{"vulnerability": "CVE-2021-3890", "sightings": [{"uuid": "2a6834f6-79f9-413d-961d-046a05335020", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38903", "type": "seen", "source": "https://t.me/cibsecurity/41335", "content": "\u203c CVE-2021-38903 \u203c\n\nIBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. IBM X-Force ID: 209691.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-22T20:28:06.000000Z"}, {"uuid": "ecde9cf0-b502-4bda-9db9-bd514cb65e0b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38904", "type": "seen", "source": "https://t.me/cibsecurity/41332", "content": "\u203c CVE-2021-38904 \u203c\n\nIBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings. IBM X-Force ID: 209693.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-22T20:28:03.000000Z"}, {"uuid": "34cd9b97-5e2e-4d67-9cc0-b35045183540", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38905", "type": "seen", "source": "https://t.me/cibsecurity/41330", "content": "\u203c CVE-2021-38905 \u203c\n\nIBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow an authenticated user to view report pages that they should not have access to. IBM X-Force ID: 209697.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-22T20:27:58.000000Z"}, {"uuid": "3f26c02d-174d-4afe-8bf1-7cbfab4486a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38901", "type": "seen", "source": "https://t.me/cibsecurity/33884", "content": "\u203c CVE-2021-38901 \u203c\n\nIBM Spectrum Protect Operations Center 7.1, under special configurations, could allow a local user to obtain highly sensitive information. IBM X-Force ID: 209610.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-13T22:12:22.000000Z"}, {"uuid": "205aae55-7501-49b6-ae96-22024731850c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38900", "type": "seen", "source": "https://t.me/cibsecurity/34467", "content": "\u203c CVE-2021-38900 \u203c\n\nIBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0 and 21.0 could allow a privileged user to obtain highly sensitive information due to improper access controls. IBM X-Force ID: 209607.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-21T22:13:49.000000Z"}, {"uuid": "de6e5a96-250c-441d-812c-39ec05212562", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38909", "type": "seen", "source": "https://t.me/cibsecurity/33324", "content": "\u203c CVE-2021-38909 \u203c\n\nIBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209706.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-03T20:38:03.000000Z"}]}