{"vulnerability": "CVE-2021-3468", "sightings": [{"uuid": "11171c7f-b5bb-44c5-a2f2-df4800a8a937", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-34682", "type": "seen", "source": "https://t.me/cibsecurity/25428", "content": "\u203c CVE-2021-34682 \u203c\n\nReceita Federal IRPF 2021 1.7 allows a man-in-the-middle attack against the update feature.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-06-13T00:45:28.000000Z"}, {"uuid": "11634186-2026-43b4-840c-83ad1d0c856e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-34685", "type": "seen", "source": "https://t.me/cibsecurity/31951", "content": "\u203c CVE-2021-34685 \u203c\n\nUploadService in Hitachi Vantara Pentaho Business Analytics through 9.1 does not properly verify uploaded user files, which allows an authenticated user to upload various files of different file types. Specifically, a .jsp file is not allowed, but a .jsp. file is allowed (and leads to remote code execution).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-08T07:28:38.000000Z"}, {"uuid": "6efcd12c-45f6-4e5a-a46a-3dffc79e8939", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-34684", "type": "seen", "source": "https://t.me/cibsecurity/31950", "content": "\u203c CVE-2021-34684 \u203c\n\nHitachi Vantara Pentaho Business Analytics through 9.1 allows an unauthenticated user to execute arbitrary SQL queries on any Pentaho data source and thus retrieve data from the related databases, as demonstrated by an api/repos/dashboards/editor URI.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-08T07:28:36.000000Z"}]}