{"vulnerability": "cve-2022-2230", "sightings": [{"uuid": "78fad147-ab25-4b49-bdc8-6a5b373bdd63", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22304", "type": "seen", "source": "https://t.me/cibsecurity/46473", "content": "\u203c CVE-2022-22304 \u203c\n\nAn improper neutralization of input during web page generation vulnerability [CWE-79] in FortiAuthenticator OWA Agent for Microsoft version 2.2 and 2.1 may allow an unauthenticated attacker to perform an XSS attack via crafted HTTP GET requests.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-18T20:39:46.000000Z"}, {"uuid": "801eec57-f420-446b-9702-6e8605b52ff9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-2230", "type": "seen", "source": "https://t.me/cibsecurity/45485", "content": "\u203c CVE-2022-2230 \u203c\n\nA Stored Cross-Site Scripting vulnerability in the project settings page in GitLab CE/EE affecting all versions from 14.4 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an attacker to execute arbitrary JavaScript code in GitLab on a victim's behalf.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-01T20:42:46.000000Z"}, {"uuid": "4adad9af-64a4-4abb-8134-31881469fe9f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22309", "type": "seen", "source": "https://t.me/cibsecurity/43276", "content": "\u203c CVE-2022-22309 \u203c\n\nThe POWER systems FSP is vulnerable to unauthenticated logins through the serial port/TTY interface. This vulnerability can be more critical if the serial port is connected to a serial-over-lan device. IBM X-Force ID: 217095.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-24T20:36:58.000000Z"}, {"uuid": "baf0e2a0-e670-4274-ab01-7d23a7b04ccb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22306", "type": "seen", "source": "https://t.me/cibsecurity/43260", "content": "\u203c CVE-2022-22306 \u203c\n\nAn improper certificate validation vulnerability [CWE-295] in FortiOS 6.0.0 through 6.0.14, 6.2.0 through 6.2.10, 6.4.0 through 6.4.8, 7.0.0 may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the FortiGate and some peers such as private SDNs and external cloud platforms.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-24T18:37:07.000000Z"}, {"uuid": "1535a6b1-f684-4de7-bfdc-9339a6dee8a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22301", "type": "seen", "source": "https://t.me/cibsecurity/38288", "content": "\u203c CVE-2022-22301 \u203c\n\nAn improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in FortiAP-C\u00c2\u00a0console 5.4.0 through 5.4.3, 5.2.0 through 5.2.1 may allow an authenticated attacker to execute unauthorized commands by running\u00c2\u00a0CLI commands with specifically crafted arguments.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-02T12:24:56.000000Z"}, {"uuid": "e420b27e-022c-45fa-a86a-6195493ea780", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22303", "type": "seen", "source": "https://t.me/cibsecurity/38287", "content": "\u203c CVE-2022-22303 \u203c\n\nAn exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiManager versions prior to 7.0.2, 6.4.7 and 6.2.9 may allow a low privileged authenticated user to gain access to the FortiGate users credentials via the config conflict file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-02T19:16:03.000000Z"}, {"uuid": "163d54a0-fd6e-47d3-8a9f-12b22a86e647", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22300", "type": "seen", "source": "https://t.me/cibsecurity/38280", "content": "\u203c CVE-2022-22300 \u203c\n\nA improper handling of insufficient permissions or privileges in Fortinet FortiAnalyzer version 5.6.0 through 5.6.11, FortiAnalyzer version 6.0.0 through 6.0.11, FortiAnalyzer version 6.2.0 through 6.2.9, FortiAnalyzer version 6.4.0 through 6.4.7, FortiAnalyzer version 7.0.0 through 7 .0.2, FortiManager version 5.6.0 through 5.6.11, FortiManager version 6.0.0 through 6.0.11, FortiManager version 6.2.0 through 6.2.9, FortiManager version 6.4.0 through 6.4.7, FortiManager version 7.0.0 through 7.0.2 allows attacker to bypass the device policy and force the password-change action for its user.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-01T22:23:40.000000Z"}, {"uuid": "15b4b4e5-32ef-4413-9619-3a01c352ac76", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22308", "type": "seen", "source": "https://t.me/cibsecurity/37877", "content": "\u203c CVE-2022-22308 \u203c\n\nIBM Planning Analytics 2.0 is vulnerable to a Remote File Include (RFI) attack. User input could be passed into file include commands and the web application could be tricked into including remote files with malicious code. IBM X-Force ID: 216891.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-21T20:11:46.000000Z"}, {"uuid": "8a893d32-f593-4677-917a-48dbd6a188d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22305", "type": "seen", "source": "https://t.me/cibsecurity/69640", "content": "\u203c CVE-2022-22305 \u203c\n\nAn improper certificate validation vulnerability [CWE-295] in\u00c2\u00a0FortiManager 7.0.1 and below, 6.4.6 and below; FortiAnalyzer 7.0.2 and below, 6.4.7 and below; FortiOS 6.2.x and 6.0.x; FortiSandbox 4.0.x, 3.2.x and 3.1.x may allow a network adjacent and unauthenticated attacker to\u00c2\u00a0man-in-the-middle the communication between the listed products and some external peers.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-01T16:14:59.000000Z"}, {"uuid": "2546ea55-fb76-4f4f-ae18-750ceeb29b6a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22307", "type": "seen", "source": "https://t.me/cibsecurity/65251", "content": "\u203c CVE-2022-22307 \u203c\n\nIBM Security Guardium 11.3, 11.4, and 11.5 could allow a local user to obtain elevated privileges due to incorrect authorization checks. IBM X-Force ID: 216753.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-15T07:21:16.000000Z"}, {"uuid": "186735c0-30c3-46ec-9371-b8b52436a31f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22302", "type": "seen", "source": "https://t.me/cibsecurity/66327", "content": "\u203c CVE-2022-22302 \u203c\n\nA clear text storage of sensitive information (CWE-312) vulnerability in both FortiGate version 6.4.0 through 6.4.1, 6.2.0 through 6.2.9 and 6.0.0 through 6.0.13 and FortiAuthenticator version 5.5.0 and all versions of 6.1 and 6.0 may allow a local unauthorized party to retrieve the Fortinet private keys used to establish secure communication with both Apple Push Notification and Google Cloud Messaging services, via accessing the files on the filesystem.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-11T12:42:42.000000Z"}]}