{"vulnerability": "CVE-2021-3817", "sightings": [{"uuid": "9e8a9977-d4eb-4096-b204-6dc0abf79d0f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-38177", "type": "seen", "source": "https://t.me/true_secator/2111", "content": "\u200b\u200b\u041e\u0442\u043b\u0438\u0447\u0438\u043b\u0441\u044f \u0438 \u043d\u0435\u043c\u0435\u0446\u043a\u0438\u0439 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a SAP, \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u0432 17 \u043d\u043e\u0432\u044b\u0445 \u0438 \u043e\u0431\u043d\u043e\u0432\u0438\u0432 2 \u043f\u0440\u0435\u0436\u043d\u0438\u0445 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u043f\u0440\u0438 \u044d\u0442\u043e\u043c 7 \u0438\u0437 \u043d\u0438\u0445 \u0441\u0432\u044f\u0437\u0430\u043d\u044b \u0441 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u043c\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c\u0438 \u0432 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u0445 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438.\n \n\u0421\u0430\u043c\u043e\u0435 \u0432\u0430\u0436\u043d\u043e\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u043a\u0430\u0441\u0430\u0435\u0442\u0441\u044f \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438 \u0432 SAP NetWeaver Application Server \u0434\u043b\u044f Java. CVE-2021-37535 \u0438\u043c\u0435\u0435\u0442 10 \u0431\u0430\u043b\u043b\u043e\u0432 \u043f\u043e CVSS. \u0423\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u044b \u0438 \u0434\u0440\u0443\u0433\u0438\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 Hot News \u0434\u043b\u044f NetWeaver (\u0441 \u043e\u0446\u0435\u043d\u043a\u043e\u0439 CVSS 9,9): CVE-2021-38163 (\u043e\u0448\u0438\u0431\u043a\u0430 \u043d\u0435\u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u043e\u0439 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u0444\u0430\u0439\u043b\u043e\u0432 \u0432 Visual Composer 7.0 RT) \u0438 CVE-2021-37531 (\u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0437\u043d\u0430\u043d\u0438\u044f\u043c\u0438). \u041e\u0431\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0440\u0435\u0430\u043b\u0438\u0437\u0443\u044e\u0442\u0441\u044f \u043b\u0438\u0448\u044c \u043f\u0440\u0438 \u043d\u0430\u043b\u0438\u0447\u0438\u0438 \u043c\u0438\u043d\u0438\u043c\u0430\u043b\u044c\u043d\u044b\u0445 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0432 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435.\n \n\u0415\u0449\u0435 \u043e\u0434\u043d\u0430 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2021-38176 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS 9,9) \u0437\u0430\u043a\u043b\u044e\u0447\u0430\u0435\u0442\u0441\u044f \u0432 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0439 \u043e\u0447\u0438\u0441\u0442\u043a\u0435 \u0432\u0432\u043e\u0434\u0430 \u0432 25 \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b\u044c\u043d\u044b\u0445 \u043c\u043e\u0434\u0443\u043b\u044f\u0445 \u0441 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u043e\u0439 RFC, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044e \u0441 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u044b\u043c\u0438 \u043a\u043e\u043d\u043a\u0440\u0435\u0442\u043d\u044b\u043c\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e \u0432\u044b\u0437\u044b\u0432\u0430\u0442\u044c \u044d\u0442\u0438 \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b\u044c\u043d\u044b\u0435 \u043c\u043e\u0434\u0443\u043b\u0438 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u0443\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u043c\u044b\u0435 \u0437\u0430\u043f\u0440\u043e\u0441\u044b \u0434\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0441\u0435\u0440\u0432\u0435\u0440\u043d\u043e\u0439 \u0431\u0430\u0437\u0435 \u0434\u0430\u043d\u043d\u044b\u0445.\n \n\u0415\u0449\u0435 \u043e\u0434\u043d\u043e \u043f\u0440\u0438\u043c\u0435\u0447\u0430\u043d\u0438\u0435 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 Hot News \u043a\u0430\u0441\u0430\u0435\u0442\u0441\u044f \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0433\u043e \u043a\u043e\u0434\u0430 \u0438 \u043e\u0442\u0440\u0430\u0436\u0430\u0435\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u043e\u0433\u043e \u0441\u043a\u0440\u0438\u043f\u0442\u0438\u043d\u0433\u0430 (XSS) \u0432 \u043a\u043e\u043d\u0442\u0430\u043a\u0442-\u0446\u0435\u043d\u0442\u0440\u0435 SAP. \u0418\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CVE-2021-33672, CVE-2021-33673, CVE-2021-33674 \u0438 CVE-2021-33675 \u0438\u043c\u0435\u044e\u0442 \u043e\u0446\u0435\u043d\u043a\u0443 CVSS 9,6.