{"vulnerability": "CVE-2021-2147", "sightings": [{"uuid": "bc3bd189-be2e-47b3-bc4d-2f36067f20ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21479", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-21479.yaml", "content": "", "creation_timestamp": "2023-04-27T09:58:59.000000Z"}, {"uuid": "eadaa7bd-f307-40d1-95f2-af51f2f8d868", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21471", "type": "seen", "source": "https://t.me/cibsecurity/21946", "content": "\u203c CVE-2021-21471 \u203c\n\nIn CLA-Assistant, versions before 2.8.5, due to improper access control an authenticated user could access API endpoints which are not intended to be used by the user. This could impact the integrity of the application.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-12T18:52:34.000000Z"}, {"uuid": "0d090e94-d3f6-49f8-8c6c-10e487088bc0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21479", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-07-27)", "content": "", "creation_timestamp": "2025-07-27T00:00:00.000000Z"}, {"uuid": "f756c909-9d31-471b-8fe0-db923920181b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21479", "type": "published-proof-of-concept", "source": "Telegram/fPmQQcv9V4iv6-WbxHLLbfFmQHKz15BGmV23CJBoiTkwhw", "content": "", "creation_timestamp": "2024-09-21T16:07:00.000000Z"}, {"uuid": "c319a824-ff0a-494e-96b3-f10c73a3ec97", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21472", "type": "seen", "source": "https://t.me/cibsecurity/23329", "content": "\u203c CVE-2021-21472 \u203c\n\nSAP Software Provisioning Manager 1.0 (SAP NetWeaver Master Data Management Server 7.1) does not have an option to set password during its installation, this allows an authenticated attacker to perform various security attacks like Directory Traversal, Password Brute force Attack, SMB Relay attack, Security Downgrade.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-10T00:40:42.000000Z"}, {"uuid": "e8f907bc-ee42-4e4f-b0d5-d767102fcaf4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21478", "type": "seen", "source": "https://t.me/cibsecurity/23328", "content": "\u203c CVE-2021-21478 \u203c\n\nSAP Web Dynpro ABAP allow an attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-10T00:40:41.000000Z"}, {"uuid": "a66fcef3-cb44-4589-881e-5dab64a95f3d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21479", "type": "seen", "source": "https://t.me/cibsecurity/23344", "content": "\u203c CVE-2021-21479 \u203c\n\nIn SCIMono before 0.0.19, it is possible for an attacker to inject and execute java expression compromising the availability and integrity of the system.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-10T00:41:02.000000Z"}, {"uuid": "097dad9b-d814-462f-8857-7fe010ee7574", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21474", "type": "seen", "source": "https://t.me/cibsecurity/23343", "content": "\u203c CVE-2021-21474 \u203c\n\nSAP HANA Database, versions - 1.0, 2.0, accepts SAML tokens with MD5 digest, an attacker who manages to obtain an MD5-digest signed SAML Assertion issued for an SAP HANA instance might be able to tamper with it and alter it in a way that the digest continues to be the same and without invalidating the digital signature, this allows them to impersonate as user in HANA database and be able to read the contents in the database.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-10T00:41:01.000000Z"}, {"uuid": "be1cfa71-7776-461e-bae4-7042e5b932ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21476", "type": "seen", "source": "https://t.me/cibsecurity/23339", "content": "\u203c CVE-2021-21476 \u203c\n\nSAP UI5, versions - 1.38.49, 1.52.49, 1.60.34, 1.71.31, 1.78.18, 1.84.5, 1.85.4, 1.86.1, allows an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-10T00:40:54.000000Z"}, {"uuid": "7c38cd09-22e1-48a0-8638-1dc3b578c83e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21475", "type": "seen", "source": "https://t.me/cibsecurity/23335", "content": "\u203c CVE-2021-21475 \u203c\n\nUnder specific circumstances SAP Master Data Management, versions - 710, 710.750, allows an unauthorized attacker to exploit insufficient validation of path information provided by users, thus characters representing 'traverse to parent directory' are passed through to the file APIs. Due to this Directory Traversal vulnerability the attacker could read content of arbitrary files on the remote server and expose sensitive data.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-10T00:40:51.000000Z"}, {"uuid": "edfa56ef-243f-49b7-9bfd-9deeacc8fffa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21477", "type": "seen", "source": "https://t.me/cibsecurity/23330", "content": "\u203c CVE-2021-21477 \u203c\n\nSAP Commerce Cloud, versions - 1808,1811,1905,2005,2011, enables certain users with required privileges to edit drools rules, an authenticated attacker with this privilege will be able to inject malicious code in the drools rules which when executed leads to Remote Code Execution vulnerability enabling the attacker to compromise the underlying host enabling him to impair confidentiality, integrity and availability of the application.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-10T00:40:43.000000Z"}, {"uuid": "d938ee06-007a-46b8-b983-468aff71ddad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21479", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-02-02)", "content": "", "creation_timestamp": "2025-02-02T00:00:00.000000Z"}, {"uuid": "62843e94-3f70-45de-b571-72340c77d30f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21479", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-05-18)", "content": "", "creation_timestamp": "2025-05-18T00:00:00.000000Z"}, {"uuid": "7216e679-2069-4c31-a4c9-434bd1945980", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21479", "type": "published-proof-of-concept", "source": "https://t.me/realLulzSec/18819", "content": "", "creation_timestamp": "2024-09-21T16:06:46.000000Z"}, {"uuid": "e3e70ea6-4d87-42db-84b4-6f01acd17e24", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21479", "type": "published-proof-of-concept", "source": "https://t.me/BackupLulz/241", "content": "", "creation_timestamp": "2024-11-03T04:41:27.000000Z"}]}