0430\u0432\u043b\u044f\u043b\u0438 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442 \u0437\u0430\u043d\u0438\u043c\u0430\u0442\u044c \u043d\u0435\u043e\u0436\u0438\u0434\u0430\u043d\u043d\u043e \u043c\u043d\u043e\u0433\u043e \u0432\u0440\u0435\u043c\u0435\u043d\u0438 \u043d\u0430 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0443, \u0447\u0442\u043e \u043c\u043e\u0433\u043b\u043e \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0430\u0442\u0430\u043a\u0435 \u043d\u0430 \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u043b\u0430 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f, \u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0449\u0438\u0435 \u0441 \u0437\u0430\u043f\u0440\u043e\u0441\u0430\u043c\u0438 Range. \u0423\u044f\u0437\u0432\u0438\u043c\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 \u0431\u044b\u043b\u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u044b \u0432 \u0440\u0435\u043b\u0438\u0437\u0430\u0445 2.0.9.2, 2.1.4.2, 2.2.6.1 \u0438 3.0.4.1.\n\n\u041f\u043e\u0434\u043f\u0438\u0448\u0438\u0442\u0435\u0441\u044c \u043d\u0430 \u043d\u0430\u0448 \u043a\u0430\u043d\u0430\u043b, \u0433\u0434\u0435 \u043c\u044b \u0440\u0430\u0437\u0431\u0438\u0440\u0430\u0435\u043c \u0440\u0435\u043f\u043e\u0440\u0442\u044b \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439.\n\n\u0422\u0430\u043a\u0436\u0435 \u043f\u0440\u0435\u0434\u043b\u0430\u0433\u0430\u0435\u043c \u043e\u0444\u043e\u0440\u043c\u0438\u0442\u044c \u043f\u043e\u0434\u043f\u0438\u0441\u043a\u0443 \u043d\u0430 \u043a\u0430\u043d\u0430\u043b \u0420\u0435\u043f\u043e\u0440\u0442\u044b \u043f\u0440\u043e\u0441\u0442\u044b\u043c \u044f\u0437\u044b\u043a\u043e\u043c VIP, \u0433\u0434\u0435 \u0440\u0435\u043f\u043e\u0440\u0442\u044b \u0440\u0430\u0437\u0431\u0438\u0440\u0430\u044e\u0442\u0441\u044f \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e.", "creation_timestamp": "2024-07-17T19:32:19.000000Z"}]}