{"vulnerability": "CVE-2021-3753", "sightings": [{"uuid": "c7bc55bd-e804-4d73-ac03-59619c2e32e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37538", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-37538.yaml", "content": "", "creation_timestamp": "2023-04-27T09:58:59.000000Z"}, {"uuid": "57509cd2-1f96-43e2-a8a6-ef287d959118", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37538", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lyqof7wl372w", "content": "", "creation_timestamp": "2025-09-13T21:02:27.058678Z"}, {"uuid": "63c23914-58ae-4847-bc70-e64cd2ba9505", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37535", "type": "published-proof-of-concept", "source": "https://t.me/TopCyberTechNews/333", "content": "Top Security News for 25/05/2023\n\nN. Korean Lazarus Group Targets Microsoft IIS Servers to Deploy Espionage Malware\nhttps://thehackernews.com/2023/05/n-korean-lazarus-group-targets.html \n\nHyatt\u2019s CISO, Intel Briefing, &amp; Third-Party Risk Management with Cyber GRX\nhttps://thecyberwire.com/podcasts/rh-isac/28/notes \n\nIranian Agrius Hackers Targeting Israeli Organizations with Moneybird Ransomware\nhttps://thehackernews.com/2023/05/iranian-agrius-hackers-targeting.html \n\nLegion Malware Upgraded to Target SSH Servers and AWS Credentials\nhttps://thehackernews.com/2023/05/legion-malware-upgraded-to-target-ssh.html \n\nWhat if we had the SockPuppet vulnerability in iOS 16? - Apple Security Research\nhttps://www.reddit.com/r/netsec/comments/13qgujz/what_if_we_had_the_sockpuppet_vulnerability_in/ \n\nExploring P4 Protocol: Usage, Implementation, and CVE-2021-37535\nhttps://www.reddit.com/r/netsec/comments/13qt3l9/exploring_p4_protocol_usage_implementation_and/ \n\nGitHub - avilum/secimport: seccomp Python sandbox, powered by eBPF and Dtrace\nhttps://www.reddit.com/r/netsec/comments/13qfd5x/github_avilumsecimport_seccomp_python_sandbox/ \n\nObsidian ORB Ransomware Demands Gift Cards as Payment\nhttps://malware.news/t/obsidian-orb-ransomware-demands-gift-cards-as-payment/69886#post_1 \n\nCyber Attacks Strike Ukraine's State Bodies in Espionage Operation\nhttps://thehackernews.com/2023/05/cyber-attacks-strike-ukraines-state.html \n\nBlackCat Ransomware Takes Control With New Kernel Driver\nhttps://packetstormsecurity.com/news/view/34651/BlackCat-Ransomware-Takes-Control-With-New-Kernel-Driver.html \n\n    \nFollow Top Cyber News at https://t.me/TopCyberTechNews\nFeel free to DM me at https://twitter.com/ShayaFeedman", "creation_timestamp": "2023-05-25T07:00:04.000000Z"}, {"uuid": "721dbddc-5e82-44ce-aa2f-6a37637b5354", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3753", "type": "published-proof-of-concept", "source": "https://t.me/BABATATASASA/5977", "content": "|       CVE-2021-3569   2.1     https://vulners.com/cve/CVE-2021-3569\n|       CVE-2021-3527   2.1     https://vulners.com/cve/CVE-2021-3527                               |       CVE-2021-3446   2.1     https://vulners.com/cve/CVE-2021-3446                               |       CVE-2021-3416   2.1     https://vulners.com/cve/CVE-2021-3416                               |       CVE-2021-20320  2.1     https://vulners.com/cve/CVE-2021-20320\n|       CVE-2021-20297  2.1     https://vulners.com/cve/CVE-2021-20297                              |       CVE-2021-20257  2.1     https://vulners.com/cve/CVE-2021-20257                              |       CVE-2021-20239  2.1     https://vulners.com/cve/CVE-2021-20239                              |       CVE-2021-20221  2.1     https://vulners.com/cve/CVE-2021-20221\n|       CVE-2020-25743  2.1     https://vulners.com/cve/CVE-2020-25743\n|       CVE-2020-12458  2.1     https://vulners.com/cve/CVE-2020-12458\n|       CVE-2020-10756  2.1     https://vulners.com/cve/CVE-2020-10756\n|       CVE-2019-18391  2.1     https://vulners.com/cve/CVE-2019-18391\n|       CVE-2019-14826  2.1     https://vulners.com/cve/CVE-2019-14826\n|       CVE-2019-13313  2.1     https://vulners.com/cve/CVE-2019-13313                              |       CVE-2019-12067  2.1     https://vulners.com/cve/CVE-2019-12067                              |       CVE-2019-11884  2.1     https://vulners.com/cve/CVE-2019-11884                              |       CVE-2019-11833  2.1     https://vulners.com/cve/CVE-2019-11833                              |       CVE-2019-11135  2.1     https://vulners.com/cve/CVE-2019-11135                              |       CVE-2019-10183  2.1     https://vulners.com/cve/CVE-2019-10183                              |       CVE-2018-16878  2.1     https://vulners.com/cve/CVE-2018-16878                              |       CVE-2004-0554   2.1     https://vulners.com/cve/CVE-2004-0554                               |       1AC912AC-B7DA-5F88-B22A-12B17E5D1D5C    2.1       https://vulners.com/githubexploit/1AC912AC-B7DA-5F88-B22A-12B17E5D1D5C    *EXPLOIT*\n|       CVE-2023-1289   1.9     https://vulners.com/cve/CVE-2023-1289\n|       CVE-2022-25310  1.9     https://vulners.com/cve/CVE-2022-25310                              |       CVE-2022-25309  1.9     https://vulners.com/cve/CVE-2022-25309                              |       CVE-2021-4217   1.9     https://vulners.com/cve/CVE-2021-4217                               |       CVE-2021-3753   1.9     https://vulners.com/cve/CVE-2021-3753                               |       CVE-2021-3602   1.9     https://vulners.com/cve/CVE-2021-3602                               |       CVE-2020-25656  1.9     https://vulners.com/cve/CVE-2020-25656                              |       CVE-2019-2634   1.9     https://vulners.com/cve/CVE-2019-2634                               |       CVE-2019-2535   1.9     https://vulners.com/cve/CVE-2019-2535                               |       CVE-2019-18660  1.9     https://vulners.com/cve/CVE-2019-18660\n|       PRION:CVE-2023-22024    1.7     https://vulners.com/prion/PRION:CVE-2023-22024\n|       CVE-2023-3161   1.7     https://vulners.com/cve/CVE-2023-3161\n|       CVE-2023-28328  1.7     https://vulners.com/cve/CVE-2023-28328\n|       CVE-2023-28327  1.7     https://vulners.com/cve/CVE-2023-28327\n|       CVE-2023-2700   1.7     https://vulners.com/cve/CVE-2023-2700\n|       CVE-2023-2602   1.7     https://vulners.com/cve/CVE-2023-2602\n|       CVE-2023-1981   1.7     https://vulners.com/cve/CVE-2023-1981\n|       CVE-2023-1095   1.7     https://vulners.com/cve/CVE-2023-1095                               |       CVE-2022-2153   1.7     https://vulners.com/cve/CVE-2022-2153\n|       CVE-2022-1263   1.7     https://vulners.com/cve/CVE-2022-1263", "creation_timestamp": "2023-11-15T16:53:03.000000Z"}, {"uuid": "461bf565-147d-46d2-9abb-5926255f9fd8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37538", "type": "seen", "source": "https://t.me/arpsyndicate/2837", "content": "#ExploitObserverAlert\n\nCVE-2021-37538\n\nDESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to CVE-2021-37538. Multiple SQL injection vulnerabilities in SmartDataSoft SmartBlog for PrestaShop before 4.06 allow a remote unauthenticated attacker to execute arbitrary SQL commands via the day, month, or year parameter to the controllers/front/archive.php archive controller, or the id_category parameter to the controllers/front/category.php category controller.\n\nFIRST-EPSS: 0.028190000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2024-01-16T07:48:45.000000Z"}, {"uuid": "d7afdd1e-9a36-4721-99b5-da775c6fd677", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37533", "type": "seen", "source": "https://t.me/ctinow/181898", "content": "https://ift.tt/gPlOwvN\nCVE-2021-37533 | Oracle Middleware Common Libraries and Tools 12.2.1.4.0 Third Party information disclosure", "creation_timestamp": "2024-02-09T09:16:20.000000Z"}, {"uuid": "fe30eac5-853e-4b8d-80d2-bd16bc8e8949", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37535", "type": "seen", "source": "https://t.me/true_secator/2111", "content": "\u200b\u200b\u041e\u0442\u043b\u0438\u0447\u0438\u043b\u0441\u044f \u0438 \u043d\u0435\u043c\u0435\u0446\u043a\u0438\u0439 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a SAP, \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u0432 17 \u043d\u043e\u0432\u044b\u0445 \u0438 \u043e\u0431\u043d\u043e\u0432\u0438\u0432 2 \u043f\u0440\u0435\u0436\u043d\u0438\u0445 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u043f\u0440\u0438 \u044d\u0442\u043e\u043c 7 \u0438\u0437 \u043d\u0438\u0445 \u0441\u0432\u044f\u0437\u0430\u043d\u044b \u0441 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u043c\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c\u0438 \u0432 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u0445 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438.\n \n\u0421\u0430\u043c\u043e\u0435 \u0432\u0430\u0436\u043d\u043e\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u043a\u0430\u0441\u0430\u0435\u0442\u0441\u044f \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438 \u0432 SAP NetWeaver Application Server \u0434\u043b\u044f Java. CVE-2021-37535 \u0438\u043c\u0435\u0435\u0442 10 \u0431\u0430\u043b\u043b\u043e\u0432 \u043f\u043e CVSS. \u0423\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u044b \u0438 \u0434\u0440\u0443\u0433\u0438\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 Hot News \u0434\u043b\u044f NetWeaver (\u0441 \u043e\u0446\u0435\u043d\u043a\u043e\u0439 CVSS 9,9): CVE-2021-38163 (\u043e\u0448\u0438\u0431\u043a\u0430 \u043d\u0435\u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u043e\u0439 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u0444\u0430\u0439\u043b\u043e\u0432 \u0432 Visual Composer 7.0 RT) \u0438 CVE-2021-37531 (\u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0437\u043d\u0430\u043d\u0438\u044f\u043c\u0438). \u041e\u0431\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0440\u0435\u0430\u043b\u0438\u0437\u0443\u044e\u0442\u0441\u044f \u043b\u0438\u0448\u044c \u043f\u0440\u0438 \u043d\u0430\u043b\u0438\u0447\u0438\u0438 \u043c\u0438\u043d\u0438\u043c\u0430\u043b\u044c\u043d\u044b\u0445 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0432 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435.\n \n\u0415\u0449\u0435 \u043e\u0434\u043d\u0430 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2021-38176 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS 9,9) \u0437\u0430\u043a\u043b\u044e\u0447\u0430\u0435\u0442\u0441\u044f \u0432 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0439 \u043e\u0447\u0438\u0441\u0442\u043a\u0435 \u0432\u0432\u043e\u0434\u0430 \u0432 25 \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b\u044c\u043d\u044b\u0445 \u043c\u043e\u0434\u0443\u043b\u044f\u0445 \u0441 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u043e\u0439 RFC, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044e \u0441 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u044b\u043c\u0438 \u043a\u043e\u043d\u043a\u0440\u0435\u0442\u043d\u044b\u043c\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e \u0432\u044b\u0437\u044b\u0432\u0430\u0442\u044c \u044d\u0442\u0438 \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b\u044c\u043d\u044b\u0435 \u043c\u043e\u0434\u0443\u043b\u0438 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u0443\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u043c\u044b\u0435 \u0437\u0430\u043f\u0440\u043e\u0441\u044b \u0434\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0441\u0435\u0440\u0432\u0435\u0440\u043d\u043e\u0439 \u0431\u0430\u0437\u0435 \u0434\u0430\u043d\u043d\u044b\u0445.\n \n\u0415\u0449\u0435 \u043e\u0434\u043d\u043e \u043f\u0440\u0438\u043c\u0435\u0447\u0430\u043d\u0438\u0435 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 Hot News \u043a\u0430\u0441\u0430\u0435\u0442\u0441\u044f \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0433\u043e \u043a\u043e\u0434\u0430 \u0438 \u043e\u0442\u0440\u0430\u0436\u0430\u0435\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u043e\u0433\u043e \u0441\u043a\u0440\u0438\u043f\u0442\u0438\u043d\u0433\u0430 (XSS) \u0432 \u043a\u043e\u043d\u0442\u0430\u043a\u0442-\u0446\u0435\u043d\u0442\u0440\u0435 SAP. \u0418\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CVE-2021-33672, CVE-2021-33673, CVE-2021-33674 \u0438 CVE-2021-33675 \u0438\u043c\u0435\u044e\u0442 \u043e\u0446\u0435\u043d\u043a\u0443 CVSS 9,6.\n \n\u041d\u0430 \u044d\u0442\u043e\u0439 \u043d\u0435\u0434\u0435\u043b\u0435 SAP \u0442\u0443\u0434\u0430 \u0436\u0435 \u0432\u043a\u043b\u044e\u0447\u0438\u043b\u0430 2 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u043f\u0440\u0438\u043c\u0435\u0447\u0430\u043d\u0438\u044f \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u043e\u0448\u0438\u0431\u043e\u043a \u0441 \u043e\u0446\u0435\u043d\u043a\u043e\u0439 CVSS 10: \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0435 Chromium \u0432 Business Client, \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u043d\u0435\u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u043e\u0439 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u0444\u0430\u0439\u043b\u043e\u0432 \u0432 Business One.\n \n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u0432 \u0441\u0435\u043d\u0442\u044f\u0431\u0440\u044c\u0441\u043a\u0438\u0439 SAP 2021 \u0442\u0430\u043a\u0436\u0435 \u043f\u043e\u043f\u0430\u043b\u0438 2 \u0432\u044b\u0441\u043e\u043a\u043e\u043f\u0440\u0438\u043e\u0440\u0438\u0442\u0435\u0442\u043d\u044b\u0445 \u043f\u0440\u0438\u043c\u0435\u0447\u0430\u043d\u0438\u044f \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f CVE-2021-38162 \u0432 Web Dispatcher \u0438 CVE-2021-38177 \u0432 CommonCryptoLib.\n \n\u041e\u0441\u0442\u0430\u043b\u044c\u043d\u044b\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 SAP \u043a\u0430\u0441\u0430\u044e\u0442\u0441\u044f \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u043f\u0440\u043e\u0431\u043b\u0435\u043c \u0432 Analysis \u0434\u043b\u044f Microsoft Office, Business Client, Business One, BusinessObjects, ERP Financial Accounting, NetWeaver \u0438 3D Visual Enterprise Viewer.\n \n\u041a\u043b\u0438\u0435\u043d\u0442\u0430\u043c \u043d\u0435\u043c\u0435\u0446\u043a\u043e\u0433\u043e \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0430 - \u0432 \u0440\u0430\u0431\u043e\u0442\u0443.", "creation_timestamp": "2021-09-16T15:55:40.000000Z"}, {"uuid": "ec2562cd-0e39-4b7b-8197-6096b5a28651", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37531", "type": "seen", "source": "https://t.me/true_secator/2111", "content": "\u200b\u200b\u041e\u0442\u043b\u0438\u0447\u0438\u043b\u0441\u044f \u0438 \u043d\u0435\u043c\u0435\u0446\u043a\u0438\u0439 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a SAP, \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u0432 17 \u043d\u043e\u0432\u044b\u0445 \u0438 \u043e\u0431\u043d\u043e\u0432\u0438\u0432 2 \u043f\u0440\u0435\u0436\u043d\u0438\u0445 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u043f\u0440\u0438 \u044d\u0442\u043e\u043c 7 \u0438\u0437 \u043d\u0438\u0445 \u0441\u0432\u044f\u0437\u0430\u043d\u044b \u0441 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u043c\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c\u0438 \u0432 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u0445 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438.\n \n\u0421\u0430\u043c\u043e\u0435 \u0432\u0430\u0436\u043d\u043e\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u043a\u0430\u0441\u0430\u0435\u0442\u0441\u044f \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438 \u0432 SAP NetWeaver Application Server \u0434\u043b\u044f Java. CVE-2021-37535 \u0438\u043c\u0435\u0435\u0442 10 \u0431\u0430\u043b\u043b\u043e\u0432 \u043f\u043e CVSS. \u0423\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u044b \u0438 \u0434\u0440\u0443\u0433\u0438\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 Hot News \u0434\u043b\u044f NetWeaver (\u0441 \u043e\u0446\u0435\u043d\u043a\u043e\u0439 CVSS 9,9): CVE-2021-38163 (\u043e\u0448\u0438\u0431\u043a\u0430 \u043d\u0435\u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u043e\u0439 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u0444\u0430\u0439\u043b\u043e\u0432 \u0432 Visual Composer 7.0 RT) \u0438 CVE-2021-37531 (\u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0437\u043d\u0430\u043d\u0438\u044f\u043c\u0438). \u041e\u0431\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0440\u0435\u0430\u043b\u0438\u0437\u0443\u044e\u0442\u0441\u044f \u043b\u0438\u0448\u044c \u043f\u0440\u0438 \u043d\u0430\u043b\u0438\u0447\u0438\u0438 \u043c\u0438\u043d\u0438\u043c\u0430\u043b\u044c\u043d\u044b\u0445 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0432 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435.\n \n\u0415\u0449\u0435 \u043e\u0434\u043d\u0430 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2021-38176 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS 9,9) \u0437\u0430\u043a\u043b\u044e\u0447\u0430\u0435\u0442\u0441\u044f \u0432 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0439 \u043e\u0447\u0438\u0441\u0442\u043a\u0435 \u0432\u0432\u043e\u0434\u0430 \u0432 25 \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b\u044c\u043d\u044b\u0445 \u043c\u043e\u0434\u0443\u043b\u044f\u0445 \u0441 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u043e\u0439 RFC, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044e \u0441 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u044b\u043c\u0438 \u043a\u043e\u043d\u043a\u0440\u0435\u0442\u043d\u044b\u043c\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e \u0432\u044b\u0437\u044b\u0432\u0430\u0442\u044c \u044d\u0442\u0438 \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b\u044c\u043d\u044b\u0435 \u043c\u043e\u0434\u0443\u043b\u0438 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u0443\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u043c\u044b\u0435 \u0437\u0430\u043f\u0440\u043e\u0441\u044b \u0434\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0441\u0435\u0440\u0432\u0435\u0440\u043d\u043e\u0439 \u0431\u0430\u0437\u0435 \u0434\u0430\u043d\u043d\u044b\u0445.\n \n\u0415\u0449\u0435 \u043e\u0434\u043d\u043e \u043f\u0440\u0438\u043c\u0435\u0447\u0430\u043d\u0438\u0435 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 Hot News \u043a\u0430\u0441\u0430\u0435\u0442\u0441\u044f \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0433\u043e \u043a\u043e\u0434\u0430 \u0438 \u043e\u0442\u0440\u0430\u0436\u0430\u0435\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u043e\u0433\u043e \u0441\u043a\u0440\u0438\u043f\u0442\u0438\u043d\u0433\u0430 (XSS) \u0432 \u043a\u043e\u043d\u0442\u0430\u043a\u0442-\u0446\u0435\u043d\u0442\u0440\u0435 SAP. \u0418\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CVE-2021-33672, CVE-2021-33673, CVE-2021-33674 \u0438 CVE-2021-33675 \u0438\u043c\u0435\u044e\u0442 \u043e\u0446\u0435\u043d\u043a\u0443 CVSS 9,6.\n \n\u041d\u0430 \u044d\u0442\u043e\u0439 \u043d\u0435\u0434\u0435\u043b\u0435 SAP \u0442\u0443\u0434\u0430 \u0436\u0435 \u0432\u043a\u043b\u044e\u0447\u0438\u043b\u0430 2 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u043f\u0440\u0438\u043c\u0435\u0447\u0430\u043d\u0438\u044f \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u043e\u0448\u0438\u0431\u043e\u043a \u0441 \u043e\u0446\u0435\u043d\u043a\u043e\u0439 CVSS 10: \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0435 Chromium \u0432 Business Client, \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u043d\u0435\u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u043e\u0439 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u0444\u0430\u0439\u043b\u043e\u0432 \u0432 Business One.\n \n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u0432 \u0441\u0435\u043d\u0442\u044f\u0431\u0440\u044c\u0441\u043a\u0438\u0439 SAP 2021 \u0442\u0430\u043a\u0436\u0435 \u043f\u043e\u043f\u0430\u043b\u0438 2 \u0432\u044b\u0441\u043e\u043a\u043e\u043f\u0440\u0438\u043e\u0440\u0438\u0442\u0435\u0442\u043d\u044b\u0445 \u043f\u0440\u0438\u043c\u0435\u0447\u0430\u043d\u0438\u044f \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f CVE-2021-38162 \u0432 Web Dispatcher \u0438 CVE-2021-38177 \u0432 CommonCryptoLib.\n \n\u041e\u0441\u0442\u0430\u043b\u044c\u043d\u044b\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 SAP \u043a\u0430\u0441\u0430\u044e\u0442\u0441\u044f \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u043f\u0440\u043e\u0431\u043b\u0435\u043c \u0432 Analysis \u0434\u043b\u044f Microsoft Office, Business Client, Business One, BusinessObjects, ERP Financial Accounting, NetWeaver \u0438 3D Visual Enterprise Viewer.\n \n\u041a\u043b\u0438\u0435\u043d\u0442\u0430\u043c \u043d\u0435\u043c\u0435\u0446\u043a\u043e\u0433\u043e \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0430 - \u0432 \u0440\u0430\u0431\u043e\u0442\u0443.", "creation_timestamp": "2021-09-16T15:55:40.000000Z"}, {"uuid": "03629eaa-c12f-4e8c-b7ad-ce42b6a5c4fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37533", "type": "seen", "source": "https://t.me/ctinow/180676", "content": "https://ift.tt/VTGPg7X\nCVE-2021-37533 | Oracle Communications Service Catalog and Design 7.4.0.7.0/7.4.1.5.0/7.4.2.8.0 Order/Service Management information disclosure", "creation_timestamp": "2024-02-07T12:41:08.000000Z"}, {"uuid": "736d7f57-c1a0-4c08-ad2b-4f0249f76be4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3753", "type": "seen", "source": "https://t.me/cibsecurity/37627", "content": "\u203c CVE-2021-3753 \u203c\n\nA race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel, which may cause an out of bounds read in vt as the write access to vc_mode is not protected by lock-in vt_ioctl (KDSETMDE). The highest threat from this vulnerability is to data confidentiality.