{"vulnerability": "cve-2024-2228", "sightings": [{"uuid": "ec97e6a5-b8c9-478c-a222-b5f3dd1a56e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-22280", "type": "seen", "source": "https://t.me/cKure/13263", "content": "\u25a0\u25a0\u25a0\u25a1\u25a1 VMware has fixed the critical SQL injection vulnerability CVE-2024-22280 (CVSS 8.5) in Aria Automation.\n\nVMware Aria Automation is a modern cloud automation platform that simplifies and streamlines the deployment, management and governance of cloud infrastructure and applications.\n\nIt provides a unified platform for automating tasks across multiple cloud environments, including VMware Cloud on AWS, VMware Cloud on Azure, and VMware Cloud Foundation.\n\nAn authenticated attacker could exploit the vulnerability by injecting specially crafted SQL queries and performing unauthorized read/write operations on the database.\n\nDiscovered by researchers at the Canadian Government Cyber \u200b\u200bDefense Center (CGCD), the vulnerability affects VMware Aria Automation version 8.x and Cloud Foundation versions 5.x and 4.x.\n\nVMware states that there are no workarounds for this issue and patches are recommended to resolve CVE-2024-22280.", "creation_timestamp": "2024-07-11T22:32:12.000000Z"}, {"uuid": "14cd5489-0e88-4b39-bb26-96e672641c08", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-22288", "type": "seen", "source": "Telegram/HEhKjSl69yKRu98BJinBK0mntebsZF9pW3UM20401mzbPKU9", "content": "", "creation_timestamp": "2025-02-14T10:00:30.000000Z"}, {"uuid": "d9569fbf-ff6d-4987-9885-da1c58e91392", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-22284", "type": "seen", "source": "https://t.me/arpsyndicate/3295", "content": "#ExploitObserverAlert\n\nCVE-2024-22284\n\nDESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2024-22284. Deserialization of Untrusted Data vulnerability in Thomas Belser Asgaros Forum.This issue affects Asgaros Forum: from n/a through 2.7.2.", "creation_timestamp": "2024-01-28T13:37:59.000000Z"}, {"uuid": "caa1f995-f0e9-4ed5-9fde-3760b8fcfc3e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-22286", "type": "seen", "source": "https://t.me/ctinow/191040", "content": "https://ift.tt/6dwY9Z3\nCVE-2024-22286 | Aluka BA Plus Plugin up to 1.0.3 on WordPress cross site scripting", "creation_timestamp": "2024-02-22T19:18:15.000000Z"}, {"uuid": "5e2cfdfd-438a-4fb0-ae92-7108dcebbfe1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-22285", "type": "seen", "source": "https://t.me/ctinow/190786", "content": "https://ift.tt/YjO2wmX\nCVE-2024-22285 | Elise Bosse Frontpage Manager Plugin up to 1.3 on WordPress cross-site request forgery", "creation_timestamp": "2024-02-22T15:12:38.000000Z"}, {"uuid": "c60c577c-62ab-4c79-adc6-abf3cddde59e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-22287", "type": "seen", "source": "https://t.me/ctinow/190756", "content": "https://ift.tt/hFBpkR3\nCVE-2024-22287 | Lud\u011bk Melichar Better Anchor Links Plugin up to 1.7.5 on WordPress cross-site request forgery", "creation_timestamp": "2024-02-22T14:42:11.000000Z"}, {"uuid": "4997871f-ae6d-4918-9e94-822f5b05e213", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-22287", "type": "seen", "source": "https://t.me/ctinow/176717", "content": "https://ift.tt/I41cEW6\nCVE-2024-22287", "creation_timestamp": "2024-01-31T13:32:23.000000Z"}, {"uuid": "d14aeede-1f4a-4dc5-b846-f2ffeebb20a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-22286", "type": "seen", "source": "https://t.me/ctinow/177023", "content": "https://ift.tt/8vlI9FQ\nCVE-2024-22286", "creation_timestamp": "2024-01-31T19:31:49.000000Z"}, {"uuid": "3f212cde-5c21-4dd5-98c8-a714a67ac339", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-22282", "type": "seen", "source": "https://t.me/ctinow/177022", "content": "https://ift.tt/kFWDUVm\nCVE-2024-22282", "creation_timestamp": "2024-01-31T19:31:48.000000Z"}, {"uuid": "efce2fb5-d25c-49d4-9f9e-d71804ab5f1b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-22289", "type": "seen", "source": "https://t.me/ctinow/177024", "content": "https://ift.tt/7x9AGnF\nCVE-2024-22289", "creation_timestamp": "2024-01-31T19:31:50.000000Z"}, {"uuid": "8fc4ecb4-9be7-44fd-8b56-8daa8cc71a28", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-22285", "type": "seen", "source": "https://t.me/ctinow/176773", "content": "https://ift.tt/wrIOSMC\nCVE-2024-22285", "creation_timestamp": "2024-01-31T14:31:36.000000Z"}, {"uuid": "547e5ae9-f943-4d1d-b194-46904179cc98", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-22283", "type": "seen", "source": "https://t.me/ctinow/174576", "content": "https://ift.tt/45exfX3\nCVE-2024-22283", "creation_timestamp": "2024-01-27T01:21:43.000000Z"}, {"uuid": "48bea705-8866-4a84-bc4b-90629ebf3716", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-22284", "type": "seen", "source": "https://t.me/ctinow/172740", "content": "https://ift.tt/Zif0ke1\nCVE-2024-22284", "creation_timestamp": "2024-01-24T13:26:10.000000Z"}, {"uuid": "59baab62-7c8f-4008-8aaa-4bd02b24c1f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-22281", "type": "seen", "source": "https://t.me/cvedetector/3694", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-22281 - Apache Helix Front (UI) hardcoded secret session spoofing vulnerability.\", \n  \"Content\": \"CVE ID : CVE-2024-22281 \nPublished : Aug. 20, 2024, 11:15 p.m. | 36\u00a0minutes ago \nDescription : ** UNSUPPORTED WHEN ASSIGNED ** The Apache Helix Front (UI) component contained a hard-coded secret, allowing an attacker to spoof sessions by generating their own fake cookies.  \n  \nThis issue affects Apache Helix Front (UI): all versions.  \n  \nAs this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.  \n  \nNOTE: This vulnerability only affects products that are no longer supported by the maintainer. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-21T02:20:04.000000Z"}, {"uuid": "2c79553b-efa4-4cff-ad4c-fc8c44658891", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-22280", "type": "seen", "source": "https://t.me/true_secator/5961", "content": "VMware \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c SQL-\u0438\u043d\u044a\u0435\u043a\u0446\u0438\u0438 CVE-2024-22280 (CVSS 8,5) \u0432 Aria Automation.\n\nVMware Aria Automation - \u044d\u0442\u043e \u0441\u043e\u0432\u0440\u0435\u043c\u0435\u043d\u043d\u0430\u044f \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0430 \u043e\u0431\u043b\u0430\u0447\u043d\u043e\u0439 \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0437\u0430\u0446\u0438\u0438, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0443\u043f\u0440\u043e\u0449\u0430\u0435\u0442 \u0438 \u043e\u043f\u0442\u0438\u043c\u0438\u0437\u0438\u0440\u0443\u0435\u0442 \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u0435, \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0438 \u0440\u0443\u043a\u043e\u0432\u043e\u0434\u0441\u0442\u0432\u043e \u043e\u0431\u043b\u0430\u0447\u043d\u043e\u0439 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u043e\u0439 \u0438 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f\u043c\u0438.\n\n\u041e\u043d\u0430 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0443\u043d\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u0443\u044e \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0443 \u0434\u043b\u044f \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0437\u0430\u0446\u0438\u0438 \u0437\u0430\u0434\u0430\u0447 \u0432 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u0445 \u043e\u0431\u043b\u0430\u0447\u043d\u044b\u0445 \u0441\u0440\u0435\u0434\u0430\u0445, \u0432\u043a\u043b\u044e\u0447\u0430\u044f VMware Cloud on AWS, VMware Cloud on Azure \u0438 VMware Cloud Foundation.