\n \n\u041d\u0430 \u044d\u0442\u043e\u0439 \u043d\u0435\u0434\u0435\u043b\u0435 SAP \u0442\u0443\u0434\u0430 \u0436\u0435 \u0432\u043a\u043b\u044e\u0447\u0438\u043b\u0430 2 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u043f\u0440\u0438\u043c\u0435\u0447\u0430\u043d\u0438\u044f \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u043e\u0448\u0438\u0431\u043e\u043a \u0441 \u043e\u0446\u0435\u043d\u043a\u043e\u0439 CVSS 10: \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0435 Chromium \u0432 Business Client, \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u043d\u0435\u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u043e\u0439 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u0444\u0430\u0439\u043b\u043e\u0432 \u0432 Business One.\n \n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u0432 \u0441\u0435\u043d\u0442\u044f\u0431\u0440\u044c\u0441\u043a\u0438\u0439 SAP 2021 \u0442\u0430\u043a\u0436\u0435 \u043f\u043e\u043f\u0430\u043b\u0438 2 \u0432\u044b\u0441\u043e\u043a\u043e\u043f\u0440\u0438\u043e\u0440\u0438\u0442\u0435\u0442\u043d\u044b\u0445 \u043f\u0440\u0438\u043c\u0435\u0447\u0430\u043d\u0438\u044f \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f CVE-2021-38162 \u0432 Web Dispatcher \u0438 CVE-2021-38177 \u0432 CommonCryptoLib.\n \n\u041e\u0441\u0442\u0430\u043b\u044c\u043d\u044b\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 SAP \u043a\u0430\u0441\u0430\u044e\u0442\u0441\u044f \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u043f\u0440\u043e\u0431\u043b\u0435\u043c \u0432 Analysis \u0434\u043b\u044f Microsoft Office, Business Client, Business One, BusinessObjects, ERP Financial Accounting, NetWeaver \u0438 3D Visual Enterprise Viewer.\n \n\u041a\u043b\u0438\u0435\u043d\u0442\u0430\u043c \u043d\u0435\u043c\u0435\u0446\u043a\u043e\u0433\u043e \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0430 - \u0432 \u0440\u0430\u0431\u043e\u0442\u0443.", "creation_timestamp": "2021-09-16T15:55:40.000000Z"}, {"uuid": "e6619a28-bcc4-4d5c-a7a1-a7f023c61455", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-38176", "type": "seen", "source": "https://t.me/true_secator/2111", "content": "\u200b\u200b\u041e\u0442\u043b\u0438\u0447\u0438\u043b\u0441\u044f \u0438 \u043d\u0435\u043c\u0435\u0446\u043a\u0438\u0439 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a SAP, \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u0432 17 \u043d\u043e\u0432\u044b\u0445 \u0438 \u043e\u0431\u043d\u043e\u0432\u0438\u0432 2 \u043f\u0440\u0435\u0436\u043d\u0438\u0445 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u043f\u0440\u0438 \u044d\u0442\u043e\u043c 7 \u0438\u0437 \u043d\u0438\u0445 \u0441\u0432\u044f\u0437\u0430\u043d\u044b \u0441 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u043c\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c\u0438 \u0432 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u0445 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438.\n \n\u0421\u0430\u043c\u043e\u0435 \u0432\u0430\u0436\u043d\u043e\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u043a\u0430\u0441\u0430\u0435\u0442\u0441\u044f \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438 \u0432 SAP NetWeaver Application Server \u0434\u043b\u044f Java. CVE-2021-37535 \u0438\u043c\u0435\u0435\u0442 10 \u0431\u0430\u043b\u043b\u043e\u0432 \u043f\u043e CVSS. \u0423\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u044b \u0438 \u0434\u0440\u0443\u0433\u0438\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 Hot News \u0434\u043b\u044f NetWeaver (\u0441 \u043e\u0446\u0435\u043d\u043a\u043e\u0439 CVSS 9,9): CVE-2021-38163 (\u043e\u0448\u0438\u0431\u043a\u0430 \u043d\u0435\u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u043e\u0439 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u0444\u0430\u0439\u043b\u043e\u0432 \u0432 Visual Composer 7.0 RT) \u0438 CVE-2021-37531 (\u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0437\u043d\u0430\u043d\u0438\u044f\u043c\u0438). \u041e\u0431\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0440\u0435\u0430\u043b\u0438\u0437\u0443\u044e\u0442\u0441\u044f \u043b\u0438\u0448\u044c \u043f\u0440\u0438 \u043d\u0430\u043b\u0438\u0447\u0438\u0438 \u043c\u0438\u043d\u0438\u043c\u0430\u043b\u044c\u043d\u044b\u0445 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0432 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435.