{"vulnerability": "CVE-2022-3119", "sightings": [{"uuid": "a398ac5b-5d7c-42ee-87e9-b6329e583aa0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31199", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2023-07-11T18:10:02.000000Z"}, {"uuid": "6031809d-4f36-4538-8e7a-e89adf94b1c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31199", "type": "seen", "source": "MISP/a07cce34-4146-472f-92d1-e5334d2158c6", "content": "", "creation_timestamp": "2022-12-19T13:27:18.000000Z"}, {"uuid": "598c69e4-204c-43cb-80b6-9a412582006e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31199", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971851", "content": "", "creation_timestamp": "2024-12-24T20:34:49.945256Z"}, {"uuid": "c2ce6a64-009d-4288-9f3d-3642330678f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31192", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lwpcbp436i2b", "content": "", "creation_timestamp": "2025-08-18T21:02:46.709269Z"}, {"uuid": "a1f1a1fd-4ef6-4125-adfd-34fb8c55d38b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31199", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:44.000000Z"}, {"uuid": "2fff3d7d-cd1a-4e6b-90c0-d481b2b0f0ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31194", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lwwto33sdm25", "content": "", "creation_timestamp": "2025-08-21T21:02:35.857222Z"}, {"uuid": "6489abee-5639-4e4a-89df-2b3c796d1de3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31195", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lx3ulqm7a72y", "content": "", "creation_timestamp": "2025-08-23T21:02:24.327080Z"}, {"uuid": "8fdbdd3c-bbbc-42e7-8111-2305a20dfa2d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31197", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3m7nxg7rcxc2t", "content": "", "creation_timestamp": "2025-12-10T21:02:30.026963Z"}, {"uuid": "474be46e-ac4c-4e3b-9383-386d88a6723a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31199", "type": "seen", "source": "MISP/d17bd6ef-d68b-317b-ac33-cdbc44c5fc57", "content": "", "creation_timestamp": "2025-08-31T03:12:57.000000Z"}, {"uuid": "d807150e-645b-46b8-9570-a820a545663c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31199", "type": "seen", "source": "https://t.me/arpsyndicate/1272", "content": "#ExploitObserverAlert\n\nCVE-2022-31199\n\nDESCRIPTION: Exploit Observer has 4 entries related to CVE-2022-31199. Remote code execution vulnerabilities exist in the Netwrix Auditor User Activity Video Recording component affecting both the Netwrix Auditor server and agents installed on monitored systems. The remote code execution vulnerabilities exist within the underlying protocol used by the component, and potentially allow an unauthenticated remote attacker to execute arbitrary code as the NT AUTHORITY\\SYSTEM user on affected systems, including on systems Netwrix Auditor monitors.\n\nFIRST-EPSS: 0.466160000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2023-12-04T18:22:19.000000Z"}, {"uuid": "49639e66-054d-4cb4-9146-999dcd78df72", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31199", "type": "seen", "source": "MISP/a07cce34-4146-472f-92d1-e5334d2158c6", "content": "", "creation_timestamp": "2026-02-06T22:36:39.000000Z"}, {"uuid": "566b0a58-a8e1-4b47-a825-1ee1ecd3a5ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2022-31199", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/bf5b22fe-70a4-4a8c-8e42-2e6c2e766ffb", "content": "", "creation_timestamp": "2026-02-02T12:26:55.456650Z"}, {"uuid": "6c2c5090-b237-4eed-b263-20f7914924d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31199", "type": "exploited", "source": "https://t.me/itsec_news/1908", "content": "\u200b\u26a1\ufe0f \u0421\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 Evil Corp \u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u0430 \u043d\u0430\u0448\u043b\u0430 \u043d\u043e\u0432\u044b\u0439 \u0441\u043f\u043e\u0441\u043e\u0431 \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u0436\u0435\u0440\u0442\u0432.\n\n\ud83d\udcac \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 Cisco Talos \u0441\u043e\u043e\u0431\u0449\u0430\u044e\u0442 \u043e\u0431 \u0443\u0432\u0435\u043b\u0438\u0447\u0435\u043d\u0438\u0438 \u0447\u0438\u0441\u043b\u0430 \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u0438\u0439 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u043c \u041f\u041e TrueBot, \u0432 \u043e\u0441\u043d\u043e\u0432\u043d\u043e\u043c \u0432 \u041c\u0435\u043a\u0441\u0438\u043a\u0435, \u0411\u0440\u0430\u0437\u0438\u043b\u0438\u0438, \u041f\u0430\u043a\u0438\u0441\u0442\u0430\u043d\u0435 \u0438 \u0421\u0428\u0410.