{"vulnerability": "cve-2022-4515", "sightings": [{"uuid": "2180fd7c-2e43-46eb-92b2-7f6a46566f52", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45157", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113475925311367276", "content": "", "creation_timestamp": "2024-11-13T13:40:08.612340Z"}, {"uuid": "b55ac9e1-0199-465c-9b1f-0e056f9197e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45157", "type": "seen", "source": "MISP/af790da0-9e28-4cb7-bd4e-46ad005115c6", "content": "", "creation_timestamp": "2025-10-08T21:59:31.000000Z"}, {"uuid": "34bde381-7eae-413a-b6eb-c3bf06ea8a57", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45154", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7983", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-45154\n\ud83d\udd25 CVSS Score: 4.4 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L)\n\ud83d\udd39 Description: A Cleartext Storage of Sensitive Information vulnerability in suppportutils of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 15 SP3 allows attackers that get access to the support logs to gain knowledge of the stored credentials This issue affects: SUSE Linux Enterprise Server 12 supportutils version 3.0.10-95.51.1CWE-312: Cleartext Storage of Sensitive Information and prior versions. SUSE Linux Enterprise Server 15 supportutils version 3.1.21-150000.5.44.1 and prior versions. SUSE Linux Enterprise Server 15 SP3 supportutils version 3.1.21-150300.7.35.15.1 and prior versions.\n\ud83d\udccf Published: 2023-02-15T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-18T19:24:37.461Z\n\ud83d\udd17 References:\n1. https://bugzilla.suse.com/show_bug.cgi?id=1207598", "creation_timestamp": "2025-03-18T19:48:56.000000Z"}, {"uuid": "7559cd9d-8f2d-4be7-8edb-7875c6ab6acd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45153", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7982", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-45153\n\ud83d\udd25 CVSS Score: 7 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: An Incorrect Default Permissions vulnerability in saphanabootstrap-formula of SUSE Linux Enterprise Module for SAP Applications 15-SP1, SUSE Linux Enterprise Server for SAP 12-SP5; openSUSE Leap 15.4 allows local attackers to escalate to root by manipulating the sudo configuration that is created. This issue affects: SUSE Linux Enterprise Module for SAP Applications 15-SP1 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. SUSE Linux Enterprise Server for SAP 12-SP5 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. openSUSE Leap 15.4 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e.\n\ud83d\udccf Published: 2023-02-15T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-18T19:25:05.374Z\n\ud83d\udd17 References:\n1. https://bugzilla.suse.com/show_bug.cgi?id=1205990", "creation_timestamp": "2025-03-18T19:48:55.000000Z"}, {"uuid": "912aa76d-f6b4-4a78-8ca3-65bd08a828c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45157", "type": "seen", "source": "MISP/af790da0-9e28-4cb7-bd4e-46ad005115c6", "content": "", "creation_timestamp": "2025-10-01T18:11:57.000000Z"}, {"uuid": "5c728211-4426-40b6-bd65-be270368419c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45155", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5699", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-45155\n\ud83d\udd25 CVSS Score: 5.5 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)\n\ud83d\udd39 Description: An Improper Handling of Exceptional Conditions vulnerability in obs-service-go_modules of openSUSE Factory allows attackers that can influence the call to the service to delete files and directories on the system of the victim. This issue affects: SUSE openSUSE Factory obs-service-go_modules versions prior to 0.6.1.\n\ud83d\udccf Published: 2023-03-15T00:00:00.000Z\n\ud83d\udccf Modified: 2025-02-27T15:00:44.219Z\n\ud83d\udd17 References:\n1. https://bugzilla.suse.com/show_bug.cgi?id=1201138", "creation_timestamp": "2025-02-27T15:29:47.000000Z"}, {"uuid": "54682ecd-cbd3-416c-b082-c3969a98463c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45157", "type": "seen", "source": "https://t.me/cvedetector/10819", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2022-45157 - Rancher vSphere Unencrypted Credentials Storage Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2022-45157 \nPublished : Nov. 13, 2024, 2:15 p.m. | 46\u00a0minutes ago \nDescription : A vulnerability has been identified in the way that Rancher stores vSphere's CPI (Cloud Provider Interface) and CSI (Container Storage Interface) credentials used to deploy clusters through the vSphere cloud provider. This issue leads to the vSphere CPI and CSI passwords being stored in a plaintext object inside Rancher. This vulnerability is only applicable to users that deploy clusters in vSphere environments. \nSeverity: 9.1 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-13T16:23:21.000000Z"}, {"uuid": "725822af-b8d4-4f3b-a2dc-78802816174d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45151", "type": "seen", "source": "https://t.me/cibsecurity/53424", "content": "\u203c CVE-2022-45151 \u203c\n\nThe stored-XSS vulnerability was discovered in Moodle which exists due to insufficient sanitization of user-supplied data in several \"social\" user profile fields. An attacker could inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-16T13:28:22.000000Z"}, {"uuid": "fbd138f4-d96b-4148-89c3-3c75f41fcb6e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45155", "type": "seen", "source": "https://t.me/cibsecurity/60047", "content": "\u203c CVE-2022-45155 \u203c\n\nAn Improper Handling of Exceptional Conditions vulnerability in obs-service-go_modules of openSUSE Factory allows attackers that can influence the call to the service to delete files and directories on the system of the victim. This issue affects: SUSE openSUSE Factory obs-service-go_modules versions prior to 0.6.1.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-15T15:24:45.000000Z"}, {"uuid": "b8c7069b-f11a-47fd-8159-5f19835e28f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45154", "type": "seen", "source": "https://t.me/cibsecurity/58219", "content": "\u203c CVE-2022-45154 \u203c\n\nA Cleartext Storage of Sensitive Information vulnerability in suppportutils of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 15 SP3 allows attackers that get access to the support logs to gain knowledge of the stored credentials This issue affects: SUSE Linux Enterprise Server 12 supportutils version 3.0.10-95.51.1CWE-312: Cleartext Storage of Sensitive Information and prior versions. SUSE Linux Enterprise Server 15 supportutils version 3.1.21-150000.5.44.1 and prior versions. SUSE Linux Enterprise Server 15 SP3 supportutils version 3.1.21-150300.7.35.15.1 and prior versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-15T12:41:19.000000Z"}, {"uuid": "4dfe1767-de92-4e6a-83e2-2e267d2e63e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45153", "type": "seen", "source": "https://t.me/cibsecurity/58217", "content": "\u203c CVE-2022-45153 \u203c\n\nAn Incorrect Default Permissions vulnerability in saphanabootstrap-formula of SUSE Linux Enterprise Module for SAP Applications 15-SP1, SUSE Linux Enterprise Server for SAP 12-SP5; openSUSE Leap 15.4 allows local attackers to escalate to root by manipulating the sudo configuration that is created. This issue affects: SUSE Linux Enterprise Module for SAP Applications 15-SP1 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. SUSE Linux Enterprise Server for SAP 12-SP5 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. openSUSE Leap 15.4 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-15T14:30:37.000000Z"}, {"uuid": "b63f4e76-3b53-4a93-9da1-15230190ec7c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4515", "type": "seen", "source": "https://t.me/cibsecurity/55002", "content": "\u203c CVE-2022-4515 \u203c\n\nA flaw was found in Exuberant Ctags in the way it handles the \"-o\" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary command execution because the externalSortTags() in sort.c calls the system(3) function in an unsafe way.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-20T22:12:45.000000Z"}, {"uuid": "91e3ffbc-11f1-442c-95e8-d9c2ea9c803c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45150", "type": "seen", "source": "https://t.me/cibsecurity/53421", "content": "\u203c CVE-2022-45150 \u203c\n\nA reflected cross-site scripting vulnerability was discovered in Moodle. This flaw exists due to insufficient sanitization of user-supplied data in policy tool. An attacker can trick the victim to open a specially crafted link that executes an arbitrary HTML and script code in user's browser in context of vulnerable website. This vulnerability may allow an attacker to perform cross-site scripting (XSS) attacks to gain access potentially sensitive information and modification of web pages.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-23T18:13:57.000000Z"}]}