{"vulnerability": "CVE-2022-2256", "sightings": [{"uuid": "ad48a202-3e5b-41bf-9426-37c4acd6d184", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-22565", "type": "seen", "source": "https://t.me/cibsecurity/40677", "content": "\u203c CVE-2022-22565 \u203c\n\nDell PowerScale OneFS, versions 9.0.0-9.3.0, contain an improper authorization of index containing sensitive information. An authenticated and privileged user could potentially exploit this vulnerability, leading to disclosure or modification of sensitive data.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-12T22:17:21.000000Z"}, {"uuid": "5c999933-7302-4d51-92f7-a037a7fbf24e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2256", "type": "seen", "source": "https://t.me/arpsyndicate/3248", "content": "#ExploitObserverAlert\n\nCVE-2022-2256\n\nDESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2022-2256. A Stored Cross-site scripting (XSS) vulnerability was found in keycloak as shipped in Red Hat Single Sign-On 7. This flaw allows a privileged attacker to execute malicious scripts in the admin console, abusing the default roles functionality.\n\nFIRST-EPSS: 0.000530000\nNVD-IS: 2.5\nNVD-ES: 1.2", "creation_timestamp": "2024-01-28T07:17:40.000000Z"}, {"uuid": "62b0bb34-3a43-43f2-a5a1-ef94c81fb4b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-22564", "type": "seen", "source": "https://t.me/cibsecurity/58115", "content": "\u203c CVE-2022-22564 \u203c\n\nDell EMC Unity versions before 5.2.0.0.5.173 , use(es) broken cryptographic algorithm. A remote unauthenticated attacker could potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-14T18:35:48.000000Z"}, {"uuid": "8f1ce802-f784-4f40-8256-10ee8534d0f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2256", "type": "seen", "source": "https://t.me/cibsecurity/49211", "content": "\u203c CVE-2022-2256 \u203c\n\nA Stored Cross-site scripting (XSS) vulnerability was found in keycloak as shipped in Red Hat Single Sign-On 7. This flaw allows a privileged attacker to execute malicious scripts in the admin console, abusing the default roles functionality.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-02T00:38:39.000000Z"}, {"uuid": "d04d442d-9a3e-484c-a036-6c31462274f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-22563", "type": "seen", "source": "https://t.me/cibsecurity/40419", "content": "\u203c CVE-2022-22563 \u203c\n\nDell EMC Powerscale OneFS 8.2.x - 9.2.x omit security-relevant information in /etc/master.passwd. A high-privileged user can exploit this vulnerability to not record information identifying the source of account information changes.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-09T00:13:34.000000Z"}, {"uuid": "f0d17761-b070-4a64-9d04-5de6e24279c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-22562", "type": "seen", "source": "https://t.me/cibsecurity/40681", "content": "\u203c CVE-2022-22562 \u203c\n\nDell PowerScale OneFS, versions 8.2.0-9.3.0, contain a improper handling of missing values exploit. An unauthenticated network attacker could potentially exploit this denial-of-service vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-12T22:17:26.000000Z"}, {"uuid": "ba63fb01-558d-407a-9475-a930b0504ffc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-22560", "type": "seen", "source": "https://t.me/cibsecurity/40664", "content": "\u203c CVE-2022-22560 \u203c\n\nDell EMC PowerScale OneFS 8.1.x - 9.1.x contain hard coded credentials. This allows a local user with knowledge of the credentials to login as the admin user to the backend ethernet switch of a PowerScale cluster. The attacker can exploit this vulnerability to take the switch offline.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-12T22:17:04.000000Z"}, {"uuid": "cad27d6f-e66b-414f-ae7d-30ec4bc00b1b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-22561", "type": "seen", "source": "https://t.me/cibsecurity/40679", "content": "\u203c CVE-2022-22561 \u203c\n\nDell PowerScale OneFS, versions 8.2.x-9.3.0.x, contain an improper restriction of excessive authentication attempts. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to compromised accounts.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-12T22:17:24.000000Z"}, {"uuid": "34ceb1fb-4e59-4c49-a2dd-8b1524f3206c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-22567", "type": "seen", "source": "https://t.me/cibsecurity/37114", "content": "\u203c CVE-2022-22567 \u203c\n\nSelect Dell Client Commercial and Consumer platforms are vulnerable to an insufficient verification of data authenticity vulnerability. An authenticated malicious user may exploit this vulnerability in order to install modified BIOS firmware.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-09T22:13:04.000000Z"}, {"uuid": "541210c4-980c-4690-9a2e-2323868ef8c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-22566", "type": "seen", "source": "https://t.me/cibsecurity/37112", "content": "\u203c CVE-2022-22566 \u203c\n\nSelect Dell Client Commercial and Consumer platforms contain a pre-boot direct memory access (DMA) vulnerability. An authenticated attacker with physical access to the system may potentially exploit this vulnerability in order to execute arbitrary code on the device.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-09T22:13:02.000000Z"}]}