{"vulnerability": "CVE-2021-2149", "sightings": [{"uuid": "60018303-aef1-45d7-9699-0a85b3fc5cea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21491", "type": "seen", "source": "https://t.me/cibsecurity/24695", "content": "\u203c CVE-2021-21491 \u203c\n\nSAP Netweaver Application Server Java (Applications based on WebDynpro Java) versions 7.00, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allow an attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-03-10T18:53:16.000000Z"}, {"uuid": "875b1a7e-1da3-42bb-bb37-a6d945664cb9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21493", "type": "seen", "source": "https://t.me/cibsecurity/24611", "content": "\u203c CVE-2021-21493 \u203c\n\nWhen a user opens manipulated Graphics Interchange Format (.GIF) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-03-09T18:51:58.000000Z"}, {"uuid": "06b59b77-7221-4b4b-b415-9f69d6b1096c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21494", "type": "seen", "source": "https://t.me/cibsecurity/21521", "content": "\u203c CVE-2021-21494 \u203c\n\nMK-AUTH through 19.01 K4.9 allows XSS via the admin/logs_ajax.php tipo parameter. An attacker can leverage this to read the centralmka2 (session token) cookie, which is not set to HTTPOnly.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-04T07:36:19.000000Z"}, {"uuid": "9a3f35e4-eb7c-4f4e-aff6-26134406992b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21495", "type": "seen", "source": "https://t.me/cibsecurity/21519", "content": "\u203c CVE-2021-21495 \u203c\n\nMK-AUTH through 19.01 K4.9 allows CSRF for password changes via the central/executar_central.php?acao=altsenha_princ URI.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-04T07:36:16.000000Z"}]}