{"vulnerability": "cve-2021-3901", "sightings": [{"uuid": "29f76fa4-86e1-4d41-bb2f-f412024515cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-39013", "type": "seen", "source": "https://t.me/cibsecurity/34506", "content": "\u203c CVE-2021-39013 \u203c\n\nIBM Cloud Pak for Security (CP4S) 1.7.2.0, 1.7.1.0, and 1.7.0.0 could allow an authenticated user to obtain sensitive information in HTTP responses that could be used in further attacks against the system. IBM X-Force ID: 213651.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-22T20:18:14.000000Z"}, {"uuid": "f7d42a14-8809-47ab-ab25-7458536f650f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-3901", "type": "seen", "source": "https://t.me/cibsecurity/31330", "content": "\u203c CVE-2021-3901 \u203c\n\nfirefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-28T00:16:24.000000Z"}, {"uuid": "ee29c1a2-1df1-49a5-abcb-4f6ea793bad3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-39014", "type": "seen", "source": "https://t.me/cibsecurity/66220", "content": "\u203c CVE-2021-39014 \u203c\n\nIBM Cloud Object System 3.15.8.97 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 213650.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-07T22:17:49.000000Z"}, {"uuid": "c118da77-3f38-42b7-9422-bd7ad8d08968", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-39016", "type": "seen", "source": "https://t.me/cibsecurity/46257", "content": "\u203c CVE-2021-39016 \u203c\n\nIBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 does not sufficiently monitor or control transmitted network traffic volume, so that an actor can cause the software to transmit more traffic than should be allowed for that actor. IBM X-Force ID: 213722.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-14T20:32:43.000000Z"}, {"uuid": "6ab850f0-ccd3-470a-8b6e-384b23661175", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-39018", "type": "seen", "source": "https://t.me/cibsecurity/46265", "content": "\u203c CVE-2021-39018 \u203c\n\nIBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose sensitive information in a SQL error message that could aid in further attacks against the system. IBM X-Force ID: 213726.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-14T20:32:54.000000Z"}, {"uuid": "b4af8fed-1419-42d3-be14-22a6135a14c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-39019", "type": "seen", "source": "https://t.me/cibsecurity/46261", "content": "\u203c CVE-2021-39019 \u203c\n\nIBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose highly sensitive information through an HTTP GET request to an authenticated user. IBM X-Force ID: 213728.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-14T20:32:47.000000Z"}, {"uuid": "3ec911da-c092-4abb-8b51-609d0e483355", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-39017", "type": "seen", "source": "https://t.me/cibsecurity/46262", "content": "\u203c CVE-2021-39017 \u203c\n\nIBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to upload arbitrary files, caused by improper access controls. IBM X-Force ID: 213725.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-14T20:32:51.000000Z"}, {"uuid": "bd549129-57d5-4ba2-ae65-fc995b185235", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-39015", "type": "seen", "source": "https://t.me/cibsecurity/46258", "content": "\u203c CVE-2021-39015 \u203c\n\nIBM Engineering Lifecycle Optimization - Publishing 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 213655.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-14T20:32:44.000000Z"}]}