{"vulnerability": "cve-2022-4156", "sightings": [{"uuid": "73bd7b29-223e-4481-a750-608ccd4166f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41565", "type": "seen", "source": "https://t.me/cibsecurity/58698", "content": "\u203c CVE-2022-41565 \u203c\n\nThe Web Application component of TIBCO Software Inc.'s TIBCO EBX and TIBCO Product and Service Catalog powered by TIBCO EBX contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a stored XSS on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions 5.9.21 and below, versions 6.0.11 and below and TIBCO Product and Service Catalog powered by TIBCO EBX: versions 1.2.0 and below.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-22T20:17:45.000000Z"}, {"uuid": "9ce72b7c-cc1b-43f4-9de0-39502f77f02a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41560", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12970", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-41560\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: The Statement Set Upload via the Web Client component of TIBCO Software Inc.'s TIBCO Nimbus contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a Denial of Service Attack on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Nimbus: version 10.5.0.\n\ud83d\udccf Published: 2022-12-12T01:49:10.008Z\n\ud83d\udccf Modified: 2025-04-22T19:29:48.505Z\n\ud83d\udd17 References:\n1. https://www.tibco.com/services/support/advisories", "creation_timestamp": "2025-04-22T20:05:17.000000Z"}, {"uuid": "081a680d-4a3a-4ceb-9b24-25a02949a46f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41567", "type": "seen", "source": "https://t.me/cibsecurity/58696", "content": "\u203c CVE-2022-41567 \u203c\n\nThe BusinessConnect UI component of TIBCO Software Inc.'s TIBCO BusinessConnect contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a cross-site scripting (XSS) attack on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect: versions 7.3.0 and below.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-22T20:17:43.000000Z"}, {"uuid": "7a074a05-3ac9-4568-85f4-ff7f991b8887", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41566", "type": "seen", "source": "https://t.me/cibsecurity/58692", "content": "\u203c CVE-2022-41566 \u203c\n\nThe server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute stored XSS on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 5.6.0 and below.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-22T20:17:36.000000Z"}, {"uuid": "7ea1ace0-d0e7-4602-86c5-1162d6a42766", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41564", "type": "seen", "source": "https://t.me/cibsecurity/58133", "content": "\u203c CVE-2022-41564 \u203c\n\nThe Hawk Console component of TIBCO Software Inc.'s TIBCO Hawk and TIBCO Operational Intelligence Hawk RedTail contains a vulnerability that will return the EMS transport password and EMS SSL password to a privileged user. Affected releases are TIBCO Software Inc.'s TIBCO Hawk: versions 6.2.1 and below and TIBCO Operational Intelligence Hawk RedTail: versions 7.2.0 and below.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-14T20:35:56.000000Z"}, {"uuid": "d859058d-0839-48a8-950b-ffaf47c3e280", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4156", "type": "seen", "source": "https://t.me/cibsecurity/55346", "content": "\u203c CVE-2022-4156 \u203c\n\nThe Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the user_id POST parameter before concatenating it to an SQL query in ajax-functions-backend.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-26T16:40:42.000000Z"}, {"uuid": "4bdf0dc3-ceae-4566-bc1b-8ffdfca96257", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41560", "type": "seen", "source": "https://t.me/cibsecurity/54096", "content": "\u203c CVE-2022-41560 \u203c\n\nThe Statement Set Upload via the Web Client component of TIBCO Software Inc.'s TIBCO Nimbus contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a Denial of Service Attack on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Nimbus: version 10.5.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-06T22:41:04.000000Z"}, {"uuid": "fabbe630-5066-42fc-a660-e869b818bc1d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41568", "type": "seen", "source": "https://t.me/cibsecurity/53621", "content": "\u203c CVE-2022-41568 \u203c\n\nLINE client for iOS before 12.17.0 might be crashed by sharing an invalid shared key of e2ee in group chat.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-08T17:23:07.000000Z"}]}