\n \n\u0415\u0449\u0435 \u043e\u0434\u043d\u0430 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2021-38176 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS 9,9) \u0437\u0430\u043a\u043b\u044e\u0447\u0430\u0435\u0442\u0441\u044f \u0432 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0439 \u043e\u0447\u0438\u0441\u0442\u043a\u0435 \u0432\u0432\u043e\u0434\u0430 \u0432 25 \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b\u044c\u043d\u044b\u0445 \u043c\u043e\u0434\u0443\u043b\u044f\u0445 \u0441 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u043e\u0439 RFC, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044e \u0441 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u044b\u043c\u0438 \u043a\u043e\u043d\u043a\u0440\u0435\u0442\u043d\u044b\u043c\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e \u0432\u044b\u0437\u044b\u0432\u0430\u0442\u044c \u044d\u0442\u0438 \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b\u044c\u043d\u044b\u0435 \u043c\u043e\u0434\u0443\u043b\u0438 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u0443\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u043c\u044b\u0435 \u0437\u0430\u043f\u0440\u043e\u0441\u044b \u0434\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0441\u0435\u0440\u0432\u0435\u0440\u043d\u043e\u0439 \u0431\u0430\u0437\u0435 \u0434\u0430\u043d\u043d\u044b\u0445.\n \n\u0415\u0449\u0435 \u043e\u0434\u043d\u043e \u043f\u0440\u0438\u043c\u0435\u0447\u0430\u043d\u0438\u0435 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 Hot News \u043a\u0430\u0441\u0430\u0435\u0442\u0441\u044f \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0433\u043e \u043a\u043e\u0434\u0430 \u0438 \u043e\u0442\u0440\u0430\u0436\u0430\u0435\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u043e\u0433\u043e \u0441\u043a\u0440\u0438\u043f\u0442\u0438\u043d\u0433\u0430 (XSS) \u0432 \u043a\u043e\u043d\u0442\u0430\u043a\u0442-\u0446\u0435\u043d\u0442\u0440\u0435 SAP. \u0418\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CVE-2021-33672, CVE-2021-33673, CVE-2021-33674 \u0438 CVE-2021-33675 \u0438\u043c\u0435\u044e\u0442 \u043e\u0446\u0435\u043d\u043a\u0443 CVSS 9,6.\n \n\u041d\u0430 \u044d\u0442\u043e\u0439 \u043d\u0435\u0434\u0435\u043b\u0435 SAP \u0442\u0443\u0434\u0430 \u0436\u0435 \u0432\u043a\u043b\u044e\u0447\u0438\u043b\u0430 2 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u043f\u0440\u0438\u043c\u0435\u0447\u0430\u043d\u0438\u044f \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u043e\u0448\u0438\u0431\u043e\u043a \u0441 \u043e\u0446\u0435\u043d\u043a\u043e\u0439 CVSS 10: \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0435 Chromium \u0432 Business Client, \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u043d\u0435\u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u043e\u0439 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u0444\u0430\u0439\u043b\u043e\u0432 \u0432 Business One.\n \n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u0432 \u0441\u0435\u043d\u0442\u044f\u0431\u0440\u044c\u0441\u043a\u0438\u0439 SAP 2021 \u0442\u0430\u043a\u0436\u0435 \u043f\u043e\u043f\u0430\u043b\u0438 2 \u0432\u044b\u0441\u043e\u043a\u043e\u043f\u0440\u0438\u043e\u0440\u0438\u0442\u0435\u0442\u043d\u044b\u0445 \u043f\u0440\u0438\u043c\u0435\u0447\u0430\u043d\u0438\u044f \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f CVE-2021-38162 \u0432 Web Dispatcher \u0438 CVE-2021-38177 \u0432 CommonCryptoLib.\n \n\u041e\u0441\u0442\u0430\u043b\u044c\u043d\u044b\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 SAP \u043a\u0430\u0441\u0430\u044e\u0442\u0441\u044f \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u043f\u0440\u043e\u0431\u043b\u0435\u043c \u0432 Analysis \u0434\u043b\u044f Microsoft Office, Business Client, Business One, BusinessObjects, ERP Financial Accounting, NetWeaver \u0438 3D Visual Enterprise Viewer.