{"vulnerability": "cve-2022-3167", "sightings": [{"uuid": "17dddc80-ea27-4fb2-ae42-a765fa9c1b9b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31671", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113481135941683844", "content": "", "creation_timestamp": "2024-11-14T11:45:16.327974Z"}, {"uuid": "16eee0be-e8a9-4aa9-a1fe-b75474b6c1c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31670", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113481166398658446", "content": "", "creation_timestamp": "2024-11-14T11:53:01.364892Z"}, {"uuid": "76cc25bc-9a9f-43d2-87c5-30a3a0ac5c7c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31678", "type": "seen", "source": "MISP/d17bd6ef-d68b-317b-ac33-cdbc44c5fc57", "content": "", "creation_timestamp": "2025-08-31T03:12:58.000000Z"}, {"uuid": "047be4fb-2886-4064-b4af-6cdff21c4dd5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31678", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3me2rjteym224", "content": "", "creation_timestamp": "2026-02-04T21:02:29.346034Z"}, {"uuid": "39ce814e-d808-40d0-ab04-20a68b1529f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31678", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15555", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-31678\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: VMware Cloud Foundation (NSX-V) contains an XML External Entity (XXE) vulnerability. On VCF 3.x instances with NSX-V deployed, this may allow a user to exploit this issue leading to a denial-of-service condition or unintended information disclosure.\n\ud83d\udccf Published: 2022-10-28T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-08T16:02:58.243Z\n\ud83d\udd17 References:\n1. https://www.vmware.com/security/advisories/VMSA-2022-0027.html", "creation_timestamp": "2025-05-08T16:23:54.000000Z"}, {"uuid": "b18aee29-bfdd-464b-87b3-69759426b73b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31678", "type": "seen", "source": "https://t.me/itsec_news/1627", "content": "\u200b\u2694\ufe0f VMware \u043f\u0440\u043e\u043f\u0430\u0442\u0447\u0438\u043b\u0430 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e RCE-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 Cloud Foundation.\n\n\ud83d\udcac \u0412\u0447\u0435\u0440\u0430 VMware \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0432 \u043a\u043e\u0442\u043e\u0440\u043e\u043c \u0431\u044b\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 VMware Cloud Foundation, \u0433\u0438\u0431\u0440\u0438\u0434\u043d\u043e\u0439 \u043e\u0431\u043b\u0430\u0447\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435 \u0434\u043b\u044f \u0437\u0430\u043f\u0443\u0441\u043a\u0430 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u0445 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 \u0432 \u0447\u0430\u0441\u0442\u043d\u044b\u0445 \u0438\u043b\u0438 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u044b\u0445 \u0441\u0440\u0435\u0434\u0430\u0445.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0434 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u043e\u043c CVE-2021-39144 \u043d\u0430\u0445\u043e\u0434\u0438\u0442\u0441\u044f \u0432 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0435 \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c XStream, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u043e\u0439 Cloud Foundation, \u0438 \u0438\u043c\u0435\u0435\u0442 \u043e\u0446\u0435\u043d\u043a\u0443 9,8 \u0438\u0437 10 \u043f\u043e \u0448\u043a\u0430\u043b\u0435 CVSS. \u0415\u0439 \u043c\u043e\u0433\u0443\u0442 \u0432\u043e\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u043d\u0435\u0430\u0432\u0442\u043e\u0440\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0445\u0430\u043a\u0435\u0440\u044b \u0432 \u0445\u043e\u0434\u0435 \u043d\u0435\u0441\u043b\u043e\u0436\u043d\u044b\u0445 \u0430\u0442\u0430\u043a, \u043d\u0435 \u0442\u0440\u0435\u0431\u0443\u044e\u0449\u0438\u0445 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0441 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c.