{"vulnerability": "CVE-2022-4077", "sightings": [{"uuid": "7cba5372-935f-4dbf-bbaa-2839ad0454b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40770", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13734", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-40770\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. This can be exploited by high-privileged users.\n\ud83d\udccf Published: 2022-11-23T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-28T19:38:56.406Z\n\ud83d\udd17 References:\n1. https://manageengine.com\n2. https://www.manageengine.com/products/service-desk/CVE-2022-40770.html", "creation_timestamp": "2025-04-28T20:11:22.000000Z"}, {"uuid": "e478dc12-6e70-4b3b-9d4c-e95ce566f217", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40772", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13736", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-40772\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive data via the report module.\n\ud83d\udccf Published: 2022-11-23T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-28T19:34:22.092Z\n\ud83d\udd17 References:\n1. https://manageengine.com\n2. https://www.manageengine.com/products/service-desk/CVE-2022-40772.html", "creation_timestamp": "2025-04-28T20:11:27.000000Z"}, {"uuid": "55640108-5f63-4d65-a052-fa413f25eca0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40771", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13735", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-40771\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure.\n\ud83d\udccf Published: 2022-11-23T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-28T19:37:36.773Z\n\ud83d\udd17 References:\n1. https://manageengine.com\n2. https://www.manageengine.com/products/service-desk/CVE-2022-40771.html", "creation_timestamp": "2025-04-28T20:11:23.000000Z"}, {"uuid": "14db08f8-b005-47ab-971e-4162e7f90456", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40771", "type": "seen", "source": "https://t.me/cibsecurity/53450", "content": "\u203c CVE-2022-40771 \u203c\n\nZoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-23T20:14:09.000000Z"}, {"uuid": "8731e10a-737b-49da-8f74-27e158dc40d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40772", "type": "seen", "source": "https://t.me/cibsecurity/53443", "content": "\u203c CVE-2022-40772 \u203c\n\nZoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive data via the report module.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-23T20:13:56.000000Z"}, {"uuid": "fb241936-62d1-47a5-9051-2ef7a8c975b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40770", "type": "seen", "source": "https://t.me/cibsecurity/53397", "content": "\u203c CVE-2022-40770 \u203c\n\nZoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. This can be exploited by high-privileged users.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-23T07:13:48.000000Z"}, {"uuid": "c9555349-b8a4-4595-aebe-75d8ad26b64f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4077", "type": "seen", "source": "https://t.me/cibsecurity/53221", "content": "\u203c CVE-2022-4077 \u203c\n\nA vulnerability was found in Yellow Tree Geolocation IP Detection Plugin. It has been classified as problematic. Affected is an unknown function of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper output neutralization for logs. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214044.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-20T16:36:24.000000Z"}, {"uuid": "a833b62c-ca1a-466f-be93-28935ca4e823", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40778", "type": "seen", "source": "https://t.me/cibsecurity/50025", "content": "\u203c CVE-2022-40778 \u203c\n\nA stored Cross-Site Scripting (XSS) vulnerability in OPSWAT MetaDefender ICAP Server before 4.13.0 allows attackers to execute arbitrary JavaScript or HTML because of the blocked page response.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-19T12:37:27.000000Z"}, {"uuid": "db90ea16-594a-4b38-aab7-5ea08ce7af8b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40774", "type": "seen", "source": "https://t.me/cibsecurity/50024", "content": "\u203c CVE-2022-40774 \u203c\n\nAn issue was discovered in Bento4 through 1.6.0-639. There is a NULL pointer dereference in AP4_StszAtom::GetSampleSize.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-19T05:23:58.000000Z"}, {"uuid": "0ca9ac95-b51d-4cc4-bf27-8ee9334bc8a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40775", "type": "seen", "source": "https://t.me/cibsecurity/50023", "content": "\u203c CVE-2022-40775 \u203c\n\nAn issue was discovered in Bento4 through 1.6.0-639. A NULL pointer dereference occurs in AP4_StszAtom::WriteFields.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-18T22:36:26.000000Z"}]}