\n\n\u0412 \u0445\u043e\u0434\u0435 \u0430\u0442\u0430\u043a \u043a\u0438\u0431\u0435\u0440\u043f\u0440\u0435\u0441\u0442\u0443\u043f\u043d\u0438\u043a\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u044e\u0442 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0443\u044e RCE - \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 Netwrix Auditor, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 Raspberry Robin \u0434\u043b\u044f \u0434\u043e\u0441\u0442\u0430\u0432\u043a\u0438 TrueBot. \u041a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u044f \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u043a \u043a\u0440\u0430\u0436\u0435 \u0434\u0430\u043d\u043d\u044b\u0445 \u0438 \u0437\u0430\u043f\u0443\u0441\u043a\u0443 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u044b-\u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u044f Clop.\n\nTrueBot \u2014 \u044d\u0442\u043e \u0437\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u041f\u041e \u0434\u043b\u044f Windows, \u043f\u0440\u0438\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u043c\u044b\u0439 \u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u0435 Silence (\u043f\u043e \u0434\u0430\u043d\u043d\u044b\u043c Group-IB), \u043a\u043e\u0442\u043e\u0440\u0430\u044f, \u043f\u0440\u0435\u0434\u043f\u043e\u043b\u043e\u0436\u0438\u0442\u0435\u043b\u044c\u043d\u043e, \u0438\u043c\u0435\u0435\u0442 \u043e\u0431\u0449\u0438\u0435 \u0441\u0432\u044f\u0437\u0438 \u0441 Evil Corp. \u041f\u0440\u0435\u0434\u043f\u043e\u043b\u043e\u0436\u0435\u043d\u0438\u044f \u043e \u0441\u0432\u044f\u0437\u0438 \u0433\u0440\u0443\u043f\u043f \u043e\u0441\u043d\u043e\u0432\u0430\u043d\u044b \u043d\u0430 \u0442\u043e\u043c, \u0447\u0442\u043e Evil Corp \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0447\u0435\u0440\u0432\u044f Raspberry Robin \u0434\u043b\u044f \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u044f \u0434\u0440\u043e\u043f\u043f\u0435\u0440\u043e\u0432 \u0432 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0441\u0435\u0442\u044f\u0445.\n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c Cisco Talos, APT-\u0433\u0440\u0443\u043f\u043f\u0430 Silence \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0438\u043b\u0430 \u0441\u0435\u0440\u0438\u044e \u0430\u0442\u0430\u043a \u0432 \u043f\u0435\u0440\u0438\u043e\u0434 \u0441 \u0441\u0435\u0440\u0435\u0434\u0438\u043d\u044b \u0430\u0432\u0433\u0443\u0441\u0442\u0430 \u043f\u043e \u0441\u0435\u043d\u0442\u044f\u0431\u0440\u044c 2022 \u0433\u043e\u0434\u0430, \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e RCE-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 Netwrix Auditor ( CVE-2022-31199 , \u043e\u0446\u0435\u043d\u043a\u0430 CVSS: 9,8) \u0434\u043b\u044f \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u0438 \u0437\u0430\u043f\u0443\u0441\u043a\u0430 TrueBot.\n\n\u041e\u0441\u043d\u043e\u0432\u043d\u0430\u044f \u0444\u0443\u043d\u043a\u0446\u0438\u044f TrueBot \u2014 \u0441\u043e\u0431\u0438\u0440\u0430\u0442\u044c \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u0441 \u0445\u043e\u0441\u0442\u0430 \u0438 \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u0442\u044c \u043f\u043e\u043b\u0435\u0437\u043d\u044b\u0435 \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0435\u0433\u043e \u044d\u0442\u0430\u043f\u0430, \u0442\u0430\u043a\u0438\u0435 \u043a\u0430\u043a Cobalt Strike, \u0442\u0440\u043e\u044f\u043d FlawedGrace \u0438 \u0440\u0430\u043d\u0435\u0435 \u043d\u0435\u0438\u0437\u0432\u0435\u0441\u0442\u043d\u0443\u044e \u0443\u0442\u0438\u043b\u0438\u0442\u0443 \u0434\u043b\u044f \u044d\u043a\u0441\u0444\u0438\u043b\u044c\u0442\u0440\u0430\u0446\u0438\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 Teleport. \u0414\u0430\u043b\u0435\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u0442\u0441\u044f \u0431\u043e\u043a\u043e\u0432\u043e\u0435 \u043f\u0435\u0440\u0435\u043c\u0435\u0449\u0435\u043d\u0438\u0435 \u0438 \u0441\u0431\u043e\u0440 \u0434\u0430\u043d\u043d\u044b\u0445, \u0430 \u0437\u0430\u0442\u0435\u043c \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0435\u0442\u0441\u044f \u0431\u0438\u043d\u0430\u0440\u043d\u044b\u0439 \u0444\u0430\u0439\u043b \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u044b-\u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u044f Clop.\n\n\u0418\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442 \u0434\u043b\u044f \u044d\u043a\u0441\u0444\u0438\u043b\u044c\u0442\u0440\u0430\u0446\u0438\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 Teleport \u0442\u0430\u043a\u0436\u0435 \u043f\u0440\u0438\u043c\u0435\u0447\u0430\u0442\u0435\u043b\u0435\u043d \u0441\u0432\u043e\u0435\u0439 \u0441\u043f\u043e\u0441\u043e\u0431\u043d\u043e\u0441\u0442\u044c\u044e \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0438\u0432\u0430\u0442\u044c \u0441\u043a\u043e\u0440\u043e\u0441\u0442\u044c \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u0438 \u0440\u0430\u0437\u043c\u0435\u0440 \u0444\u0430\u0439\u043b\u043e\u0432, \u0432 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u0447\u0435\u0433\u043e \u043f\u0435\u0440\u0435\u0434\u0430\u0447\u0430 \u0434\u0430\u043d\u043d\u044b\u0445 \u043d\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0430\u043c\u0438 \u0434\u043b\u044f \u043c\u043e\u043d\u0438\u0442\u043e\u0440\u0438\u043d\u0433\u0430. \u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, Teleport \u043c\u043e\u0436\u0435\u0442 \u0441\u0442\u0435\u0440\u0435\u0442\u044c \u0441\u0432\u043e\u0435 \u043f\u0440\u0438\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435 \u0441 \u043c\u0430\u0448\u0438\u043d\u044b.\n\n\u0410\u043d\u0430\u043b\u0438\u0437 Teleport \u043f\u043e\u043a\u0430\u0437\u0430\u043b, \u0447\u0442\u043e \u041f\u041e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0438\u0441\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0434\u043b\u044f \u0441\u0431\u043e\u0440\u0430 \u0444\u0430\u0439\u043b\u043e\u0432 \u0438\u0437 OneDrive \u0438 \u0417\u0430\u0433\u0440\u0443\u0437\u043e\u043a, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0439 \u0438\u0437 Outlook.\n\n\u041f\u043e \u0441\u043b\u043e\u0432\u0430\u043c Cisco Talos, \u0434\u043e\u0441\u0442\u0430\u0432\u043a\u0430 Raspberry Robin \u043f\u0440\u0438\u0432\u0435\u043b\u0430 \u043a \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044e \u0431\u043e\u0442\u043d\u0435\u0442\u0430 \u0438\u0437 \u0431\u043e\u043b\u0435\u0435 1000 \u0441\u0438\u0441\u0442\u0435\u043c, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u044f\u044e\u0442\u0441\u044f \u043f\u043e \u0432\u0441\u0435\u043c\u0443 \u043c\u0438\u0440\u0443, \u0432 \u0447\u0430\u0441\u0442\u043d\u043e\u0441\u0442\u0438, \u0432 \u041c\u0435\u043a\u0441\u0438\u043a\u0435, \u0411\u0440\u0430\u0437\u0438\u043b\u0438\u0438 \u0438 \u041f\u0430\u043a\u0438\u0441\u0442\u0430\u043d\u0435. \u0411\u043e\u043b\u0435\u0435 \u0442\u043e\u0433\u043e, \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u044f \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c TrueBot \u043e\u0431\u044a\u0435\u0434\u0438\u043d\u0438\u043b\u0430 \u0432 \u0431\u043e\u0442\u043d\u0435\u0442 \u0431\u043e\u043b\u0435\u0435 500 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 Windows, \u0440\u0430\u0441\u043f\u043e\u043b\u043e\u0436\u0435\u043d\u043d\u044b\u0445 \u0432 \u0421\u0428\u0410, \u041a\u0430\u043d\u0430\u0434\u0435 \u0438 \u0411\u0440\u0430\u0437\u0438\u043b\u0438\u0438.\n\n#EvilCorp #\u0425\u0430\u043a\u0435\u0440\u044b\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2022-12-12T10:33:31.000000Z"}, {"uuid": "66a4cd61-631f-4b7c-b27c-74db6c139992", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31199", "type": "exploited", "source": "https://t.me/itsec_news/2879", "content": "\u200b\u26a1\ufe0f\u041a\u043e\u0434 \u043a\u0440\u0430\u0441\u043d\u044b\u0439 \u0434\u043b\u044f \u0432\u0441\u0435\u0433\u043e \u043c\u0438\u0440\u0430: \u0443\u0433\u0440\u043e\u0437\u0430 \u043e\u0442 \u0431\u043e\u0442\u043d\u0435\u0442\u0430 TrueBot \u0443\u0441\u0438\u043b\u0438\u0432\u0430\u0435\u0442\u0441\u044f.