{"vulnerability": "CVE-2021-3841", "sightings": [{"uuid": "c8180d2d-2240-4a14-9531-46933168066e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3841", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113486597740121927", "content": "", "creation_timestamp": "2024-11-15T10:54:16.795670Z"}, {"uuid": "de341149-cfb6-4ee4-af7b-fc6df48e041e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38410", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12259", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-38410\n\ud83d\udd25 CVSS Score: 7.3 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: AVEVA Software Platform Common Services (PCS) Portal versions 4.5.2, 4.5.1, 4.5.0, and 4.4.6 are vulnerable to DLL hijacking through an uncontrolled search path element, which may allow an attacker control to one or more locations in the search path.\n\ud83d\udccf Published: 2022-07-27T20:23:04.000Z\n\ud83d\udccf Modified: 2025-04-17T15:49:43.702Z\n\ud83d\udd17 References:\n1. https://www.cisa.gov/uscert/ics/advisories/icsa-21-252-01\n2. https://www.aveva.com/en/support-and-success/cyber-security-updates/", "creation_timestamp": "2025-04-17T15:57:39.000000Z"}, {"uuid": "df8fc5a3-3111-4766-a893-407c3ea2ea4c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38417", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12254", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-38417\n\ud83d\udd25 CVSS Score: 7.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N)\n\ud83d\udd39 Description: VISAM VBASE version 11.6.0.6 is vulnerable to improper access control via the web-remote endpoint, which may allow an unauthenticated user viewing access to folders and files in the directory listing.\n\ud83d\udccf Published: 2022-07-27T20:20:43.000Z\n\ud83d\udccf Modified: 2025-04-17T15:50:29.866Z\n\ud83d\udd17 References:\n1. https://www.cisa.gov/uscert/ics/advisories/icsa-21-308-01", "creation_timestamp": "2025-04-17T15:57:31.000000Z"}, {"uuid": "a6b011f0-b512-4cbe-9b52-6625b1c64986", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38417", "type": "seen", "source": "https://t.me/cibsecurity/47132", "content": "\u203c CVE-2021-38417 \u203c\n\nVISAM VBASE version 11.6.0.6 is vulnerable to improper access control via the web-remote endpoint, which may allow an unauthenticated user viewing access to folders and files in the directory listing.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-28T00:36:43.000000Z"}, {"uuid": "933e4639-c637-444b-9d8e-9ab5e5536726", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38410", "type": "seen", "source": "https://t.me/cibsecurity/47127", "content": "\u203c CVE-2021-38410 \u203c\n\nAVEVA Software Platform Common Services (PCS) Portal versions 4.5.2, 4.5.1, 4.5.0, and 4.4.6 are vulnerable to DLL hijacking through an uncontrolled search path element, which may allow an attacker control to one or more locations in the search path.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-28T00:36:39.000000Z"}, {"uuid": "3b3b7298-b5f9-4b24-b541-a2aea120583a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38411", "type": "seen", "source": "https://t.me/cibsecurity/31774", "content": "\u203c CVE-2021-38411 \u203c\n\nDelta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter deviceName of the API modbusWriter-Reader, which may allow an attacker to remotely execute code.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-03T23:23:24.000000Z"}, {"uuid": "895a81ab-010a-42b4-b487-d5c568db9f10", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38415", "type": "seen", "source": "https://t.me/cibsecurity/34315", "content": "\u203c CVE-2021-38415 \u203c\n\nFuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable a heap-based buffer overflow when parsing a specially crafted project file, which may allow an attacker to execute arbitrary code.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-21T00:11:44.000000Z"}, {"uuid": "7acb7f25-b16a-4bd7-9310-dcd5f1094652", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38416", "type": "seen", "source": "https://t.me/cibsecurity/31781", "content": "\u203c CVE-2021-38416 \u203c\n\nDelta Electronics DIALink versions 1.2.4.0 and prior insecurely loads libraries, which may allow an attacker to use DLL hijacking and takeover the system where the software is installed.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-03T23:23:33.000000Z"}, {"uuid": "32dcac9a-5da2-44f0-9253-b616bee9c687", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38418", "type": "seen", "source": "https://t.me/cibsecurity/31792", "content": "\u203c CVE-2021-38418 \u203c\n\nDelta Electronics DIALink versions 1.2.4.0 and prior runs by default on HTTP, which may allow an attacker to be positioned between the traffic and perform a machine-in-the-middle attack to access information without authorization.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-03T23:23:50.000000Z"}, {"uuid": "7c56729b-7081-4a12-b29b-2ab5147d2779", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38412", "type": "seen", "source": "https://t.me/cibsecurity/29080", "content": "\u203c CVE-2021-38412 \u203c\n\nProperly formatted POST requests to multiple resources on the HTTP and HTTPS web servers of the Digi PortServer TS 16 Rack device do not require authentication or authentication tokens. This vulnerability could allow an attacker to enable the SNMP service and manipulate the community strings to achieve further control in.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-18T00:23:35.000000Z"}]}