{"vulnerability": "cve-2022-2193", "sightings": [{"uuid": "b608e8b3-69ea-404c-b0c8-045dac1dde79", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-21939", "type": "seen", "source": "https://t.me/cibsecurity/57901", "content": "\u203c CVE-2022-21939 \u203c\n\nSensitive Cookie Without 'HttpOnly' Flag vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-10T16:57:43.000000Z"}, {"uuid": "e820f1a3-ef7b-4428-84cd-6f6d38eac678", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-21934", "type": "seen", "source": "https://t.me/cibsecurity/42120", "content": "\u203c CVE-2022-21934 \u203c\n\nUnder certain circumstances an authenticated user could lock other users out of the system or take over their accounts in Metasys ADS/ADX/OAS server 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS server 11 versions prior to 11.0.2.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-06T20:22:57.000000Z"}, {"uuid": "3f8bf241-9347-404d-9fe4-168c865d1769", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-21936", "type": "seen", "source": "https://t.me/cibsecurity/51020", "content": "\u203c CVE-2022-21936 \u203c\n\nOn Metasys ADX Server version 12.0 running MVE, an Active Directory user could execute validated actions without providing a valid password when using MVE SMP UI.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-07T22:17:57.000000Z"}, {"uuid": "db22585a-555f-4e0d-be0c-482dc8b364a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-2193", "type": "seen", "source": "https://t.me/cibsecurity/46552", "content": "\u203c CVE-2022-2193 \u203c\n\nInsecure Direct Object Reference vulnerability in HYPR Server before version 6.14.1 allows remote authenticated attackers to add a FIDO2 authenticator to arbitrary accounts via parameter tampering in the Device Manager page. This issue affects: HYPR Server versions prior to 6.14.1.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-19T18:40:56.000000Z"}, {"uuid": "565d1866-5a95-424d-b22d-c0575e0ce2ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-21930", "type": "seen", "source": "https://t.me/cibsecurity/35301", "content": "\u203c CVE-2022-21929 \u203c\n\nMicrosoft Edge (Chromium-based) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21930, CVE-2022-21931.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-12T00:21:26.000000Z"}, {"uuid": "954fa12a-63b5-4f95-8892-defebbde9cd5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-21931", "type": "seen", "source": "https://t.me/cibsecurity/35301", "content": "\u203c CVE-2022-21929 \u203c\n\nMicrosoft Edge (Chromium-based) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21930, CVE-2022-21931.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-12T00:21:26.000000Z"}, {"uuid": "f74392ce-a8e6-49db-a739-c8cc4debb31c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-21933", "type": "seen", "source": "https://t.me/cibsecurity/36009", "content": "\u203c CVE-2022-21933 \u203c\n\nASUS VivoMini/Mini PC device has an improper input validation vulnerability. A local attacker with system privilege can use system management interrupt (SMI) to modify memory, resulting in arbitrary code execution for controlling the system or disrupting service.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-21T12:12:51.000000Z"}]}