{"vulnerability": "CVE-2022-3166", "sightings": [{"uuid": "8df97767-ac27-4ffa-ad10-8a5581bda18b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31665", "type": "seen", "source": "MISP/d3a33563-6aa9-4388-8f6a-8f738a3a01c1", "content": "", "creation_timestamp": "2022-12-08T14:11:31.000000Z"}, {"uuid": "9ade9eeb-49e7-441d-b06f-8f58c072a7f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31666", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113481105542747243", "content": "", "creation_timestamp": "2024-11-14T11:37:32.704562Z"}, {"uuid": "37e9733f-8d2d-4704-9966-618a5eb7cfe4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31667", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113481166368149680", "content": "", "creation_timestamp": "2024-11-14T11:53:00.723790Z"}, {"uuid": "317e3491-b0ff-4791-9a31-43549bf8a0c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31669", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113481166382753625", "content": "", "creation_timestamp": "2024-11-14T11:53:00.982537Z"}, {"uuid": "1e155dca-573b-4302-be1f-3c1cdd050787", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31660", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:45.000000Z"}, {"uuid": "f8b92e70-212e-4114-bb00-fb989f8c6a5d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31660", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:46.000000Z"}, {"uuid": "e00afadf-959b-40a2-80e3-c6c573cacb83", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31660", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/local/vmware_workspace_one_access_certproxy_lpe.rb", "content": "", "creation_timestamp": "2022-08-03T22:11:28.000000Z"}, {"uuid": "b00655b9-c80d-4128-acf6-0802db020679", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31661", "type": "seen", "source": "https://t.me/poxek/2247", "content": "CVE-2022-31660 and CVE-2022-31661 (FIXED): VMware Workspace ONE Access, Identity Manager, and vRealize Automation LPE", "creation_timestamp": "2022-08-13T21:00:43.000000Z"}, {"uuid": "3b214ebf-860e-4575-b212-26c00c12ee99", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31660", "type": "seen", "source": "https://t.me/poxek/2247", "content": "CVE-2022-31660 and CVE-2022-31661 (FIXED): VMware Workspace ONE Access, Identity Manager, and vRealize Automation LPE", "creation_timestamp": "2022-08-13T21:00:43.000000Z"}, {"uuid": "05d0e78c-234f-417d-a1e2-05bb597400d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31666", "type": "seen", "source": "https://t.me/cvedetector/10938", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2022-31666 - Harbor Webhook Policy Privilege Escalation vulnerability\", \n  \"Content\": \"CVE ID : CVE-2022-31666 \nPublished : Nov. 14, 2024, 12:15 p.m. | 38\u00a0minutes ago \nDescription : Harbor fails to validate user permissions while deleting Webhook policies, allowing malicious users to view, update and delete Webhook policies of other users.\u00a0\u00a0The attacker could modify Webhook policies configured in other projects. \nSeverity: 7.7 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-14T14:08:50.000000Z"}, {"uuid": "9febf132-a8d5-4091-8f5a-4ca3630a7e26", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31668", "type": "seen", "source": "https://t.me/cvedetector/10940", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2022-31668 - Harbor P2P Preheat Policy Permission Bypass Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2022-31668 \nPublished : Nov. 14, 2024, 12:15 p.m. | 38\u00a0minutes ago \nDescription : Harbor fails to validate the user permissions when updating p2p preheat policies.\u00a0By sending a request to update a p2p preheat policy with an id that belongs to a project that the currently authenticated user doesn't have access to, the attacker could modify p2p preheat policies configured in other projects. \nSeverity: 7.4 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-14T14:08:55.000000Z"}, {"uuid": "f07f3a3a-9dd0-4ed1-a39c-94945e0ee569", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31667", "type": "seen", "source": "https://t.me/cvedetector/10939", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2022-31667 - Harbor Robot Account Privilege Escalation Remote Code Execution\", \n  \"Content\": \"CVE ID : CVE-2022-31667 \nPublished : Nov. 14, 2024, 12:15 p.m. | 38\u00a0minutes ago \nDescription : Harbor fails to validate the user permissions when updating a robot account that\u00a0belongs to a project that the authenticated user doesn\u2019t have access to.\u00a0  \n  \nBy sending a request that attempts to update a robot account, and specifying a robot\u00a0account id and robot account name that belongs to a different project that the user\u00a0doesn\u2019t have access to, it was possible to revoke the robot account permissions. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-14T14:08:51.000000Z"}, {"uuid": "a35e80e8-56ba-41ff-a2db-16dffd23cfb9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31669", "type": "seen", "source": "https://t.me/cvedetector/10941", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2022-31669 - Harbor Permission Bypass (Unauthorized Tag Immutability Policy Update)\", \n  \"Content\": \"CVE ID : CVE-2022-31669 \nPublished : Nov. 14, 2024, 12:15 p.m. | 38\u00a0minutes ago \nDescription : Harbor fails to validate the user permissions when updating tag immutability policies.\u00a0  \n  \nBy sending a request to update a tag immutability policy with an id that belongs to a  \nproject that the currently authenticated user doesn\u2019t have access to, the attacker could  \nmodify tag immutability policies configured in other projects. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-14T14:08:56.000000Z"}, {"uuid": "e0c5e3c5-7d62-41e2-8e31-645d91bc5a0e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3166", "type": "seen", "source": "https://t.me/cibsecurity/54779", "content": "\u203c CVE-2022-3166 \u203c\n\nRockwell Automation was made aware that the webservers of the Micrologix 1100 and 1400 controllers contain a vulnerability that may lead to a denial-of-service condition. The security vulnerability could be exploited by an attacker with network access to the affected systems by sending TCP packets to webserver and closing it abruptly which would cause a denial-of-service condition for the web server application on the device\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-16T22:24:34.000000Z"}, {"uuid": "5b5e1baf-c8e1-459e-94e0-e54e1c4e10ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31663", "type": "seen", "source": "https://t.me/cibsecurity/47636", "content": "\u203c CVE-2022-31663 \u203c\n\nVMware Workspace ONE Access, Identity Manager and vRealize Automation contain a reflected cross-site scripting (XSS) vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user's window.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-05T20:21:02.000000Z"}, {"uuid": "da4de201-ba35-417d-a5ab-27da4cbc6ab5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31660", "type": "seen", "source": "https://t.me/cibsecurity/47627", "content": "\u203c CVE-2022-31660 \u203c\n\nVMware Workspace ONE Access, Identity Manager and vRealize Automation contains a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-05T20:20:50.000000Z"}, {"uuid": "d1f061ce-76ae-46ae-8fe0-ef7c7715d4f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31665", "type": "seen", "source": "https://t.me/cibsecurity/47633", "content": "\u203c CVE-2022-31665 \u203c\n\nVMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-05T20:20:57.000000Z"}]}