{"vulnerability": "CVE-2021-3523", "sightings": [{"uuid": "3cb143f7-c24c-47b6-b620-e4ddb07a3afe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3523", "type": "seen", "source": "https://t.me/cibsecurity/41540", "content": "\u203c CVE-2021-3523 \u203c\n\nA flaw was found in 3Scale APICast in versions prior to 2.11.0, where it incorrectly identified connections for reuse. This flaw allows an attacker to bypass security restrictions for an API request when hosting multiple APIs on the same IP address.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-28T00:13:26.000000Z"}, {"uuid": "b4158227-36b2-44ed-9868-9399967a3c3d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35230", "type": "seen", "source": "https://t.me/cibsecurity/31019", "content": "\u203c CVE-2021-35230 \u203c\n\nAs a result of an unquoted service path vulnerability present in the Kiwi CatTools Installation Wizard, a local attacker could gain escalated privileges by inserting an executable into the path of the affected service or uninstall entry.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-22T16:39:16.000000Z"}, {"uuid": "84a6d2ad-d307-49d9-a9b0-abfadbc9fc17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35239", "type": "seen", "source": "https://t.me/cibsecurity/28109", "content": "\u203c CVE-2021-35239 \u203c\n\nA security researcher found a user with Orion map manage rights could store XSS through via text box hyperlink.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-31T20:33:43.000000Z"}, {"uuid": "fbb46214-0284-4368-9da0-ca1c3aa478fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35232", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lvbzuiq3dm2f", "content": "", "creation_timestamp": "2025-07-31T21:02:20.592941Z"}, {"uuid": "48fc4944-a67e-49b8-9a4d-6f6543a83f42", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35232", "type": "seen", "source": "https://t.me/cibsecurity/34694", "content": "\u203c CVE-2021-35232 \u203c\n\nHard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access to the Web Help Desk host machine allows to execute arbitrary HQL queries against the database and leverage the vulnerability to steal the password hashes of the users or insert arbitrary data into the database.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-27T22:23:24.000000Z"}, {"uuid": "99d82468-fea3-4894-8ef1-e816491e9ddc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35237", "type": "seen", "source": "https://t.me/cibsecurity/31461", "content": "\u203c CVE-2021-35237 \u203c\n\nA missing HTTP header (X-Frame-Options) in Kiwi Syslog Server has left customers vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item, such as a button or link, to another server in which they have an identical webpage. The attacker essentially hijacks the user activity intended for the original server and sends them to the other server. This is an attack on both the user and the server.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-29T18:18:14.000000Z"}]}