\n\n\ud83d\udcac 6 \u0438\u044e\u043b\u044f 2023 \u0433\u043e\u0434\u0430 \u0432\u043b\u0430\u0441\u0442\u0438 \u0421\u0428\u0410 \u0438 \u041a\u0430\u043d\u0430\u0434\u044b \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0438 \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u0435 \u043e \u0432\u043e\u0437\u0440\u043e\u0441\u0448\u0435\u0439 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u0438 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c Truebot, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0445 \u0441 \u043d\u043e\u0432\u044b\u043c\u0438 \u0442\u0430\u043a\u0442\u0438\u043a\u0430\u043c\u0438, \u043c\u0435\u0442\u043e\u0434\u0430\u043c\u0438 \u0438 \u043f\u0440\u043e\u0446\u0435\u0434\u0443\u0440\u0430\u043c\u0438 (TTPs).\n\n\u0412 \u0441\u043e\u0432\u043c\u0435\u0441\u0442\u043d\u043e\u043c \u0431\u044e\u043b\u043b\u0435\u0442\u0435\u043d\u0435 \u0410\u0433\u0435\u043d\u0442\u0441\u0442\u0432\u0430 \u043f\u043e \u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u0437\u0430\u0449\u0438\u0442\u0435 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b (CISA), \u0424\u0435\u0434\u0435\u0440\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0431\u044e\u0440\u043e \u0440\u0430\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u0439 (\u0424\u0411\u0420), \u0426\u0435\u043d\u0442\u0440\u0430 \u0438\u043d\u0442\u0435\u0440\u043d\u0435\u0442-\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (MS-ISAC) \u0438 \u041a\u0430\u043d\u0430\u0434\u0441\u043a\u043e\u0433\u043e \u0446\u0435\u043d\u0442\u0440\u0430 \u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (CCCS) \u043e\u0442\u043c\u0435\u0447\u0430\u0435\u0442\u0441\u044f, \u0447\u0442\u043e \u0445\u0430\u043a\u0435\u0440\u044b \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u043d\u043e\u0432\u044b\u0435 \u0432\u0430\u0440\u0438\u0430\u043d\u0442\u044b \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u041f\u041e Truebot \u0434\u043b\u044f \u0430\u0442\u0430\u043a \u043d\u0430 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u0432 \u0421\u0428\u0410 \u0438 \u041a\u0430\u043d\u0430\u0434\u0435. \u0421\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b \u0441 31 \u043c\u0430\u044f \u0441\u0442\u0430\u043b\u0438 \u043e\u0442\u043c\u0435\u0447\u0430\u0442\u044c \u0432\u0441\u043f\u043b\u0435\u0441\u043a \u0444\u0438\u043d\u0430\u043d\u0441\u043e\u0432\u043e \u043c\u043e\u0442\u0438\u0432\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u0438 TrueBot.\n\n\u0418\u0437\u0432\u0435\u0441\u0442\u043d\u043e, \u0447\u0442\u043e Truebot \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u043c\u0438 \u043a\u0438\u0431\u0435\u0440\u043f\u0440\u0435\u0441\u0442\u0443\u043f\u043d\u044b\u043c\u0438 \u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u0430\u043c\u0438 Clop \u0438 Silence \u0434\u043b\u044f \u043a\u0440\u0430\u0436\u0438 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0436\u0435\u0440\u0442\u0432. \u0421\u043e\u0437\u0434\u0430\u043d\u0438\u0435 Truebot \u0432 2017 \u0433\u043e\u0434\u0443 \u043f\u0440\u0438\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u0435 Silence, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u043d\u0430 \u043c\u0430\u0441\u0448\u0442\u0430\u0431\u043d\u044b\u0445 \u0430\u0442\u0430\u043a\u0430\u0445 \u043d\u0430 \u0444\u0438\u043d\u0430\u043d\u0441\u043e\u0432\u044b\u0435 \u0443\u0447\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u044f.\n\n\u041f\u0440\u0435\u0436\u0434\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u044f\u043b\u0438 \u0434\u0430\u043d\u043d\u043e\u0435 \u041f\u041e \u0447\u0435\u0440\u0435\u0437 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u0432\u043b\u043e\u0436\u0435\u043d\u0438\u044f \u0432 \u0444\u0438\u0448\u0438\u043d\u0433\u043e\u0432\u044b\u0445 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u044b\u0445 \u043f\u0438\u0441\u044c\u043c\u0430\u0445, \u043e\u0434\u043d\u0430\u043a\u043e, \u043f\u043e \u0434\u0430\u043d\u043d\u044b\u043c \u0430\u0433\u0435\u043d\u0442\u0441\u0442\u0432, \u0442\u0435\u043f\u0435\u0440\u044c \u043e\u043d\u0438 \u043f\u0435\u0440\u0435\u043a\u043b\u044e\u0447\u0438\u043b\u0438\u0441\u044c \u043d\u0430 \u043d\u043e\u0432\u044b\u0435 \u043c\u0435\u0442\u043e\u0434\u044b \u0438 \u043d\u0430\u0447\u0430\u043b\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0432\u0430\u0440\u0438\u0430\u043d\u0442\u044b, \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u044e\u0449\u0438\u0435 RCE-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c ( CVE-2022-31199 CVSS: 9.8 ) \u0432 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0438 Netwrix Auditor. