{"vulnerability": "cve-2021-4049", "sightings": [{"uuid": "8a57b247-cbfc-4240-af32-297eae969ab9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-4049", "type": "seen", "source": "https://t.me/cibsecurity/33430", "content": "\u203c CVE-2021-4049 \u203c\n\nlivehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-07T14:21:37.000000Z"}, {"uuid": "6bf0a273-ce37-432e-82a4-e174a873f50e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-40496", "type": "seen", "source": "https://t.me/cibsecurity/30426", "content": "\u203c CVE-2021-40496 \u203c\n\nSAP Internet Communication framework (ICM) - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 785, allows an attacker with logon functionality, to exploit the authentication function by using POST and form field to repeat executions of the initial command by a GET request and exposing sensitive data. This vulnerability is normally exposed over the network and successful exploitation can lead to exposure of data like system details.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-12T18:25:56.000000Z"}, {"uuid": "429bcf6c-355b-4e08-ad50-63078a182d25", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-40492", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/506", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aCVE-2021-40492 Gibbon version 22 Reflected Cross Site Scripting (XSS)\nURL\uff1ahttps://github.com/5qu1n7/CVE-2021-40492", "creation_timestamp": "2021-09-03T14:28:22.000000Z"}, {"uuid": "18152890-4f6b-4d80-8a1c-a7bb6c5db3af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-40492", "type": "seen", "source": "https://t.me/cibsecurity/28266", "content": "\u203c CVE-2021-40492 \u203c\n\nA reflected XSS vulnerability exists in multiple pages in version 22 of the Gibbon application that allows for arbitrary execution of JavaScript (gibbonCourseClassID, gibbonPersonID, subpage, currentDate, or allStudents to index.php).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-03T20:37:18.000000Z"}, {"uuid": "dbb216c4-3d73-464c-a34d-718ba91b14e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-40498", "type": "seen", "source": "https://t.me/cibsecurity/30408", "content": "\u203c CVE-2021-40498 \u203c\n\nA vulnerability has been identified in SAP SuccessFactors Mobile Application for Android - versions older than 2108, which allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service, which can lead to denial of service. The vulnerability is related to Android implementation methods that are widely used across Android mobile applications, and such methods are embedded into the SAP SuccessFactors mobile application. These Android methods begin executing once the user accesses their profile on the mobile application. While executing, it can also pick up the activities from other Android applications that are running in the background of the users device and are using the same types of methods in the application. Such vulnerability can also lead to phishing attacks that can be used for staging other types of attacks.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-12T18:25:33.000000Z"}, {"uuid": "02549b9b-f5e1-4c3b-ba4e-635f05290b95", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-40493", "type": "seen", "source": "https://t.me/cibsecurity/30546", "content": "\u203c CVE-2021-40493 \u203c\n\nZoho ManageEngine OpManager before 125437 is vulnerable to SQL Injection in the support diagnostics module. This occurs via the pollingObject parameter of the getDataCollectionFailureReason API.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-14T02:26:56.000000Z"}, {"uuid": "f681c4a3-ca2e-46b8-bae0-6dc11f2d726c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-40497", "type": "seen", "source": "https://t.me/cibsecurity/30419", "content": "\u203c CVE-2021-40497 \u203c\n\nSAP BusinessObjects Analysis (edition for OLAP) - versions 420, 430, allows an attacker to exploit certain application endpoints to read sensitive data. These endpoints are normally exposed over the network and successful exploitation could lead to exposure of some system specific data like its version.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-12T18:25:45.000000Z"}, {"uuid": "04237470-841c-4496-9b95-633e4b256acf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-40499", "type": "seen", "source": "https://t.me/cibsecurity/30422", "content": "\u203c CVE-2021-40499 \u203c\n\nClient-side printing services SAP Cloud Print Manager and SAPSprint for SAP NetWeaver Application Server for ABAP - versions 7.70, 7.70 PI, 7.70 BYD, allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-12T18:25:51.000000Z"}, {"uuid": "99c603a2-3d63-46dd-9e8e-fdabbf7f605c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-40495", "type": "seen", "source": "https://t.me/cibsecurity/30415", "content": "\u203c CVE-2021-40495 \u203c\n\nThere are multiple Denial-of Service vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755. An unauthorized attacker can use the public SICF service /sap/public/bc/abap to reduce the performance of SAP NetWeaver Application Server ABAP and ABAP Platform.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-12T18:25:41.000000Z"}]}