\n\n\u0412 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0438 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 \u0433\u043e\u0432\u043e\u0440\u0438\u0442\u0441\u044f, \u0447\u0442\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0441 \u043f\u0440\u0430\u0432\u0430\u043c\u0438 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u0438\u0437-\u0437\u0430 \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u043a\u043e\u043d\u0435\u0447\u043d\u043e\u0439 \u0442\u043e\u0447\u043a\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0435\u0439 XStream \u0434\u043b\u044f \u0441\u0435\u0440\u0438\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0432\u0432\u043e\u0434\u0430 \u0432 VMware Cloud Foundation. \u0422\u0430\u043a \u043a\u0430\u043a \u0431\u0440\u0435\u0448\u044c \u0432 \u0437\u0430\u0449\u0438\u0442\u0435 \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0430\u044f, VMware \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 \u0441 \u0438\u0441\u0442\u0435\u043a\u0448\u0438\u043c \u0441\u0440\u043e\u043a\u043e\u043c \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438.\n\n\u041e\u0434\u043d\u0438\u043c \u0438\u0437 \u0440\u0435\u0448\u0435\u043d\u0438\u0439 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0441\u0442\u0430\u043b\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 XStream \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1.4.19, \u0432 \u043a\u043e\u0442\u043e\u0440\u043e\u0439 CVE-2021-39144 \u0443\u0436\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430. \u041f\u043e \u043c\u043d\u0435\u043d\u0438\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u043e\u0432, \u044d\u0442\u043e \u0434\u043e\u043b\u0436\u043d\u043e \u0437\u0430\u0449\u0438\u0442\u0438\u0442\u044c \u043d\u0435\u043f\u0440\u043e\u043f\u0430\u0442\u0447\u0435\u043d\u043d\u044b\u0435 \u0441\u0435\u0440\u0432\u0435\u0440\u044b.\n\n\u0412 \u0442\u043e\u043c \u0436\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0431\u044b\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u0434\u0440\u0443\u0433\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043f\u043e\u043b\u0443\u0447\u0438\u0432\u0448\u0430\u044f \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440 CVE-2022-31678. \u0415\u0451 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u043c \u043c\u043e\u0436\u0435\u0442 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0438\u043b\u0438 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044c \u043b\u0438\u0447\u043d\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u0436\u0435\u0440\u0442\u0432\u044b \u043f\u043e\u0441\u043b\u0435 \u0443\u0441\u043f\u0435\u0448\u043d\u043e\u0439 XEE-\u0430\u0442\u0430\u043a\u0438.\n\n\u041f\u043e\u043c\u0438\u043c\u043e \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 \u043f\u0430\u0442\u0447\u0430 \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d \u043e\u0431\u0445\u043e\u0434\u043d\u043e\u0439 \u043f\u0443\u0442\u044c \u2013 \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0435 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u044b \u0434\u043e\u043b\u0436\u043d\u044b \u0432\u043e\u0439\u0442\u0438 \u0432 \u043a\u0430\u0436\u0434\u0443\u044e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u0443\u044e \u043c\u0430\u0448\u0438\u043d\u0443 NSX-\u043c\u0435\u043d\u0435\u0434\u0436\u0435\u0440\u0430 SDDC \u0432 \u0441\u0440\u0435\u0434\u0435 Cloud Foundation. \u041f\u043e\u0441\u043b\u0435 \u044d\u0442\u043e\u0433\u043e \u043e\u043d\u0438 \u0434\u043e\u043b\u0436\u043d\u044b \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u0441\u0432\u0435\u0436\u0438\u0439 \u043f\u0430\u0442\u0447 NSX \u0434\u043b\u044f vSphere, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043e\u0431\u043d\u043e\u0432\u043b\u044f\u0435\u0442 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0443 XStream \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1.4.19, \u0447\u0442\u043e \u0437\u0430\u043a\u0440\u043e\u0435\u0442 \u0431\u0440\u0435\u0448\u044c \u0432 \u0437\u0430\u0449\u0438\u0442\u0435.