{"vulnerability": "CVE-2021-3258", "sightings": [{"uuid": "97834b24-7929-48fd-b8a4-ed5aa9566206", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-32589", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113679517704779961", "content": "", "creation_timestamp": "2024-12-19T12:36:21.909801Z"}, {"uuid": "0b53e239-7bad-45b0-bf1e-8bab8037cd83", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-32589", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3ldnxdn4btu27", "content": "", "creation_timestamp": "2024-12-19T13:15:33.854430Z"}, {"uuid": "e3bc3c1c-adc8-4991-af75-8a34eadcc863", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-32589", "type": "seen", "source": "MISP/acd0294c-4561-4286-a04e-5c02a1c67b1f", "content": "", "creation_timestamp": "2025-09-15T13:28:32.000000Z"}, {"uuid": "8ebbab55-9bc7-4921-9a46-ad562d87777c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-32589", "type": "seen", "source": "MISP/acd0294c-4561-4286-a04e-5c02a1c67b1f", "content": "", "creation_timestamp": "2025-09-16T03:45:02.000000Z"}, {"uuid": "09daf78e-f2bf-49f3-af4d-cc9c72366e43", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-32584", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7763", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-32584\n\ud83d\udd25 CVSS Score: 4.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R)\n\ud83d\udd39 Description: An improper access control (CWE-284) vulnerability in FortiWLC version 8.6.0, version 8.5.3 and below, version 8.4.8 and below, version 8.3.3 and below, version 8.2.7 to 8.2.4, version 8.1.3 may allow an unauthenticated and remote attacker to access certain areas of the web management CGI functionality by just specifying the correct URL.  The vulnerability applies only to limited CGI resources and might allow the unauthorized party to access configuration details.\n\ud83d\udccf Published: 2025-03-17T13:05:44.978Z\n\ud83d\udccf Modified: 2025-03-17T13:37:26.791Z\n\ud83d\udd17 References:\n1. https://fortiguard.fortinet.com/psirt/FG-IR-20-138", "creation_timestamp": "2025-03-17T13:46:52.000000Z"}, {"uuid": "47b97e0b-a0f3-45d8-a978-e6bf08c0091a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-32589", "type": "seen", "source": "https://t.me/cvedetector/13327", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2021-32589 - Fortinet FortiManager FortiAnalyzer Use-After-Free Code Execution\", \n  \"Content\": \"CVE ID : CVE-2021-32589 \nPublished : Dec. 19, 2024, 1:15 p.m. | 32\u00a0minutes ago \nDescription : A use after free in Fortinet FortiManager, FortiAnalyzer allows attacker to execute unauthorized code or commands via \nSeverity: 8.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-19T14:49:09.000000Z"}, {"uuid": "f9e1e3cd-c786-452a-9b26-b4218b1ec9ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-32586", "type": "seen", "source": "https://t.me/cibsecurity/38275", "content": "\u203c CVE-2021-32586 \u203c\n\nAn improper input validation vulnerability in the web server CGI facilities of FortiMail before 7.0.1 may allow an unauthenticated attacker to alter the environment of the underlying script interpreter via specifically crafted HTTP requests.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-01T22:23:34.000000Z"}, {"uuid": "0413b512-c17b-44b4-85b7-67a2d2553df1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-32585", "type": "seen", "source": "https://t.me/cibsecurity/40242", "content": "\u203c CVE-2021-32585 \u203c\n\nAn improper neutralization of input during web page generation vulnerability [CWE-79] in FortiWAN before 4.5.9 may allow an attacker to perform a stored cross-site scripting attack via specifically crafted HTTP requests.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-06T20:30:24.000000Z"}, {"uuid": "9a7ddaeb-86d7-4830-a3a4-cb317ed49569", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-32587", "type": "seen", "source": "https://t.me/cibsecurity/26919", "content": "\u203c CVE-2021-32587 \u203c\n\nAn improper access control vulnerability in FortiManager and FortiAnalyzer GUI interface 7.0.0, 6.4.5 and below, 6.2.8 and below, 6.0.11and below, 5.6.11and below may allow a remote and authenticated attacker with restricted user profile to retrieve the list of administrative users of other ADOMs and their related configuration.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-06T14:32:32.000000Z"}, {"uuid": "8cfddc1d-b328-40c2-b633-fc2a0a9543e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-32581", "type": "seen", "source": "https://t.me/cibsecurity/26914", "content": "\u203c CVE-2021-32581 \u203c\n\nAcronis True Image prior to 2021 Update 4 for Windows, Acronis True Image prior to 2021 Update 5 for Mac, Acronis Agent prior to build 26653, Acronis Cyber Protect prior to build 27009 did not implement SSL certificate validation.