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-16T22:36:33.000000Z"}, {"uuid": "512b7f36-ba20-426f-b174-c2af2fbce01f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37533", "type": "seen", "source": "https://t.me/cibsecurity/53949", "content": "\u203c CVE-2021-37533 \u203c\n\nPrior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-03T18:37:57.000000Z"}, {"uuid": "96cda7ad-a15b-48d4-a8b2-5e981280edf8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37538", "type": "seen", "source": "https://t.me/cibsecurity/27767", "content": "\u203c CVE-2021-37538 \u203c\n\nMultiple SQL injection vulnerabilities in SmartDataSoft SmartBlog for PrestaShop before 4.06 allow a remote unauthenticated attacker to execute arbitrary SQL commands via the day, month, or year parameter to the controllers/front/archive.php archive controller, or the id_category parameter to the controllers/front/category.php category controller.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-24T16:23:27.000000Z"}, {"uuid": "950be269-e345-4637-8762-1e8d2189d93c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37531", "type": "seen", "source": "https://t.me/cibsecurity/28810", "content": "\u203c CVE-2021-37531 \u203c\n\nSAP NetWeaver Knowledge Management XML Forms versions - 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, contains an XSLT vulnerability which allows a non-administrative authenticated attacker to craft a malicious XSL stylesheet file containing a script with OS-level commands, copy it into a location to be accessed by the system and then create a file which will trigger the XSLT engine to execute the script contained within the malicious XSL file. This can result in a full compromise of the confidentiality, integrity, and availability of the system.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-14T16:22:07.000000Z"}, {"uuid": "ed7950e1-ebef-4ed5-8110-9914364a6680", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37535", "type": "seen", "source": "https://t.me/cibsecurity/28799", "content": "\u203c CVE-2021-37535 \u203c\n\nSAP NetWeaver Application Server Java (JMS Connector Service) - versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for user privileges.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-14T16:21:52.000000Z"}, {"uuid": "293a2f7b-f555-4643-907c-695211726468", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37532", "type": "seen", "source": "https://t.me/cibsecurity/28798", "content": "\u203c CVE-2021-37532 \u203c\n\nSAP Business One version - 10, due to improper input validation, allows an authenticated User to gain access to directory and view the contents of index in the directory, which would otherwise be restricted to high privileged User.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-14T16:21:51.000000Z"}, {"uuid": "0080c681-37e4-421a-acc1-eaf447119cf5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37530", "type": "seen", "source": "https://t.me/cibsecurity/35381", "content": "\u203c CVE-2021-37530 \u203c\n\nA denial of service vulnerabiity exists in fig2dev through 3.28a due to a segfault in the open_stream function in readpics.c.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-13T00:17:26.000000Z"}, {"uuid": "e8c08e9f-9e07-482e-95ec-d5f17f063cf9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37534", "type": "seen", "source": "https://t.me/cibsecurity/26491", "content": "\u203c CVE-2021-37534 \u203c\n\napp/View/GalaxyClusters/add.ctp in MISP 2.4.146 allows Stored XSS when forking a galaxy cluster.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-07-26T18:11:22.000000Z"}, {"uuid": "63cb2161-2e1c-4437-8fd7-b1c5b85da885", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37539", "type": "seen", "source": "https://t.me/cibsecurity/29486", "content": "\u203c CVE-2021-37539 \u203c\n\nZoho ManageEngine ADManager Plus before 7111 is vulnerable to unrestricted file which leads to Remote code execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-27T18:35:08.000000Z"}]}