{"vulnerability": "cve-2022-2279", "sightings": [{"uuid": "4e905f8c-a79a-4074-be05-f250589def8a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22797", "type": "seen", "source": "https://t.me/cibsecurity/42566", "content": "\u203c CVE-2022-22797 \u203c\n\nSysaid \u00e2\u20ac\u201c sysaid Open Redirect - An Attacker can change the redirect link at the parameter \"redirectURL\" from\"GET\" request from the url location: /CommunitySSORedirect.jsp?redirectURL=https://google.com. Unvalidated redirects and forwards are possible when a web application accepts untrusted input that could cause the web application to redirect the request to a URL contained within untrusted input. By modifying untrusted URL input to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-13T00:42:28.000000Z"}, {"uuid": "4229a6e9-2049-4d3b-9def-5869f8330854", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22796", "type": "seen", "source": "https://t.me/cibsecurity/42564", "content": "\u203c CVE-2022-22796 \u203c\n\nSysaid \u00e2\u20ac\u201c Sysaid System Takeover - An attacker can bypass the authentication process by accessing to: /wmiwizard.jsp, Then to: /ConcurrentLogin.jsp, then click on the login button, and it will redirect you to /home.jsp without any authentication.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-13T00:42:27.000000Z"}, {"uuid": "ab4f2b69-4eb0-4b40-813b-21c594bf00ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22795", "type": "seen", "source": "https://t.me/cibsecurity/38729", "content": "\u203c CVE-2022-22795 \u203c\n\nSigniant - Manager+Agents XML External Entity (XXE) - Extract internal files of the affected machine An attacker can read all the system files, the product is running with root on Linux systems and nt/authority on windows systems, which allows him to access and extract any file on the systems, such as passwd, shadow, hosts and so on. By gaining access to these files, attackers can steal sensitive information from the victims machine.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-10T20:26:22.000000Z"}, {"uuid": "b330c13a-d57c-4342-b4bf-9abb605217df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22793", "type": "seen", "source": "https://t.me/cibsecurity/38033", "content": "\u203c CVE-2022-22793 \u203c\n\nCybonet - PineApp Mail Relay Local File Inclusion. Attacker can send a request to : /manage/mailpolicymtm/log/eml_viewer/email.content.body.php?filesystem_path=ENCDODED PATH and by doing that, the attacker can read Local Files inside the server.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-24T20:14:44.000000Z"}, {"uuid": "0b57f391-eb70-4dfe-a234-edacd74e4ee8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22794", "type": "seen", "source": "https://t.me/cibsecurity/38035", "content": "\u203c CVE-2022-22794 \u203c\n\nCybonet - PineApp Mail Relay Unauthenticated Sql Injection. Attacker can send a request to: /manage/emailrichment/userlist.php?CUSTOMER_ID_INNER=1 /admin/emailrichment/userlist.php?CUSTOMER_ID_INNER=1 /manage/emailrichment/usersunlist.php?CUSTOMER_ID_INNER=1 /admin/emailrichment/usersunlist.php?CUSTOMER_ID_INNER=1 and by doing that, the attacker can run Remote Code Execution in one liner.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-24T20:14:46.000000Z"}, {"uuid": "54aa9128-70ac-4616-995f-674436d14d2d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-2279", "type": "seen", "source": "https://t.me/cibsecurity/45464", "content": "\u203c CVE-2022-2279 \u203c\n\nNULL Pointer Dereference in GitHub repository bfabiszewski/libmobi prior to 0.11.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-01T12:39:29.000000Z"}, {"uuid": "cdcc18d0-a92d-4147-b534-a09d59a296b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22798", "type": "seen", "source": "https://t.me/cibsecurity/42555", "content": "\u203c CVE-2022-22798 \u203c\n\nSysaid \u00e2\u20ac\u201c Pro Plus Edition, SysAid Help Desk Broken Access Control v20.4.74 b10, v22.1.20 b62, v22.1.30 b49 - An attacker needs to log in as a guest after that the system redirects him to the service portal or EndUserPortal.JSP, then he needs to change the path in the URL to /ConcurrentLogin%2ejsp after that he will receive an error message with a login button, by clicking on it, he will connect to the system dashboard. The attacker can receive sensitive data like server details, usernames, workstations, etc. He can also perform actions such as uploading files, deleting calls from the system.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-13T00:42:16.000000Z"}]}