\n\n#VMware #\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c #CloudFoundation\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2024-07-12T06:07:44.000000Z"}, {"uuid": "30248379-84f3-4153-8ddd-559e5d400966", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31671", "type": "seen", "source": "https://t.me/cvedetector/10934", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2022-31671 - Harbor Unauthorized Access Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2022-31671 \nPublished : Nov. 14, 2024, 12:15 p.m. | 38\u00a0minutes ago \nDescription : Harbor fails to validate user permissions when reading and updating job execution logs through the P2P preheat execution logs. By sending a request that attempts to read/update P2P preheat execution logs and specifying different job IDs, malicious authenticated users\u00a0could read all the job logs stored in the Harbor database. \nSeverity: 7.4 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-14T14:08:43.000000Z"}, {"uuid": "bf072e08-ecfa-441b-b3c7-c6ac2660ae90", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31675", "type": "seen", "source": "https://t.me/poxek/2470", "content": "#CVE\n\nDash Override\nCVE-2022-31675 - MainPortalFilter ui Authentication Bypass\nCVE-2022-31674 - SupportLogAction Information Disclosure\nCVE-2022-31672 - generateSupportBundle VCOPS_BASE Privilege Escalation\n\nThis is a pre-authenticated RCE exploit for VMware vRealize Operations Manager", "creation_timestamp": "2022-09-07T19:00:04.000000Z"}, {"uuid": "764db194-6b6f-4803-8994-0dffa5cae337", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31672", "type": "seen", "source": "https://t.me/poxek/2470", "content": "#CVE\n\nDash Override\nCVE-2022-31675 - MainPortalFilter ui Authentication Bypass\nCVE-2022-31674 - SupportLogAction Information Disclosure\nCVE-2022-31672 - generateSupportBundle VCOPS_BASE Privilege Escalation\n\nThis is a pre-authenticated RCE exploit for VMware vRealize Operations Manager", "creation_timestamp": "2022-09-07T19:00:04.000000Z"}, {"uuid": "9ab9f78d-664f-449b-b061-c37cbb7821b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31674", "type": "seen", "source": "https://t.me/poxek/2470", "content": "#CVE\n\nDash Override\nCVE-2022-31675 - MainPortalFilter ui Authentication Bypass\nCVE-2022-31674 - SupportLogAction Information Disclosure\nCVE-2022-31672 - generateSupportBundle VCOPS_BASE Privilege Escalation\n\nThis is a pre-authenticated RCE exploit for VMware vRealize Operations Manager", "creation_timestamp": "2022-09-07T19:00:04.000000Z"}, {"uuid": "17cb83b2-2d23-4510-b178-34fa0e3500d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31670", "type": "seen", "source": "https://t.me/cvedetector/10933", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2022-31670 - Harbor Access Control Bypass (Privilege Escalation)\", \n  \"Content\": \"CVE ID : CVE-2022-31670 \nPublished : Nov. 14, 2024, 12:15 p.m. | 38\u00a0minutes ago \nDescription : Harbor fails to validate the user permissions when updating tag retention policies.\u00a0  \n  \nBy sending a request to update a tag retention policy with an id that belongs to a project\u00a0that the currently authenticated user doesn\u2019t have access to, the attacker could modify  \ntag retention policies configured in other projects. \nSeverity: 7.7 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-14T14:08:43.000000Z"}, {"uuid": "f631759d-d3de-4daa-8930-93a03802e1f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31678", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/581", "content": "CVE-2022-31678 : Pre-Authenticated Remote Code Execution in VMware NSX Manager\nhttps://srcincite.io/blog/2022/10/25/eat-what-you-kill-pre-authenticated-rce-in-vmware-nsx-manager.html", "creation_timestamp": "2022-11-13T21:29:01.000000Z"}, {"uuid": "32b09f44-5f72-4419-b164-c74b4d9ad672", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31678", "type": "seen", "source": "https://t.me/true_secator/3619", "content": "VMware \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043f\u0430\u0442\u0447 \u0434\u043b\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 RCE-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 Cloud Foundation, \u0433\u0438\u0431\u0440\u0438\u0434\u043d\u043e\u0439 \u043e\u0431\u043b\u0430\u0447\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435 \u0434\u043b\u044f \u0437\u0430\u043f\u0443\u0441\u043a\u0430 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u0445 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 \u0432 \u0447\u0430\u0441\u0442\u043d\u044b\u0445 \u0438\u043b\u0438 \u043e\u0431\u0449\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0445 \u0441\u0440\u0435\u0434\u0430\u0445.\n\nCVE-2021-39144 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0443 \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c XStream \u0438 \u0438\u043c\u0435\u0435\u0442 \u043f\u043e\u0447\u0442\u0438 \u043c\u0430\u043a\u0441\u0438\u043c\u0430\u043b\u044c\u043d\u0443\u044e \u0431\u0430\u0437\u043e\u0432\u0443\u044e \u043e\u0446\u0435\u043d\u043a\u0443 CVSSv3 9,8/10, \u043f\u0440\u0438\u0441\u0432\u043e\u0435\u043d\u043d\u0443\u044e VMware.\n\n\u041e \u043d\u0435\u0439 \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0438 \u0421\u0438\u043d\u0430 \u0425\u0435\u0439\u0440\u043a\u0445 \u0438 \u0421\u0442\u0438\u0432\u0435\u043d \u0421\u0438\u043b\u0438 \u0438\u0437 Source Incite.\n\n\u0418\u0437-\u0437\u0430 \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u043a\u043e\u043d\u0435\u0447\u043d\u043e\u0439 \u0442\u043e\u0447\u043a\u0438, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 XStream \u0434\u043b\u044f \u0441\u0435\u0440\u0438\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0432\u0432\u043e\u0434\u0430 \u0432 VMware Cloud Foundation (NSX-V), \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a\u043e\u0434\u0430 \u0432 \u043a\u043e\u043d\u0442\u0435\u043a\u0441\u0442\u0435 \u00abroot\u00bb \u043d\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0435.\n\n\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u043a \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438, \u043d\u0435 \u043f\u0440\u043e\u0448\u0435\u0434\u0448\u0438\u043c\u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438, \u0432 \u043d\u0435\u0441\u043b\u043e\u0436\u043d\u044b\u0445 \u0430\u0442\u0430\u043a\u0430\u0445, \u043d\u0435 \u0442\u0440\u0435\u0431\u0443\u044e\u0449\u0438\u0445 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0441 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c.\n\n\u0414\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f CVE-2021-39144 VMware \u043e\u0431\u043d\u043e\u0432\u0438\u043b\u0430 XStream \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1.4.19.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u044b \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f\u00a0\u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 \u0441 \u0438\u0441\u0442\u0435\u043a\u0448\u0438\u043c \u0441\u0440\u043e\u043a\u043e\u043c\u00a0\u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438.\n\n\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0434\u0440\u0443\u0433\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2022-31678, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u0432\u044b\u0437\u0432\u0430\u0442\u044c DoS \u0438\u043b\u0438 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044c \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u043f\u043e\u0441\u043b\u0435 \u0443\u0441\u043f\u0435\u0448\u043d\u044b\u0445 \u0430\u0442\u0430\u043a \u0441 \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435\u043c \u0432\u043d\u0435\u0448\u043d\u0438\u0445 \u043e\u0431\u044a\u0435\u043a\u0442\u043e\u0432 XML (XXE).\n\nVMware \u0442\u0430\u043a\u0436\u0435 \u043f\u0440\u0435\u0434\u043b\u043e\u0436\u0435\u043d\u043e\u00a0\u0432\u0440\u0435\u043c\u0435\u043d\u043d\u043e\u0435 \u0440\u0435\u0448\u0435\u043d\u0438\u0435\u00a0\u0434\u043b\u044f \u0442\u0435\u0445, \u043a\u0442\u043e \u043d\u0435 \u043c\u043e\u0436\u0435\u0442 \u043e\u043f\u0435\u0440\u0430\u0442\u0438\u0432\u043d\u043e \u043f\u0440\u043e\u043f\u0430\u0442\u0447\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430.