{"vulnerability": "cve-2022-4385", "sightings": [{"uuid": "4c011024-b020-46d4-8a11-f67fdc3d81b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4385", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7337", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-4385\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The Intuitive Custom Post Order WordPress plugin before 3.1.4 does not check for authorization in the update-menu-order ajax action, allowing any logged in user (with roles as low as Subscriber) to update the menu order\n\ud83d\udccf Published: 2023-02-21T08:50:40.508Z\n\ud83d\udccf Modified: 2025-03-12T16:14:17.795Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/8f900d37-6eee-4434-8b9b-d10cc4a9167c", "creation_timestamp": "2025-03-12T16:41:15.000000Z"}, {"uuid": "8b6634e5-9cda-43f1-9252-395a3f4ddccd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43850", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmsmvujydv2z", "content": "", "creation_timestamp": "2025-04-14T22:38:59.373854Z"}, {"uuid": "56b76f7f-5d1f-4070-8c25-200fe6d1e523", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43851", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmsmvuqvzf2h", "content": "", "creation_timestamp": "2025-04-14T22:39:00.608007Z"}, {"uuid": "17832727-eacc-4366-bab3-96aa3e992ad9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43852", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmsmvuycy62i", "content": "", "creation_timestamp": "2025-04-14T22:39:01.849240Z"}, {"uuid": "0caf9c51-7777-4e38-a790-a35bb89c817b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43852", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11702", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-43852\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: IBM Aspera Console 3.4.0 through 3.4.4\u00a0could disclose sensitive information in HTTP headers that could be used in further attacks against the system.\n\ud83d\udccf Published: 2025-04-14T20:33:58.704Z\n\ud83d\udccf Modified: 2025-04-14T20:35:52.831Z\n\ud83d\udd17 References:\n1. https://www.ibm.com/support/pages/node/7169766", "creation_timestamp": "2025-04-14T20:54:38.000000Z"}, {"uuid": "e9314caf-bd3a-48af-b314-5c30e8064ace", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43851", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11700", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-43851\n\ud83d\udd25 CVSS Score: 5.9 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: IBM Aspera Console 3.4.0 through 3.4.4\n\nuses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.\n\ud83d\udccf Published: 2025-04-14T20:39:56.933Z\n\ud83d\udccf Modified: 2025-04-14T20:40:25.922Z\n\ud83d\udd17 References:\n1. https://www.ibm.com/support/pages/node/7169766", "creation_timestamp": "2025-04-14T20:54:33.000000Z"}, {"uuid": "32cc737b-9af8-4fc9-b9b6-4ef082d4d4cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43850", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11697", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-43850\n\ud83d\udd25 CVSS Score: 5.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: IBM Aspera Console 3.4.0 through 3.4.4\n\nis vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.\n\ud83d\udccf Published: 2025-04-14T20:44:59.726Z\n\ud83d\udccf Modified: 2025-04-14T20:44:59.726Z\n\ud83d\udd17 References:\n1. https://www.ibm.com/support/pages/node/7169766", "creation_timestamp": "2025-04-14T20:54:30.000000Z"}, {"uuid": "ca9e0019-18bd-4400-bfdb-8c6bc2a5b744", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43850", "type": "seen", "source": "https://t.me/cvedetector/22896", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2022-43850 - IBM Aspera Console Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2022-43850 \nPublished : April 14, 2025, 9:15 p.m. | 1\u00a0hour, 31\u00a0minutes ago \nDescription : IBM Aspera Console 3.4.0 through 3.4.4  \n  \nis vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. \nSeverity: 5.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-15T01:32:53.000000Z"}, {"uuid": "b97deb74-19b6-4d3b-bd9e-b5756c90443d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43855", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17991", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-43855\n\ud83d\udd25 CVSS Score: 6.2 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: IBM SPSS Statistics 26.0, 27.0.1, and 28.0 IO Module could allow a local user to create multiple files that could exhaust the file handles capacity and cause a denial of service.