From ef3b6d48694056f468b8cac9956430e1df3284f1 Mon Sep 17 00:00:00 2001
From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com>
Date: Tue, 30 Jul 2024 12:43:53 +0530
Subject: [PATCH] updated matcher

---
 http/cves/2024/CVE-2024-6922.yaml | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/http/cves/2024/CVE-2024-6922.yaml b/http/cves/2024/CVE-2024-6922.yaml
index c8e54f7bcb..8ea93b506f 100644
--- a/http/cves/2024/CVE-2024-6922.yaml
+++ b/http/cves/2024/CVE-2024-6922.yaml
@@ -6,10 +6,12 @@ info:
   severity: high
   description: |
     Automation Anywhere Automation 360 v21-v32 is vulnerable to Server-Side Request Forgery in a web API component.
-  impact: An attacker with unauthenticated access to the Automation 360 Control Room HTTPS service (port 443) or HTTP service (port 80) can trigger arbitrary web requests from the server.
+  impact: |
+    An attacker with unauthenticated access to the Automation 360 Control Room HTTPS service (port 443) or HTTP service (port 80) can trigger arbitrary web requests from the server.
   reference:
     - https://www.automationanywhere.com/products/automation-360
     - https://www.rapid7.com/blog/post/2024/07/26/cve-2024-6922-automation-anywhere-automation-360-server-side-request-forgery/
+    - https://nvd.nist.gov/vuln/detail/CVE-2024-6922
   metadata:
     verified: true
     max-request: 1
@@ -33,6 +35,11 @@ http:
         words:
           - "dns"
 
+      - type: word
+        part: body
+        words:
+          - '{"message":'
+
       - type: word
         part: content_type
         words: