{"vulnerability": "CVE-2021-3741", "sightings": [{"uuid": "2c77b21b-871c-4359-b23f-37bab2f94a70", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37415", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2023-06-14T21:10:04.000000Z"}, {"uuid": "90d13c35-ee86-4f50-9551-eaa1411653a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37416", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-37416.yaml", "content": "", "creation_timestamp": "2023-04-27T09:58:59.000000Z"}, {"uuid": "ca2f56c5-0f43-40dc-b4f8-f2c4bde90d0f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3741", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113486597696670459", "content": "", "creation_timestamp": "2024-11-15T10:54:16.458257Z"}, {"uuid": "0453b035-79a3-4c86-808e-cb3559e292e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37415", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971178", "content": "", "creation_timestamp": "2024-12-24T20:25:26.018682Z"}, {"uuid": "863c6eac-fd67-44fd-8a3c-5ac4b7770779", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37419", "type": "seen", "source": "https://t.me/cibsecurity/29179", "content": "\u203c CVE-2021-37419 \u203c\n\nManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-21T16:27:50.000000Z"}, {"uuid": "e970c971-672e-43c1-a334-0ccb72f63cc1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37415", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:31.000000Z"}, {"uuid": "89a0811f-86c5-46f2-b5da-bf227d8cd3a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2021-37415", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/caf7ae17-e0e7-4f45-83e5-da3d34a31fbf", "content": "", "creation_timestamp": "2026-02-02T12:28:32.379247Z"}, {"uuid": "33743376-545d-4d15-9b14-47d7376f8b1e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3741", "type": "seen", "source": "https://t.me/cvedetector/11072", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2021-3741 - Chatwoot Chatwoot Stored XSS Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2021-3741 \nPublished : Nov. 15, 2024, 11:15 a.m. | 36\u00a0minutes ago \nDescription : A stored cross-site scripting (XSS) vulnerability was discovered in chatwoot/chatwoot, affecting all versions prior to 2.6. The vulnerability occurs when a user uploads an SVG file containing a malicious XSS payload in the profile settings. When the avatar is opened in a new page, the custom JavaScript code is executed, leading to potential security risks. \nSeverity: 7.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-15T13:15:50.000000Z"}, {"uuid": "aee43568-ddde-4237-9983-9e046e91002b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37413", "type": "seen", "source": "https://t.me/cibsecurity/42982", "content": "\u203c CVE-2021-37413 \u203c\n\nGRANDCOM DynWEB before 4.2 contains a SQL Injection vulnerability in the admin login interface. A remote unauthenticated attacker can exploit this vulnerability to obtain administrative access to the webpage, access the user database, modify web content and upload custom files. The backend login script does not verify and sanitize user-provided strings.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-19T18:29:39.000000Z"}, {"uuid": "08515604-4f87-4076-8956-1231f8f4de83", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37415", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-37415.yaml", "content": "", "creation_timestamp": "2025-12-09T09:48:19.000000Z"}, {"uuid": "5eb50a38-a19c-4674-8326-ff108b466c08", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37415", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3m7qhvb5npr2d", "content": "", "creation_timestamp": "2025-12-11T21:02:30.346998Z"}, {"uuid": "aba5a814-496e-4780-af7f-f4e699ee026c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37415", "type": "seen", "source": "Telegram/BHFCi5ePmSl5GULGsb0I8p2N34-RxkUMNQo0p8yXDCsLK2pt", "content": "", "creation_timestamp": "2025-02-06T02:39:18.000000Z"}, {"uuid": "1b2c3c19-c639-4fc8-8d8b-7f08301ed626", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37415", "type": "seen", "source": "https://t.me/arpsyndicate/1347", "content": "#ExploitObserverAlert\n\nCVE-2021-37415\n\nDESCRIPTION: Exploit Observer has 3 entries related to CVE-2021-37415. Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication.\n\nFIRST-EPSS: 0.958200000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2023-12-05T00:47:32.000000Z"}, {"uuid": "03023dc1-7fe0-441f-9c6c-37cd1266578d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37417", "type": "exploited", "source": "https://t.me/true_secator/2092", "content": "\u0410\u0433\u0435\u043d\u0442\u0441\u0442\u0432\u043e \u043f\u043e \u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0421\u0428\u0410 CISA \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u0435\u0442 \u043e\u0431 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u043c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 Zoho ManageEngine ADSelfService.\n\nManageEngine ADSelfService - \u0438\u043d\u0442\u0435\u0433\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0435 \u0440\u0435\u0448\u0435\u043d\u0438\u0435 \u0434\u043b\u044f \u0441\u0430\u043c\u043e\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e\u0433\u043e \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0430\u0440\u043e\u043b\u044f\u043c\u0438 \u0438 \u0435\u0434\u0438\u043d\u043e\u0433\u043e \u0432\u0445\u043e\u0434\u0430 \u0434\u043b\u044f Active Directory \u0432 Microsoft Windows, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0435\u0435 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430\u043c \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u0442\u044c 2FA \u0434\u043b\u044f \u0432\u0445\u043e\u0434\u0430 \u0432 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f, \u0430 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c - \u0441\u0431\u0440\u0430\u0441\u044b\u0432\u0430\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0430\u0440\u043e\u043b\u0438. ADSelfService Plus \u0442\u0430\u043a\u0436\u0435 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u044b\u0439 \u043c\u0433\u043d\u043e\u0432\u0435\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a\u043e \u0432\u0441\u0435\u043c \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u043c \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f\u043c \u0441 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u043e\u0439 SAML, \u0432\u043a\u043b\u044e\u0447\u0430\u044f Office 365, Salesforce \u0438 G Suite.\n\n\u0420\u0435\u0447\u044c \u0438\u0434\u0435\u0442 \u043e\u0431 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f CVE-2021-40539. \u041e\u0448\u0438\u0431\u043a\u0430 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c\u044e \u043e\u0431\u0445\u043e\u0434\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 REST API, \u0447\u0442\u043e \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u043c\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043a\u043e\u0434\u0430 (RCE) \u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u043d\u0430\u0434 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u043e\u0439. \u041f\u043e\u0434 \u0443\u0433\u0440\u043e\u0437\u043e\u0439 \u043d\u0430\u0445\u043e\u0434\u044f\u0442\u0441\u044f \u0441\u0431\u043e\u0440\u043a\u0438 ADSelfService Plus \u0434\u043e 6113 \u0432\u0435\u0440\u0441\u0438\u0438.\n\n\u041d\u0430\u043f\u043e\u043c\u0438\u043d\u0430\u0435\u043c, \u0447\u0442\u043e \u044d\u0442\u043e \u0443\u0436\u0435 \u043f\u044f\u0442\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u0430\u044f \u0432 ManageEngine ADSelfService Plus \u0441 \u043d\u0430\u0447\u0430\u043b\u0430 \u0433\u043e\u0434\u0430, \u0442\u0440\u0438 \u0438\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 - CVE-2021-37421, CVE-2021-37417 \u0438 CVE-2021-33055 \u0431\u044b\u043b\u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u044b \u0432 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0445 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f\u0445. \u0427\u0435\u0442\u0432\u0435\u0440\u0442\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, CVE-2021-28958 \u0431\u044b\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u0432 \u043c\u0430\u0440\u0442\u0435 2021 \u0433\u043e\u0434\u0430. \u0412\u0441\u0435 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0438\u043c\u0435\u044e\u0442 \u0432\u044b\u0441\u043e\u043a\u0443\u044e \u0441\u0442\u0435\u043f\u0435\u043d\u044c \u0440\u0438\u0441\u043a\u0430 \u0438 \u0438\u043c\u0435\u044e\u0442 \u043e\u0446\u0435\u043d\u043a\u0443 CVSS: 9,8.\n\n\u041f\u0440\u0438\u0441\u043e\u0435\u0434\u0438\u043d\u044f\u0435\u043c\u0441\u044f \u043a CISA \u0438 \u043d\u0430\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u043c  \u043d\u0430\u043a\u0430\u0442\u0438\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043d\u0430 ManageEngine, \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0435 \u0430\u0442\u0430\u043a\u0438 \u0441 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0435\u0439 \u0434\u0430\u043d\u043d\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0443\u0436\u0435 \u0444\u0438\u043a\u0441\u0438\u0440\u0443\u044e\u0442\u0441\u044f. \u0421\u043a\u0435\u043f\u0442\u0438\u043a\u0430\u043c \u0436\u0435 \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u0432\u0441\u043f\u043e\u043c\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0448\u043b\u043e\u0433\u043e\u0434\u043d\u0438\u0435 \u043c\u0430\u0440\u0442\u043e\u0432\u0441\u043a\u0438\u0435 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u044b, \u043a\u043e\u0433\u0434\u0430 APT41 \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043b\u0438  RCE \u0432 ManageEngine Desktop Central (CVE-2020-10189) \u0434\u043b\u044f \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u043f\u043e\u043b\u0435\u0437\u043d\u044b\u0445 \u043d\u0430\u0433\u0440\u0443\u0437\u043e\u043a \u0432 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u0445 \u0441\u0435\u0442\u044f\u0445 \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 \u0433\u043b\u043e\u0431\u0430\u043b\u044c\u043d\u043e\u0439 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438 \u043d\u0430\u0448\u0443\u043c\u0435\u0432\u0448\u0438\u0445 \u0432\u0442\u043e\u0440\u0436\u0435\u043d\u0438\u0439.", "creation_timestamp": "2021-09-10T18:38:03.000000Z"}, {"uuid": "6587cc4e-5673-42fb-955d-8d8d0d11957f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37412", "type": "seen", "source": "https://t.me/cibsecurity/28925", "content": "\u203c CVE-2021-37412 \u203c\n\nThe TechRadar app 1.1 for Confluence Server allows XSS via the Title field of a Radar.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-15T20:22:13.000000Z"}, {"uuid": "2db768f1-4670-4006-b5c9-b5950a622178", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37415", "type": "seen", "source": "https://t.me/cibsecurity/28145", "content": "\u203c CVE-2021-37415 \u203c\n\nZoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-01T12:34:35.000000Z"}, {"uuid": "f51b75b3-0c8f-4f89-8c5b-3ed1cca1d7be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37414", "type": "seen", "source": "https://t.me/cibsecurity/28677", "content": "\u203c CVE-2021-37414 \u203c\n\nZoho ManageEngine DesktopCentral version 10.1.2119.7 and prior allows anyone to get a valid user's APIKEY without authentication.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-10T18:31:20.000000Z"}, {"uuid": "d638ba22-18ab-4dc1-b5fa-157d7d7b124d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37416", "type": "seen", "source": "https://t.me/cibsecurity/28023", "content": "\u203c CVE-2021-37416 \u203c\n\nZoho ManageEngine ADSelfService Plus version 6103 and prior is vulnerable to reflected XSS on the loadframe page.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-30T22:32:38.000000Z"}]}