\n \n\u041a\u043b\u0438\u0435\u043d\u0442\u0430\u043c \u043d\u0435\u043c\u0435\u0446\u043a\u043e\u0433\u043e \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0430 - \u0432 \u0440\u0430\u0431\u043e\u0442\u0443.", "creation_timestamp": "2021-09-16T15:55:40.000000Z"}, {"uuid": "24bb13b8-d26b-4c39-9d6f-49ef287d86b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-3817", "type": "seen", "source": "https://t.me/cibsecurity/33669", "content": "\u203c CVE-2021-3817 \u203c\n\nwbce_cms is vulnerable to Improper Neutralization of Special Elements used in an SQL Command\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-09T14:23:47.000000Z"}, {"uuid": "29107f07-0d33-4b86-a63d-a37977138f65", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-38171", "type": "seen", "source": "https://t.me/cibsecurity/27666", "content": "\u203c CVE-2021-38171 \u203c\n\nadts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits return value, which is a necessary step because the second argument to init_get_bits can be crafted.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-21T20:20:41.000000Z"}, {"uuid": "4ca8484c-6a5f-4c60-bddd-3ddd00b3a24f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-38178", "type": "seen", "source": "https://t.me/cibsecurity/30417", "content": "\u203c CVE-2021-38178 \u203c\n\nThe software logistics system of SAP NetWeaver AS ABAP and ABAP Platform versions - 700, 701, 702, 710, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, enables a malicious user to transfer ABAP code artifacts or content, by-passing the established quality gates. By this vulnerability malicious code can reach quality and production, and can compromise the confidentiality, integrity, and availability of the system and its data.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-12T18:25:43.000000Z"}, {"uuid": "d1c1961d-e007-4de4-a286-b5de68cee436", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-38172", "type": "seen", "source": "https://t.me/cibsecurity/36924", "content": "\u203c CVE-2021-38172 \u203c\n\nperM 0.4.0 has a Buffer Overflow related to strncpy. (Debian initially fixed this in 0.4.0-7.)\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-05T20:32:26.000000Z"}, {"uuid": "0f8590ac-368f-4187-8e1d-9e7c655e9139", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-38174", "type": "seen", "source": "https://t.me/cibsecurity/28812", "content": "\u203c CVE-2021-38174 \u203c\n\nWhen a user opens manipulated files received from untrusted sources in SAP 3D Visual Enterprise Viewer version - 9, the application crashes and becomes temporarily unavailable to the user until restart of the application.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-14T16:22:11.000000Z"}, {"uuid": "b486ae58-d557-4e99-90c1-51954bb621c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-38176", "type": "seen", "source": "https://t.me/cibsecurity/28809", "content": "\u203c CVE-2021-38176 \u203c\n\nDue to improper input sanitization, an authenticated user with certain specific privileges can remotely call NZDT function modules listed in Solution Section to execute manipulated query to gain access to Backend Database. On successful exploitation the threat actor could completely compromise confidentiality, integrity, and availability of the system.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-14T16:22:06.000000Z"}, {"uuid": "89cc8737-8a27-41da-9ece-e3f5d3e289bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-38175", "type": "seen", "source": "https://t.me/cibsecurity/28796", "content": "\u203c CVE-2021-38175 \u203c\n\nSAP Analysis for Microsoft Office - version 2.8, allows an attacker with high privileges to read sensitive data over the network, and gather or change information in the current system without user interaction. The attack would not lead to an impact on the availability of the system, but there would be an impact on integrity and confidentiality.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-14T16:21:48.000000Z"}, {"uuid": "b40dccd5-46c5-4aee-ac5f-3fadfb9550f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-38177", "type": "seen", "source": "https://t.me/cibsecurity/28805", "content": "\u203c CVE-2021-38177 \u203c\n\nSAP CommonCryptoLib version 8.5.38 or lower is vulnerable to null pointer dereference vulnerability when an unauthenticated attacker sends crafted malicious data in the HTTP requests over the network, this causes the SAP application to crash and has high impact on the availability of the SAP system.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-14T16:22:00.000000Z"}]}