{"vulnerability": "CVE-2021-3906", "sightings": [{"uuid": "82c6325d-9c08-4dfb-a936-50181fde4043", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39066", "type": "seen", "source": "https://t.me/cibsecurity/36692", "content": "\u203c CVE-2021-39066 \u203c\n\nIBM Financial Transaction Manager 3.2.4 does not invalidate session any existing session identifier gives an attacker the opportunity to steal authenticated sessions. IBM X-Force ID: 215040.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-02T14:28:18.000000Z"}, {"uuid": "3e794909-29ff-4d61-907f-5cb80db91409", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39068", "type": "seen", "source": "https://t.me/cibsecurity/40500", "content": "\u203c CVE-2021-39068 \u203c\n\nIBM Curam Social Program Management 8.0.1 and 7.0.11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 215306.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-11T22:16:19.000000Z"}, {"uuid": "094ffb17-2b92-47d8-9451-015c9d3ae90d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3906", "type": "seen", "source": "https://t.me/cibsecurity/31338", "content": "\u203c CVE-2021-3906 \u203c\n\nbookstack is vulnerable to Unrestricted Upload of File with Dangerous Type\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-28T02:16:25.000000Z"}, {"uuid": "ccbc8756-e20d-4c72-88e0-2b8050361122", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39063", "type": "seen", "source": "https://t.me/cibsecurity/33885", "content": "\u203c CVE-2021-39063 \u203c\n\nIBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information due to a misconfiguration in access control headers. IBM X-Force ID: 214956.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-13T22:12:23.000000Z"}, {"uuid": "730bbfa7-0d89-4aac-9a42-52e30c4e1196", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39064", "type": "seen", "source": "https://t.me/cibsecurity/33866", "content": "\u203c CVE-2021-39064 \u203c\n\nIBM Spectrum Copy Data Management 2.2.13 and earlier has weak authentication and password rules and incorrectly handles default credentials for the Spectrum Copy Data Management Admin console. IBM X-Force ID: 214957.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-13T20:11:09.000000Z"}, {"uuid": "078febce-0906-4cce-88f4-64315c166e50", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39065", "type": "seen", "source": "https://t.me/cibsecurity/33869", "content": "\u203c CVE-2021-39065 \u203c\n\nIBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied input by the Spectrum Copy Data Management Admin Console login and uploadcertificate function . A remote attacker could inject arbitrary shell commands which would be executed on the affected system. IBM X-Force ID: 214958.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-13T20:11:12.000000Z"}]}