\n\n\u0410\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430\u043c \u043f\u043e\u0442\u0440\u0435\u0431\u0443\u0435\u0442\u0441\u044f \u0432\u0445\u043e\u0434 \u0432 \u043a\u0430\u0436\u0434\u0443\u044e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u0443\u044e \u043c\u0430\u0448\u0438\u043d\u0443 \u0434\u0438\u0441\u043f\u0435\u0442\u0447\u0435\u0440\u0430 SDDC \u0432 \u0441\u0432\u043e\u0435\u0439 \u0441\u0440\u0435\u0434\u0435 Cloud Foundation \u0434\u043b\u044f \u043f\u0440\u0438\u043c\u0435\u043d\u0435\u043d\u0438\u044f \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f NSX \u0434\u043b\u044f vSphere (NSX-V), \u043a\u043e\u0442\u043e\u0440\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u0438\u0442 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0443 XStream \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1.4.19.\n\n\u041e\u0434\u043d\u0430\u043a\u043e, \u0432 \u043e\u0442\u043b\u0438\u0447\u0438\u0435 \u043e\u0442 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439, \u043e\u0431\u0445\u043e\u0434\u043d\u043e\u0439 \u043f\u0443\u0442\u044c \u043f\u043e\u0442\u0440\u0435\u0431\u0443\u0435\u0442 \u043e\u0442 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u043e\u0432 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0432\u0441\u0435\u0445 \u0448\u0430\u0433\u043e\u0432 \u043a\u0430\u0436\u0434\u044b\u0439 \u0440\u0430\u0437, \u043a\u043e\u0433\u0434\u0430 \u0441\u043e\u0437\u0434\u0430\u0435\u0442\u0441\u044f \u043d\u043e\u0432\u044b\u0439 \u0434\u043e\u043c\u0435\u043d \u0440\u0430\u0431\u043e\u0447\u0435\u0439 \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0438 VI.", "creation_timestamp": "2022-10-26T13:20:03.000000Z"}, {"uuid": "eddbacf6-e349-49a6-a14c-4694d77118d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31676", "type": "seen", "source": "https://t.me/true_secator/3333", "content": "\u0413\u0438\u0433\u0430\u043d\u0442 \u041f\u041e \u0434\u043b\u044f \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 VMware \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043d\u0430\u0431\u043e\u0440\u0430 \u0443\u0442\u0438\u043b\u0438\u0442 VMware Tools.\n\nVMware Tools \u043f\u0440\u0435\u0434\u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d \u0434\u043b\u044f \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u0438 \u0433\u043e\u0441\u0442\u0435\u0432\u044b\u0445 \u041e\u0421, \u0431\u0435\u0441\u043f\u0440\u0435\u043f\u044f\u0442\u0441\u0442\u0432\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0441 \u043d\u0438\u043c\u0438 \u0438 \u0443\u043b\u0443\u0447\u0448\u0435\u043d\u0438\u044f \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0439 \u043c\u0430\u0448\u0438\u043d\u043e\u0439.\n\n\u0421\u043e\u0433\u043b\u0430\u0441\u043d\u043e \u0431\u044e\u043b\u043b\u0435\u0442\u0435\u043d\u044e\u00a0VMWare, CVE-2022-31676 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438 \u0434\u043b\u044f \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0432 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435.\n\n\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0441 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u044b\u043c \u043d\u0435\u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c \u043a \u0433\u043e\u0441\u0442\u0435\u0432\u043e\u0439 \u041e\u0421 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f root \u043d\u0430 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0439 \u043c\u0430\u0448\u0438\u043d\u0435.\n\n\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u0437\u0430\u044f\u0432\u0438\u043b\u0430, \u0447\u0442\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 VMware Tools \u043a\u0430\u043a \u043d\u0430 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0430\u0445 Windows, \u0442\u0430\u043a \u0438 \u043d\u0430 Linux, \u0434\u043b\u044f \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 \u2014\u00a012.1.0\u00a0\u0438\u00a010.3.25.