\n\ud83d\udccf Published: 2024-03-08T17:52:57.326Z\n\ud83d\udccf Modified: 2025-06-10T20:08:23.966Z\n\ud83d\udd17 References:\n1. https://www.ibm.com/support/pages/node/7130881", "creation_timestamp": "2025-06-10T20:31:52.000000Z"}, {"uuid": "600ec583-97eb-465e-a805-eb977f7672e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4385", "type": "seen", "source": "https://t.me/cibsecurity/58588", "content": "\u203c CVE-2022-4385 \u203c\n\nThe Intuitive Custom Post Order WordPress plugin through 3.1.3 does not check for authorization in the update-menu-order ajax action, allowing any logged in user (with roles as low as Subscriber) to update the menu order\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-21T12:21:49.000000Z"}, {"uuid": "41cd4b81-e6fc-4caa-9c10-753f730ea160", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43852", "type": "seen", "source": "https://t.me/cvedetector/22892", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2022-43852 - IBM Aspera Console Information Disclosure\", \n  \"Content\": \"CVE ID : CVE-2022-43852 \nPublished : April 14, 2025, 9:15 p.m. | 1\u00a0hour, 31\u00a0minutes ago \nDescription : IBM Aspera Console 3.4.0 through 3.4.4\u00a0could disclose sensitive information in HTTP headers that could be used in further attacks against the system. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-15T01:32:47.000000Z"}, {"uuid": "a2338d27-59c5-4a4f-916d-6997dfefb563", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43851", "type": "seen", "source": "https://t.me/cvedetector/22891", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2022-43851 - IBM Aspera Console Cryptographic Weakness\", \n  \"Content\": \"CVE ID : CVE-2022-43851 \nPublished : April 14, 2025, 9:15 p.m. | 1\u00a0hour, 31\u00a0minutes ago \nDescription : IBM Aspera Console 3.4.0 through 3.4.4  \n  \nuses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. \nSeverity: 5.9 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-15T01:32:46.000000Z"}, {"uuid": "fe14dc50-c21e-4169-8e8d-af76cc8d4968", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43855", "type": "seen", "source": "https://t.me/ctinow/203538", "content": "https://ift.tt/tM1w96a\nCVE-2022-43855", "creation_timestamp": "2024-03-08T19:26:37.000000Z"}, {"uuid": "b473bedb-779b-4bbe-9edd-c22bac7a0ee8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43855", "type": "seen", "source": "https://t.me/ctinow/203535", "content": "https://ift.tt/tM1w96a\nCVE-2022-43855", "creation_timestamp": "2024-03-08T19:26:33.000000Z"}, {"uuid": "37062da4-3d38-40a3-a83f-754876e83a96", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43857", "type": "seen", "source": "https://t.me/cibsecurity/55206", "content": "\u203c CVE-2022-43857 \u203c\n\nIBM Navigator for i 7.3, 7.4 and 7.5 could allow an authenticated user to access IBM Navigator for i log files they are authorized to but not while using this interface. The remote authenticated user can bypass the interface checks and download log files by modifying servlet filter. IBM X-Force ID: 239301.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-23T00:14:14.000000Z"}, {"uuid": "dd28af05-bdc9-4b35-942c-491e1c468333", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43859", "type": "seen", "source": "https://t.me/cibsecurity/55196", "content": "\u203c CVE-2022-43859 \u203c\n\nIBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information for an object they are authorized to but not while using this interface. By performing a UNION based SQL injection an attacker could see file permissions through this interface. IBM X-Force ID: 239304.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-23T00:13:59.000000Z"}, {"uuid": "f33357ed-f241-4a8f-84ed-8f4a039e58d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43858", "type": "seen", "source": "https://t.me/cibsecurity/55195", "content": "\u203c CVE-2022-43858 \u203c\n\nIBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to access the file system and download files they are authorized to but not while using this interface. The remote authenticated user can bypass the interface checks by modifying a parameter thereby gaining access to their files through this interface. IBM X-Force ID: 239303.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-23T00:13:58.000000Z"}]}