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-06T00:31:59.000000Z"}, {"uuid": "084e28e5-d3d3-4dfe-b6b4-2c317b2b2ef5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3258", "type": "seen", "source": "https://t.me/cibsecurity/23168", "content": "\u203c CVE-2021-3258 \u203c\n\nQuestion2Answer Q2A Ultimate SEO Version 1.3 is affected by cross-site scripting (XSS), which may lead to arbitrary remote code execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-05T18:35:21.000000Z"}, {"uuid": "dd294d0a-9753-4adb-95a9-7015baadb6b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-32588", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/4061", "content": "#Threat_Research\n1. Fortinet FortiPortal Vulnerability Disclosures (CVE-2021-32588, CVE-2021-36168)\nhttps://insomniasec.com/blog/fortiportal-disclosures\n2. Modify in-flight data to payment provider Smart2Pay\nhttps://hackerone.com/reports/1295844", "creation_timestamp": "2021-08-14T13:25:01.000000Z"}, {"uuid": "64e508be-a9c3-42d6-a95f-c0f303c8f12c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-32581", "type": "seen", "source": "https://t.me/critical_bug/1448", "content": "\ud83d\udd10\ud83d\udee1\ufe0f\ud83d\udcbb Acronis True Image \u043d\u0435 \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u0442 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u043f\u0440\u0438 TLS-\u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u0438\n\n\ud83c\udfc6 \u0411\u0430\u0443\u043d\u0442\u0438: $500\n\ud83d\udea8 \u041a\u0440\u0438\u0442\u0438\u0447\u043d\u043e\u0441\u0442\u044c: \u0412\u044b\u0441\u043e\u043a\u0430\u044f\n\n\ud83d\udcdd \u0425\u0430\u043a\u0435\u0440 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0439 \u0431\u0430\u0433 \u0432 Acronis True Image \u0434\u043b\u044f Windows \u0438 Mac. \u041f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0430 \u043d\u0435 \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u043b\u0430 \u0432\u0430\u043b\u0438\u0434\u0430\u0446\u0438\u044e SSL-\u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0432, \u0447\u0442\u043e \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u043b\u043e \u043f\u0443\u0442\u044c \u0434\u043b\u044f \u0430\u0442\u0430\u043a \"\u0447\u0435\u043b\u043e\u0432\u0435\u043a \u043f\u043e\u0441\u0435\u0440\u0435\u0434\u0438\u043d\u0435\". \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u0440\u0438\u0441\u0432\u043e\u0438\u043b\u0438 CVE-2021-32581. \u0411\u0430\u0433 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u043b \u0432\u0435\u0440\u0441\u0438\u0438 \u0434\u043e 2021 Update 4 \u0434\u043b\u044f Windows \u0438 \u0434\u043e 2021 Update 5 \u0434\u043b\u044f Mac. \u041a \u0441\u0447\u0430\u0441\u0442\u044c\u044e, \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0432 \"\u0434\u0438\u043a\u043e\u043c \u0432\u0438\u0434\u0435\" \u043d\u0435 \u043d\u0430\u0431\u043b\u044e\u0434\u0430\u043b\u043e\u0441\u044c. Acronis \u043e\u043f\u0435\u0440\u0430\u0442\u0438\u0432\u043d\u043e \u043f\u0440\u043e\u043f\u0430\u0442\u0447\u0438\u043b \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u0437\u0430\u043a\u0440\u044b\u0432 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u0443\u044e \u0431\u0440\u0435\u0448\u044c \u0432 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0441\u0432\u043e\u0438\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439.\n\n\u041f\u0440\u0438\u0433\u043b\u0430\u0448\u0430\u0435\u043c \u0432\u0430\u0441 \u043f\u043e\u0434\u043f\u0438\u0441\u0430\u0442\u044c\u0441\u044f \u043d\u0430 \u043d\u0430\u0448 \u043a\u0430\u043d\u0430\u043b, \u0433\u0434\u0435 \u043c\u044b \u0440\u0435\u0433\u0443\u043b\u044f\u0440\u043d\u043e \u0440\u0430\u0437\u0431\u0438\u0440\u0430\u0435\u043c \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u044b\u0435 \u043e\u0442\u0447\u0435\u0442\u044b \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438.\n\n\u0422\u0430\u043a\u0436\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u043c \u043e\u0444\u043e\u0440\u043c\u0438\u0442\u044c \u043f\u043e\u0434\u043f\u0438\u0441\u043a\u0443 \u043d\u0430 \u043a\u0430\u043d\u0430\u043b \u0420\u0435\u043f\u043e\u0440\u0442\u044b \u043f\u0440\u043e\u0441\u0442\u044b\u043c \u044f\u0437\u044b\u043a\u043e\u043c VIP, \u0433\u0434\u0435 \u043c\u044b \u043f\u0440\u0435\u0434\u043b\u0430\u0433\u0430\u0435\u043c \u0431\u043e\u043b\u0435\u0435 \u0433\u043b\u0443\u0431\u043e\u043a\u0438\u0439 \u0430\u043d\u0430\u043b\u0438\u0437 \u043e\u0442\u0447\u0435\u0442\u043e\u0432 \u0438 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u043c\u0430\u0442\u0435\u0440\u0438\u0430\u043b\u044b.", "creation_timestamp": "2024-08-22T05:00:18.000000Z"}]}