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043e\u0448\u0438\u0431\u043a\u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u0435\u0440\u0432\u043e\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u0438 \u043f\u0435\u0440\u0435\u043c\u0435\u0449\u0430\u0442\u044c\u0441\u044f \u043f\u043e \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u0441\u0435\u0442\u0438.\n\n\u041f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0435 Netwrix Auditor \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0431\u043e\u043b\u0435\u0435 13 000 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u044f\u043c\u0438 \u0432 100 \u0441\u0442\u0440\u0430\u043d\u0430\u0445 \u043c\u0438\u0440\u0430 \u0434\u043b\u044f \u0430\u0443\u0434\u0438\u0442\u0430 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u044b\u0445 \u0438 \u043e\u0431\u043b\u0430\u0447\u043d\u044b\u0445 \u0418\u0422-\u0441\u0438\u0441\u0442\u0435\u043c, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0430\u0443\u0434\u0438\u0442\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0438\u044f \u0442\u0440\u0435\u0431\u043e\u0432\u0430\u043d\u0438\u044f\u043c. \u041f\u043e \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u044e \u043d\u0430 \u0434\u0435\u043a\u0430\u0431\u0440\u044c 2022 \u0433\u043e\u0434\u0430 \u0431\u044b\u043b\u043e \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043e \u0431\u043e\u043b\u0435\u0435 500 \u0441\u043b\u0443\u0447\u0430\u0435\u0432 \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u0431\u043e\u0442\u043d\u0435\u0442\u043e\u043c TrueBot \u043f\u0440\u0435\u0438\u043c\u0443\u0449\u0435\u0441\u0442\u0432\u0435\u043d\u043d\u043e \u0432 \u0421\u0428\u0410 \u0438 \u041a\u0430\u043d\u0430\u0434\u0435.\n\n\u0414\u0430\u043b\u0435\u0435 \u0432 \u0431\u044e\u043b\u043b\u0435\u0442\u0435\u043d\u0435 \u043f\u043e\u044f\u0441\u043d\u044f\u0435\u0442\u0441\u044f, \u0447\u0442\u043e \u043f\u043e\u0441\u043b\u0435 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u0444\u0430\u0439\u043b\u0430 Truebot \u043f\u0435\u0440\u0435\u0438\u043c\u0435\u043d\u043e\u0432\u044b\u0432\u0430\u0435\u0442 \u0441\u0435\u0431\u044f \u0438 \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u0435\u0442 FlawedGrace \u043d\u0430 \u0445\u043e\u0441\u0442. \u0417\u0430\u0442\u0435\u043c RAT-\u0442\u0440\u043e\u044f\u043d \u0438\u0437\u043c\u0435\u043d\u044f\u0435\u0442 \u0440\u0435\u0435\u0441\u0442\u0440 \u0438 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u044b \u0434\u0438\u0441\u043f\u0435\u0442\u0447\u0435\u0440\u0430 \u043e\u0447\u0435\u0440\u0435\u0434\u0438 \u043f\u0435\u0447\u0430\u0442\u0438, \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0435\u043c\u0443 \u043f\u043e\u0432\u044b\u0448\u0430\u0442\u044c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0438 \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0442\u044c \u043f\u043e\u0441\u0442\u043e\u044f\u043d\u0441\u0442\u0432\u043e. \u042d\u043a\u0441\u043f\u0435\u0440\u0442\u044b \u0442\u0430\u043a\u0436\u0435 \u043d\u0430\u043f\u043e\u043c\u043d\u0438\u043b\u0438 \u043e \u0441\u0432\u044f\u0437\u0438 Truebot \u0441 \u0434\u0440\u0443\u0433\u0438\u043c\u0438 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0438 \u0434\u043e\u0441\u0442\u0430\u0432\u043a\u0438 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c , \u0430 \u0438\u043c\u0435\u043d\u043d\u043e \u0441 Raspberry Robin \u0438 Cobalt Strike.\n\n\u041c\u0430\u0439\u0441\u043a\u0438\u0439 \u0432\u0441\u043f\u043b\u0435\u0441\u043a \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u0438 TrueBot \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u0435\u0449\u0451 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 VMware , \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0443\u043a\u0430\u0437\u0430\u043b\u0438, \u0447\u0442\u043e \u043e\u0441\u043d\u043e\u0432\u043d\u0430\u044f \u0444\u0443\u043d\u043a\u0446\u0438\u044f TrueBot \u2014 \u0441\u043e\u0431\u0438\u0440\u0430\u0442\u044c \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u0441 \u0445\u043e\u0441\u0442\u0430 \u0438 \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u0442\u044c \u043f\u043e\u043b\u0435\u0437\u043d\u044b\u0435 \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0435\u0433\u043e \u044d\u0442\u0430\u043f\u0430, \u0442\u0430\u043a\u0438\u0435 \u043a\u0430\u043a Cobalt