{"vulnerability": "cve-2022-4200", "sightings": [{"uuid": "42f4e79e-e69c-4845-83f6-fe8c4cf0b983", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-42003", "type": "seen", "source": "https://t.me/ctinow/181247", "content": "https://ift.tt/bpht1Y8\nCVE-2022-42003 | Oracle Enterprise Manager for Virtualization 13.5.0.0 Plug-In Lifecycle denial of service", "creation_timestamp": "2024-02-08T09:41:27.000000Z"}, {"uuid": "97b15873-dc17-4c14-9d5f-581bff03b86a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-42003", "type": "seen", "source": "https://t.me/ctinow/181236", "content": "https://ift.tt/JlvQpkm\nCVE-2022-42003 | Oracle Enterprise Manager Base Platform 13.5.0.0 Extensibility Framework denial of service", "creation_timestamp": "2024-02-08T09:11:56.000000Z"}, {"uuid": "485148dd-f841-4c5e-893c-7c548b186a55", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-42003", "type": "seen", "source": "https://t.me/ctinow/181235", "content": "https://ift.tt/i8ykU9P\nCVE-2022-42003 | Oracle Enterprise Manager Base Platform 13.5.0.0 Agent Next Gen denial of service", "creation_timestamp": "2024-02-08T09:11:55.000000Z"}, {"uuid": "d9bce499-1ff9-409d-8e16-7a1750ba88de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-42003", "type": "seen", "source": "https://t.me/ctinow/181419", "content": "https://ift.tt/3eY7hCm\nCVE-2022-42003 | Oracle Banking Virtual Account Management up to 14.7.0 Common Core denial of service", "creation_timestamp": "2024-02-08T15:11:38.000000Z"}, {"uuid": "4586a5da-3704-4059-8ef0-8f43dc376546", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-42003", "type": "seen", "source": "https://t.me/ctinow/181379", "content": "https://ift.tt/7VAhH5S\nCVE-2022-42003 | Oracle Banking Extensibility Workbench up to 14.7.0 Infrastructure denial of service", "creation_timestamp": "2024-02-08T14:11:20.000000Z"}, {"uuid": "144c6377-a09f-4e34-9f42-87d6a219c0c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-42009", "type": "seen", "source": "https://t.me/cibsecurity/66528", "content": "\u203c CVE-2022-42009 \u203c\n\nSpringEL injection in the server agent in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-12T14:45:34.000000Z"}, {"uuid": "077d86c8-f31e-4aeb-9d10-50ee2c296683", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-42002", "type": "seen", "source": "https://t.me/cibsecurity/50817", "content": "\u203c CVE-2022-42002 \u203c\n\nSonicJS through 0.6.0 allows file overwrite. It has the following mutations that are used for updating files: fileCreate and fileUpdate. Both of these mutations can be called without any authentication to overwrite any files on a SonicJS application, leading to Arbitrary File Write and Delete.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-03T15:23:57.000000Z"}, {"uuid": "59d84269-af95-4f79-b28d-5dc3c8047a3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-42004", "type": "seen", "source": "https://gist.github.com/alon710/a2845f95976b11461c794bc513361156", "content": "", "creation_timestamp": "2026-01-24T22:43:48.000000Z"}, {"uuid": "811b58d2-74ca-4f0a-80b0-eb3eaf943122", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-42001", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13861", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-42001\n\ud83d\udd25 CVSS Score: 3.3 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: Cross-site Scripting (XSS) vulnerability in BlueSpiceBookshelf extension of BlueSpice allows user with regular account and edit permissions to inject arbitrary HTML into the book navigation.\n\ud83d\udccf Published: 2022-11-15T14:24:50.942Z\n\ud83d\udccf Modified: 2025-04-29T15:51:06.904Z\n\ud83d\udd17 References:\n1. https://en.wiki.bluespice.com/wiki/Security:Security_Advisories/BSSA-2022-05", "creation_timestamp": "2025-04-29T16:12:59.000000Z"}, {"uuid": "c67ef022-96be-4c30-9a83-ee71ac360ac0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-42003", "type": "seen", "source": "https://t.me/ctinow/181338", "content": "https://ift.tt/x5JocW9\nCVE-2022-42003 | Oracle Banking Corporate Lending Process Management up to 14.7.0 Base denial of service", "creation_timestamp": "2024-02-08T12:36:47.000000Z"}, {"uuid": "d62a5e3f-c129-4c3e-ba3b-0a95bac8e465", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-42003", "type": "seen", "source": "https://t.me/ctinow/181451", "content": "https://ift.tt/fdGhpUY\nCVE-2022-42003 | Oracle FLEXCUBE Investor Servicing up to 14.7.0 Infrastructure Code denial of service", "creation_timestamp": "2024-02-08T16:07:08.000000Z"}, {"uuid": "1f462d18-ee2c-4b3c-b72c-b6fca153cb57", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-4200", "type": "seen", "source": "https://t.me/cibsecurity/55778", "content": "\u203c CVE-2022-4200 \u203c\n\nThe Login with Cognito WordPress plugin through 1.4.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-03T00:29:53.000000Z"}]}