\n\n\u0410\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0432\u043e\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u044e, \u0432\u0432\u0435\u0434\u044f \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0435 SQL-\u0437\u0430\u043f\u0440\u043e\u0441\u044b \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0432 \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0447\u0442\u0435\u043d\u0438\u044f/\u0437\u0430\u043f\u0438\u0441\u0438 \u0432 \u0431\u0430\u0437\u0435 \u0434\u0430\u043d\u043d\u044b\u0445.\n\n\u041e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u0430\u044f \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c\u0438 \u041a\u0430\u043d\u0430\u0434\u0441\u043a\u043e\u0433\u043e \u043f\u0440\u0430\u0432\u0438\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0435\u043d\u043d\u043e\u0433\u043e \u0446\u0435\u043d\u0442\u0440\u0430 \u043a\u0438\u0431\u0435\u0440\u0437\u0430\u0449\u0438\u0442\u044b (CGCD) \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 VMware\u00a0Aria Automation \u0432\u0435\u0440\u0441\u0438\u0438 8.x \u0438 Cloud Foundation \u0432\u0435\u0440\u0441\u0438\u0439 5.x \u0438 4.x.\n\nVMware \u0437\u0430\u044f\u0432\u043b\u044f\u0435\u0442, \u0447\u0442\u043e \u043e\u0431\u0445\u043e\u0434\u043d\u044b\u0435 \u043f\u0443\u0442\u0438 \u0434\u043b\u044f \u044d\u0442\u043e\u0439 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u044e\u0442, \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f CVE-2024-22280 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043f\u0440\u0438\u043c\u0435\u043d\u0438\u0442\u044c \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f.", "creation_timestamp": "2024-07-11T20:47:28.000000Z"}, {"uuid": "e3c882e1-d57f-48b5-92a9-0349c15737c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-22283", "type": "seen", "source": "https://t.me/ctinow/188086", "content": "https://ift.tt/XrRczQB\nCVE-2024-22283 | Delhivery Logistics Courier Plugin up to 1.0.107 on WordPress sql injection", "creation_timestamp": "2024-02-20T03:41:38.000000Z"}, {"uuid": "0c216e05-08f8-4a91-8e32-4835f1db0131", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-22280", "type": "seen", "source": "https://t.me/thehackernews/5237", "content": "\u26a0\ufe0f GitLab has patched a critical vulnerability (CVE-2024-6385) with a CVSS score of 9.6, allowing attackers to run pipeline jobs as any user. \n \nAlso, Citrix updates for CVE-2024-6235, & Broadcom addresses flaws in VMware Cloud Director (CVE-2024-22277) & Aria Automation (CVE-2024-22280). \n \nLearn more: https://thehackernews.com/2024/07/gitlab-patches-critical-flaw-allowing.html \n \nDon't wait \u2013 secure your development environment now.", "creation_timestamp": "2024-07-11T05:53:00.000000Z"}, {"uuid": "b098c36f-ad68-4955-b4bf-b756abf1b7ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-22280", "type": "seen", "source": "https://t.me/cvedetector/632", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-22280 - VMware Aria Automation does not apply correct inpu\", \n  \"Content\": \"CVE ID : CVE-2024-22280 \nPublished : July 11, 2024, 5:15 a.m. | 34\u00a0minutes ago \nDescription : VMware Aria Automation does not apply correct input validation which allows for SQL-injection in the product.\u00a0An authenticated malicious user could enter specially crafted SQL queries and perform unauthorised read/write operations in the database. \nSeverity: 8.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-11T07:51:48.000000Z"}, {"uuid": "c58613de-dc7d-40c9-bfb2-178388364fb1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-22284", "type": "seen", "source": "https://t.me/ctinow/187056", "content": "https://ift.tt/xqnU1ZT\nCVE-2024-22284 | Thomas Belser Asgaros Forum Plugin up to 2.7.2 on WordPress deserialization", "creation_timestamp": "2024-02-17T21:51:48.000000Z"}]}