\n\n\u0412\u0441\u0435 \u0431\u044b \u0445\u043e\u0440\u043e\u0448\u043e, \u043d\u043e \u044d\u0442\u043e\u043c \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b VMware \u043d\u0435 \u0437\u0430\u043a\u043e\u043d\u0447\u0438\u043b\u0438\u0441\u044c.\n\n\u0421\u0435\u0440\u0432\u0435\u0440\u044b \u0438 \u0440\u0430\u0431\u043e\u0447\u0438\u0435 \u0441\u0442\u0430\u043d\u0446\u0438\u0438 Windows \u0432 \u0434\u0435\u0441\u044f\u0442\u043a\u0430\u0445 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0439 \u0441\u0435\u0433\u043e\u0434\u043d\u044f \u043d\u0430\u0447\u0430\u043b\u0438 \u0432\u044b\u0445\u043e\u0434\u0438\u0442\u044c \u0438\u0437 \u0441\u0442\u0440\u043e\u044f \u0438\u0437-\u0437\u0430 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b, \u0432\u044b\u0437\u0432\u0430\u043d\u043d\u043e\u0439 \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u043c\u0438 \u0432\u0435\u0440\u0441\u0438\u044f\u043c\u0438 \u0440\u0435\u0448\u0435\u043d\u0438\u044f VMware \u0434\u043b\u044f \u0437\u0430\u0449\u0438\u0442\u044b \u043a\u043e\u043d\u0435\u0447\u043d\u044b\u0445 \u0442\u043e\u0447\u0435\u043a Carbon Black.\n\n\u0421\u0443\u0442\u044c \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0437\u0430\u043a\u043b\u044e\u0447\u0430\u0435\u0442\u0441\u044f \u0432 \u043d\u043e\u0432\u043e\u043c \u043d\u0430\u0431\u043e\u0440\u0435 \u043f\u0440\u0430\u0432\u0438\u043b \u043f\u0430\u043a\u0435\u0442\u043e\u043c \u0441\u0438\u0433\u043d\u0430\u0442\u0443\u0440 AV 8.19.22.224 \u0434\u043b\u044f \u0434\u0430\u0442\u0447\u0438\u043a\u0430 \u0443\u0433\u043b\u0435\u0440\u043e\u0434\u043d\u043e\u0439 \u0441\u0430\u0436\u0438 3.6.0.1979 - 3.8.0.398, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u043a \u0441\u0431\u043e\u044e \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 \u0438 \u043e\u0442\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044e \u0441\u0438\u043d\u0435\u0433\u043e \u044d\u043a\u0440\u0430\u043d\u0430 \u043f\u0440\u0438 \u0437\u0430\u043f\u0443\u0441\u043a\u0435, \u0437\u0430\u043f\u0440\u0435\u0449\u0430\u044f \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043d\u0438\u043c.\n\n\u041e\u0448\u0438\u0431\u043a\u0430 \u0441 \u043e\u0442\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u0435\u043c \u0441\u0438\u043d\u0435\u0433\u043e \u044d\u043a\u0440\u0430\u043d\u0430 \u0441\u043c\u0435\u0440\u0442\u0438 BSOD \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0435 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Microsoft Windows: Windows 10 x64, Server 2012 R2 x64, Server 2016 x64 \u0438 Server 2019 x64.\n\nVMware Carbon Black \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e \u043e \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0435. \u0412 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u0432\u0440\u0435\u043c\u0435\u043d\u043d\u043e\u0433\u043e \u0440\u0435\u0448\u0435\u043d\u0438\u044f VMware \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442 \u043f\u0435\u0440\u0435\u0432\u043e\u0434\u0438\u0442\u044c \u0434\u0430\u0442\u0447\u0438\u043a\u0438 \u0432 \u0440\u0435\u0436\u0438\u043c \u043e\u0431\u0445\u043e\u0434\u0430 \u0447\u0435\u0440\u0435\u0437 \u043a\u043e\u043d\u0441\u043e\u043b\u044c Carbon Black Cloud, \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u043c \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u043c \u0443\u0441\u043f\u0435\u0448\u043d\u043e \u0437\u0430\u0433\u0440\u0443\u0437\u0438\u0442\u044c\u0441\u044f \u0438 \u0443\u0434\u0430\u043b\u0438\u0442\u044c \u043e\u0448\u0438\u0431\u043e\u0447\u043d\u044b\u0439 \u043d\u0430\u0431\u043e\u0440 \u043f\u0440\u0430\u0432\u0438\u043b.