{"vulnerability": "cve-2021-4423", "sightings": [{"uuid": "677164b7-e763-4fc2-a795-a1d86e0af8f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-44230", "type": "seen", "source": "https://t.me/cibsecurity/33133", "content": "\u203c CVE-2021-44230 \u203c\n\nPortSwigger Burp Suite Enterprise Edition before 2021.11 on Windows has weak file permissions for the embedded H2 database, which might lead to privilege escalation. This issue can be exploited by an adversary who has already compromised a valid Windows account on the server via separate means. In this scenario, the compromised account may have inherited read access to sensitive configuration, database, and log files.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-30T22:34:42.000000Z"}, {"uuid": "901ed799-1422-430b-85e0-07868daf8aa7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-44232", "type": "seen", "source": "https://t.me/cibsecurity/33943", "content": "\u203c CVE-2021-44232 \u203c\n\nSAF-T Framework Transaction SAFTN_G allows an attacker to exploit insufficient validation of path information provided by normal user, leading to full server directory access. The attacker can see the whole filesystem structure but cannot overwrite, delete, or corrupt arbitrary files on the server.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-14T18:15:33.000000Z"}, {"uuid": "b95a4546-0230-4136-8ee9-109d2c4a88b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-44231", "type": "seen", "source": "https://t.me/cibsecurity/33944", "content": "\u203c CVE-2021-44231 \u203c\n\nInternally used text extraction reports allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-14T18:15:35.000000Z"}, {"uuid": "b0bd9796-b02f-44e4-bba0-00e6abb0a0eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-44238", "type": "seen", "source": "https://t.me/cibsecurity/38262", "content": "\u203c CVE-2021-44238 \u203c\n\nAyaCMS 3.1.2 is vulnerable to Remote Code Execution (RCE) via /aya/module/admin/ust_tab_e.inc.php,\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-01T18:23:28.000000Z"}]}