Strike, \u0442\u0440\u043e\u044f\u043d FlawedGrace \u0438 \u0440\u0430\u043d\u0435\u0435 \u043d\u0435\u0438\u0437\u0432\u0435\u0441\u0442\u043d\u0443\u044e \u0443\u0442\u0438\u043b\u0438\u0442\u0443 \u0434\u043b\u044f \u044d\u043a\u0441\u0444\u0438\u043b\u044c\u0442\u0440\u0430\u0446\u0438\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 Teleport. \u0414\u0430\u043b\u0435\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u0442\u0441\u044f \u0431\u043e\u043a\u043e\u0432\u043e\u0435 \u043f\u0435\u0440\u0435\u043c\u0435\u0449\u0435\u043d\u0438\u0435 \u0438 \u0441\u0431\u043e\u0440 \u0434\u0430\u043d\u043d\u044b\u0445, \u0430 \u0437\u0430\u0442\u0435\u043c \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0435\u0442\u0441\u044f \u0431\u0438\u043d\u0430\u0440\u043d\u044b\u0439 \u0444\u0430\u0439\u043b \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u044b-\u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u044f Clop. \u0410\u043d\u0430\u043b\u0438\u0437 \u0443\u0442\u0438\u043b\u0438\u0442\u044b Teleport \u043f\u043e\u043a\u0430\u0437\u0430\u043b, \u0447\u0442\u043e \u041f\u041e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0438\u0441\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0434\u043b\u044f \u0441\u0431\u043e\u0440\u0430 \u0444\u0430\u0439\u043b\u043e\u0432 \u0438\u0437 OneDrive \u0438 \u0417\u0430\u0433\u0440\u0443\u0437\u043e\u043a, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0439 \u0438\u0437 Outlook.\n\n\u0421\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b \u043f\u0440\u0435\u0434\u043b\u043e\u0436\u0438\u043b\u0438 \u0448\u0430\u0433\u0438 \u0434\u043b\u044f \u0441\u043d\u0438\u0436\u0435\u043d\u0438\u044f \u0432\u043e\u0437\u0440\u043e\u0441\u0448\u0435\u0439 \u0443\u0433\u0440\u043e\u0437\u044b \u0441\u043e \u0441\u0442\u043e\u0440\u043e\u043d\u044b Truebot, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u043c\u043e\u043d\u0438\u0442\u043e\u0440\u0438\u043d\u0433 \u0438 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u041f\u041e \u0438 \u043f\u0440\u0438\u043c\u0435\u043d\u0435\u043d\u0438\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0439 Netwrix Auditor.\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2023-07-08T11:46:12.000000Z"}, {"uuid": "0d1c325e-052c-4874-9637-366003c925e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3119", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17185", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-3119\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The OAuth client Single Sign On WordPress plugin before 3.0.4 does not have authorisation and CSRF when updating its settings, which could allow unauthenticated attackers to update them and change the OAuth endpoints to ones they controls, allowing them to then be authenticated as admin if they know the correct email address\n\ud83d\udccf Published: 2022-09-26T12:35:44.000Z\n\ud83d\udccf Modified: 2025-05-21T19:16:49.270Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/55b83cee-a8a5-4f9d-a976-a3eed9a558e5", "creation_timestamp": "2025-05-21T19:42:57.000000Z"}, {"uuid": "6615c970-81c9-4e53-9844-e3eccfc81435", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31199", "type": "seen", "source": "Telegram/wwVcY3zDkRM9q7TwdmLGSA5ALojCHeWE6CZ_8VMATP0Z7g", "content": "", "creation_timestamp": "2023-07-07T11:51:07.000000Z"}, {"uuid": "00da46b2-c3b7-4cbd-adde-a7318b050872", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31199", "type": "seen", "source": "https://t.me/KomunitiSiber/455", "content": "Cybersecurity Agencies Sound Alarm on Rising TrueBot Malware Attacks\nhttps://thehackernews.com/2023/07/cybersecurity-agencies-sound-alarm-on.html\n\nCybersecurity agencies have warned about the emergence of new variants of the TrueBot malware. This enhanced threat is now targeting companies in the U.S. and Canada with the intention of extracting confidential data from infiltrated systems.\nThese sophisticated attacks exploit a critical vulnerability (CVE-2022-31199) in the widely used Netwrix Auditor server and its associated agents.