\n\n\u041e\u0448\u0438\u0431\u043a\u0430 \u0431\u044b\u043b\u0430 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430, \u0430 VMware Carbon Black \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u0441 \u043f\u043e\u0441\u0442\u0440\u0430\u0434\u0430\u0432\u0448\u0438\u043c\u0438 \u043a\u043b\u0438\u0435\u043d\u0442\u0430\u043c\u0438.", "creation_timestamp": "2022-08-24T20:00:04.000000Z"}, {"uuid": "47b5005c-df31-4062-9594-41c391270202", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31679", "type": "seen", "source": "https://t.me/cibsecurity/50233", "content": "\u203c CVE-2022-31679 \u203c\n\nApplications that allow HTTP PATCH access to resources exposed by Spring Data REST in versions 3.6.0 - 3.5.5, 3.7.0 - 3.7.2, and older unsupported versions, if an attacker knows about the structure of the underlying domain model, they can craft HTTP requests that expose hidden entity attributes.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-21T22:41:34.000000Z"}, {"uuid": "fc4c3d8e-88cd-476d-9e92-4afd978324d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31678", "type": "seen", "source": "https://t.me/cibsecurity/52192", "content": "\u203c CVE-2022-31678 \u203c\n\nVMware Cloud Foundation (NSX-V) contains an XML External Entity (XXE) vulnerability. On VCF 3.x instances with NSX-V deployed, this may allow a user to exploit this issue leading to a denial-of-service condition or unintended information disclosure.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-30T00:35:31.000000Z"}, {"uuid": "308f08f6-c9ec-4885-b154-8df9faea751c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31677", "type": "seen", "source": "https://t.me/cibsecurity/48972", "content": "\u203c CVE-2022-31677 \u203c\n\nAn Insufficient Session Expiration issue was discovered in the Pinniped Supervisor (before v0.19.0). A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially use their access token to continue their session beyond what proper use of their refresh token might allow.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-29T18:34:18.000000Z"}, {"uuid": "5b7044bd-844b-420c-9e0c-e16b225ffc4c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31676", "type": "seen", "source": "https://t.me/cibsecurity/48652", "content": "\ud83d\udd74 VMware LPE Bug Allows Cyberattackers to Feast on Virtual Machine Data \ud83d\udd74\n\nAn insider threat or remote attacker with initial access could exploit CVE-2022-31676 to steal sensitive data and scoop up user credentials for follow-on attacks.\n\n\ud83d\udcd6 Read\n\nvia \"Dark Reading\".", "creation_timestamp": "2022-08-24T19:35:42.000000Z"}, {"uuid": "74899209-248c-4e74-af58-e71622ddafa7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31674", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/6579", "content": "#Threat_Research\nFrom Shared Dash to Root Bash: Pre-Authenticated RCE in VMWare vRealize Operations Manager (CVE-2022-31674 / 31675)\nhttps://srcincite.io/blog/2022/08/09/from-shared-dash-to-root-bash-pre-authenticated-rce-in-vmware-vrealize-operations-manager.html", "creation_timestamp": "2022-08-12T14:51:05.000000Z"}, {"uuid": "8859de0b-f7a2-45f8-9b1a-32a36a31b7ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31676", "type": "seen", "source": "https://t.me/information_security_channel/48292", "content": "Privilege Escalation Flaw Haunts VMware Tools\nhttps://www.securityweek.com/privilege-escalation-flaw-haunts-vmware-tools\n\nVirtualization technology software giant VMware on Tuesday released patches to fix an important-severity security flaw in the VMware Tools suite of utilities.\nThe vulnerability, tracked as CVE-2022-31676, could be exploited by attackers to escalate privileges on a compromised system.\nread more (https://www.securityweek.com/privilege-escalation-flaw-haunts-vmware-tools)", "creation_timestamp": "2022-08-23T21:16:03.000000Z"}, {"uuid": "66789207-4a86-4265-b8d9-76a21b95b5ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31678", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/7054", "content": "#exploit\n1. CVE-2022-31678:\nPre-authenticated RCE in VMWare NSX Manager\nhttps://srcincite.io/blog/2022/10/25/eat-what-you-kill-pre-authenticated-rce-in-vmware-nsx-manager.html\n\n2. CVE-2022-1679:\nUaF in Atheros wireless adapter\nhttps://github.com/EkamSinghWalia/-Detection-and-Mitigation-for-CVE-2022-1679", "creation_timestamp": "2022-10-27T11:04:01.000000Z"}]}