{"vulnerability": "CVE-2021-2285", "sightings": [{"uuid": "e3286ea7-2080-4596-9dfb-a56793ef6a4e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-22854", "type": "seen", "source": "https://t.me/cibsecurity/23733", "content": "\u203c CVE-2021-22854 \u203c\n\nThe HR Portal of Soar Cloud System fails to filter specific parameters. Remote attackers can inject SQL syntax and obtain all data in the database without privilege.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-17T16:55:05.000000Z"}, {"uuid": "63292a16-dab4-4893-a111-97d5a9b49f20", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-22855", "type": "seen", "source": "https://t.me/cibsecurity/23730", "content": "\u203c CVE-2021-22855 \u203c\n\nThe specific function of HR Portal of Soar Cloud System accepts any type of object to be deserialized. Attackers can send malicious serialized objects to execute arbitrary commands.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-17T16:55:02.000000Z"}, {"uuid": "d2eee656-8707-4bf0-8d6e-d1ff7deea0d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-22853", "type": "seen", "source": "https://t.me/cibsecurity/23729", "content": "\u203c CVE-2021-22853 \u203c\n\nThe HR Portal of Soar Cloud System fails to manage access control. While obtaining user ID, remote attackers can access sensitive data via a specific data packet, such as user\u00e2\u20ac\u2122s login information, further causing the login function not to work.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-17T16:55:00.000000Z"}, {"uuid": "999da7ba-b892-4167-8fac-35469bbbeff3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-22857", "type": "seen", "source": "https://t.me/cibsecurity/23703", "content": "\u203c CVE-2021-22857 \u203c\n\nThe CGE page with download function contains a Directory Traversal vulnerability. Attackers can use this loophole to download system files arbitrarily.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-17T14:48:49.000000Z"}, {"uuid": "6b354e7d-5117-4ccc-976e-5eef74577cfd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-22856", "type": "seen", "source": "https://t.me/cibsecurity/23702", "content": "\u203c CVE-2021-22856 \u203c\n\nThe CGE property management system contains SQL Injection vulnerabilities. Remote attackers can inject SQL commands into the parameters in Cookie and obtain data in the database without privilege.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-17T14:48:48.000000Z"}, {"uuid": "67b6ccb1-6fd2-4ffa-a2b6-723004fa57fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-22858", "type": "seen", "source": "https://t.me/cibsecurity/23701", "content": "\u203c CVE-2021-22858 \u203c\n\nAttackers can access the CGE account management function without privilege for permission elevation and execute arbitrary commands or files after obtaining user permissions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-17T14:48:47.000000Z"}]}