\nThis", "creation_timestamp": "2023-07-07T11:36:40.000000Z"}, {"uuid": "fe0c18bf-371c-43de-8f98-a33ed7e12ff7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3119", "type": "seen", "source": "https://t.me/cibsecurity/50469", "content": "\u203c CVE-2022-3119 \u203c\n\nThe OAuth client Single Sign On WordPress plugin before 3.0.4 does not have authorisation and CSRF when updating its settings, which could allow unauthenticated attackers to update them and change the OAuth endpoints to ones they controls, allowing them to then be authenticated as admin if they know the correct email address\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-26T16:21:49.000000Z"}, {"uuid": "0bd7fbb4-b4da-4f48-9970-d3cf37d58a62", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31190", "type": "seen", "source": "https://t.me/cibsecurity/47371", "content": "\u203c CVE-2022-31190 \u203c\n\nDSpace open source software is a repository application which provides durable access to digital resources. dspace-xmlui is a UI component for DSpace. In affected versions metadata on a withdrawn Item is exposed via the XMLUI \"mets.xml\" object, as long as you know the handle/URL of the withdrawn Item. This vulnerability only impacts the XMLUI. Users are advised to upgrade to version 6.4 or newer.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-02T00:17:11.000000Z"}, {"uuid": "ea7143e8-7e0d-4588-ac13-2a7c832c8c82", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31197", "type": "seen", "source": "https://t.me/cibsecurity/47510", "content": "\u203c CVE-2022-31197 \u203c\n\nPostgreSQL JDBC Driver (PgJDBC for short) allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. The PGJDBC implementation of the `java.sql.ResultRow.refreshRow()` method is not performing escaping of column names so a malicious column name that contains a statement terminator, e.g. `;`, could lead to SQL injection. This could lead to executing additional SQL commands as the application's JDBC user. User applications that do not invoke the `ResultSet.refreshRow()` method are not impacted. User application that do invoke that method are impacted if the underlying database that they are querying via their JDBC application may be under the control of an attacker. The attack requires the attacker to trick the user into executing SQL against a table name who's column names would contain the malicious SQL and subsequently invoke the `refreshRow()` method on the ResultSet. Note that the application's JDBC user and the schema owner need not be the same. A JDBC application that executes as a privileged user querying database schemas owned by potentially malicious less-privileged users would be vulnerable. In that situation it may be possible for the malicious user to craft a schema that causes the application to execute commands as the privileged user. Patched versions will be released as `42.2.26` and `42.4.1`. Users are advised to upgrade. There are no known workarounds for this issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-03T22:18:47.000000Z"}, {"uuid": "1270aa76-f70c-4dec-ada4-0ab7d41b533d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31192", "type": "seen", "source": "https://t.me/cibsecurity/47378", "content": "\u203c CVE-2022-31192 \u203c\n\nDSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI \"Request a Copy\" feature does not properly escape values submitted and stored from the \"Request a Copy\" form. This means that item requests could be vulnerable to XSS attacks. This vulnerability only impacts the JSPUI. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-02T00:17:21.000000Z"}, {"uuid": "63d59c77-86e5-4d50-af9d-c4988adbb713", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31191", "type": "seen", "source": "https://t.me/cibsecurity/47377", "content": "\u203c CVE-2022-31191 \u203c\n\nDSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI spellcheck \"Did you mean\" HTML escapes the data-spell attribute in the link, but not the actual displayed text. Similarly, the JSPUI autocomplete HTML does not properly escape text passed to it. Both are vulnerable to XSS. This vulnerability only impacts the JSPUI. Users are advised to upgrade. There are no known workarounds for this issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-02T00:17:19.000000Z"}, {"uuid": "85b2d334-dd68-4ef8-9ab2-16cf2f170639", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31193", "type": "seen", "source": "https://t.me/cibsecurity/47372", "content": "\u203c CVE-2022-31193 \u203c\n\nDSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI controlled vocabulary servlet is vulnerable to an open redirect attack, where