{"vulnerability": "CVE-2021-3623", "sightings": [{"uuid": "20cd925f-a2d7-4a3c-93e0-4bd5c10f89b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36232", "type": "seen", "source": "https://t.me/cibsecurity/28134", "content": "\u203c CVE-2021-36232 \u203c\n\nImproper Authorization in multiple functions in MIK.starlight 7.9.5.24363 allows an authenticated attacker to escalate privileges.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-31T22:33:45.000000Z"}, {"uuid": "d98107a4-2ef1-4c80-a062-5bc848859eda", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36231", "type": "seen", "source": "https://t.me/cibsecurity/28133", "content": "\u203c CVE-2021-36231 \u203c\n\nDeserialization of untrusted data in multiple functions in MIK.starlight 7.9.5.24363 allows authenticated remote attackers to execute operating system commands by crafting serialized objects.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-31T22:33:44.000000Z"}, {"uuid": "9b0486ac-b6d2-4fdd-9b8e-a6a83c706264", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36233", "type": "seen", "source": "https://t.me/cibsecurity/28135", "content": "\u203c CVE-2021-36233 \u203c\n\nThe function AdminGetFirstFileContentByFilePath in MIK.starlight 7.9.5.24363 allows (by design) an authenticated attacker to read arbitrary files from the filesystem by specifying the file path.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-31T22:33:46.000000Z"}, {"uuid": "4dd8fb6e-372e-495f-81ef-0f76341678c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36234", "type": "seen", "source": "https://t.me/cibsecurity/28128", "content": "\u203c CVE-2021-36234 \u203c\n\nUse of a hard-coded cryptographic key in MIK.starlight 7.9.5.24363 allows local users to decrypt credentials via unspecified vectors.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-31T22:33:39.000000Z"}]}