{"uuid": "e81e9498-1d29-42b2-a151-e44b3560fd25", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-27653", "type": "seen", "source": "https://t.me/St0rM66/401", "content": "\u0631\u0648\u0628\u0631\u062a \u0648\u064a\u0644\u064a\u0633 \u0648 \u0628\u0631\u064a\u0643\u0631 \u0648\u0628\u0639\u062f \u062a\u0623\u0643\u064a\u062f \u0627\u0639\u0636\u0627\u0621 \u0645\u0646 Sakura Samurai \u0627\u0643\u062a\u0634\u0641\u0648\u0627 \u062b\u063a\u0631\u0629 \u0631\u0642\u0645\u0647\u0627 \u0627\u0644\u062a\u0639\u0631\u064a\u0641\u064a CVE-2021-27653  \u0645\u0646 \u0646\u0648\u0639 information exposure vulnerability \u0641\u064a \u0623\u0646\u0638\u0645\u0629 PEGA CMS.\n\u0627\u0644\u062b\u063a\u0631\u0629 \u0628\u0633\u0628\u0628 misconfiguration \u0644\u0644Pega Chat Access Group portal.\n\u0639\u0646\u062f \u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0627\u0644\u062b\u063a\u0631\u0629, \u0627\u0644attacker \u064a\u0642\u062f\u0631 \u064a\u062e\u0634 \u0639\u0644\u064a \u0642\u0648\u0627\u0639\u062f \u0628\u064a\u0627\u0646\u0627\u062a \u0648 \u0623\u0646\u0638\u0645\u0629 \u062f\u0627\u062e\u0644\u064a\u0629 \u0648\u0628\u0627\u0644\u062a\u0627\u0644\u064a \u064a\u0642\u062f\u0631 \u064a\u062d\u0635\u0644 \u0639\u0644\u064a \u0645\u0639\u0644\u0648\u0645\u0627\u062a \u062d\u0633\u0627\u0633\u0629 \u0648 PII.\n\u062d\u0633\u0628 \u0627\u0644\u0628\u0627\u062d\u062b\u064a\u0646 \u0627\u0644\u0645\u0639\u0644\u0648\u0645\u0627\u062a \u0627\u0644\u0644\u064a \u0642\u062f\u0631\u0648\u0627 \u064a\u0648\u0635\u0644\u0648\u0647\u0627 \u0647\u064a:\n- \u0633\u062c\u0644\u0627\u062a \u0627\u0644\u0639\u0645\u0644\u0627\u0621 \u0648\u0627\u0644\u0645\u0648\u0638\u0641\u064a\u0646.\n- \u062d\u0633\u0627\u0628\u0627\u062a \u0645\u0627\u0644\u064a\u0629.\n- \u0627\u0633\u0627\u0645\u064a \u0642\u0648\u0627\u0639\u062f \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0648 \u0627\u0644tables.\n- OAuth access tokens.\n- Internal interfaces.\n- Search bar history.\n- Pulse actions\n- Internal support tickets.\n- user profiles.\n\n#St0rM\n #Google", "creation_timestamp": "2021-08-19T15:15:13.000000Z"}