an attacker can craft a malicious URL that looks like a legitimate DSpace/repository URL. When that URL is clicked by the target, it redirects them to a site of the attacker's choice. This issue has been patched in versions 5.11 and 6.4. Users are advised to upgrade. There are no known workaround for this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-26T07:48:29.000000Z"}, {"uuid": "8eb462ee-c00c-42a8-a940-b2f5897d4c15", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31198", "type": "seen", "source": "https://t.me/cibsecurity/47388", "content": "\u203c CVE-2022-31198 \u203c\n\nOpenZeppelin Contracts is a library for secure smart contract development. This issue concerns instances of Governor that use the module `GovernorVotesQuorumFraction`, a mechanism that determines quorum requirements as a percentage of the voting token's total supply. In affected instances, when a proposal is passed to lower the quorum requirements, past proposals may become executable if they had been defeated only due to lack of quorum, and the number of votes it received meets the new quorum requirement. Analysis of instances on chain found only one proposal that met this condition, and we are actively monitoring for new occurrences of this particular issue. This issue has been patched in v4.7.2. Users are advised to upgrade. Users unable to upgrade should consider avoiding lowering quorum requirements if a past proposal was defeated for lack of quorum.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-02T00:17:32.000000Z"}, {"uuid": "0e8a5afb-8740-49aa-b745-cbaeab47559c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31195", "type": "seen", "source": "https://t.me/cibsecurity/47384", "content": "\u203c CVE-2022-31195 \u203c\n\nDSpace open source software is a repository application which provides durable access to digital resources. In affected versions the ItemImportServiceImpl is vulnerable to a path traversal vulnerability. This means a malicious SAF (simple archive format) package could cause a file/directory to be created anywhere the Tomcat/DSpace user can write to on the server. However, this path traversal vulnerability is only possible by a user with special privileges (either Administrators or someone with command-line access to the server). This vulnerability impacts the XMLUI, JSPUI and command-line. Users are advised to upgrade. As a basic workaround, users may block all access to the following URL paths: If you are using the XMLUI, block all access to /admin/batchimport path (this is the URL of the Admin Batch Import tool). Keep in mind, if your site uses the path \"/xmlui\", then you'd need to block access to /xmlui/admin/batchimport. If you are using the JSPUI, block all access to /dspace-admin/batchimport path (this is the URL of the Admin Batch Import tool). Keep in mind, if your site uses the path \"/jspui\", then you'd need to block access to /jspui/dspace-admin/batchimport. Keep in mind, only an Administrative user or a user with command-line access to the server is able to import/upload SAF packages. Therefore, assuming those users do not blindly upload untrusted SAF packages, then it is unlikely your site could be impacted by this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-02T00:17:29.000000Z"}, {"uuid": "5c009763-11f9-419b-88d7-b2e17ad32733", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31194", "type": "seen", "source": "https://t.me/cibsecurity/47381", "content": "\u203c CVE-2022-31194 \u203c\n\nDSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI resumable upload implementations in SubmissionController and FileUploadRequest are vulnerable to multiple path traversal attacks, allowing an attacker to create files/directories anywhere on the server writable by the Tomcat/DSpace user, by modifying some request parameters during submission. This path traversal can only be executed by a user with special privileges (submitter rights). This vulnerability only impacts the JSPUI. Users are advised to upgrade. There are no known workarounds. However, this vulnerability cannot be exploited by an anonymous user or a basic user. The user must first have submitter privileges to at least one Collection and be able to determine how to modify the request parameters to exploit the vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-02T00:17:25.000000Z"}]}