{"vulnerability": "CVE-2021-3907", "sightings": [{"uuid": "6fd6802a-2561-47ed-94c6-12c6f78e4582", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39074", "type": "seen", "source": "https://t.me/cibsecurity/45372", "content": "\u203c CVE-2021-39074 \u203c\n\nIBM Security Guardium 11.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-29T20:37:43.000000Z"}, {"uuid": "491048ab-00e4-4251-bc65-a6c1c9ce2329", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39072", "type": "seen", "source": "https://t.me/cibsecurity/41101", "content": "\u203c CVE-2021-39072 \u203c\n\nIBM Security Guardium 11.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 215581.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-19T20:24:29.000000Z"}, {"uuid": "2c8aac89-edc5-4690-8677-16e531a8c6af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39079", "type": "seen", "source": "https://t.me/cibsecurity/37437", "content": "\u203c CVE-2021-39079 \u203c\n\nIBM Cognos Analytics Mobile for Android applications prior to version 1.1.14 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 215592.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-14T20:32:57.000000Z"}, {"uuid": "649e7de6-413a-42d4-bd30-00baf65e3ce1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39078", "type": "seen", "source": "https://t.me/cibsecurity/41107", "content": "\u203c CVE-2021-39078 \u203c\n\nIBM Security Guardium 10.5 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 215589.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-19T20:24:35.000000Z"}, {"uuid": "730cab1a-0b22-4610-acef-1c85467f733a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39076", "type": "seen", "source": "https://t.me/cibsecurity/41106", "content": "\u203c CVE-2021-39076 \u203c\n\nIBM Security Guardium 10.5 and 11.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. IBM X-Force ID: 215585.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-19T20:24:35.000000Z"}, {"uuid": "d9b20dea-b5fb-4999-bf4e-02b8ca357e9d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39070", "type": "seen", "source": "https://t.me/cibsecurity/36703", "content": "\u203c CVE-2021-39070 \u203c\n\nIBM Security Verify Access 10.0.0.0, 10.0.1.0 and 10.0.2.0 with the advanced access control authentication service enabled could allow an attacker to authenticate as any user on the system. IBM X-Force ID: 215353.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-02T14:28:32.000000Z"}, {"uuid": "c5b87549-4366-40c7-b04d-56b7bef8aefa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3907", "type": "seen", "source": "https://t.me/cibsecurity/32263", "content": "\u203c CVE-2021-3907 \u203c\n\nOctoRPKI does not escape a URI with a filename containing \"..\", this allows a repository to create a file, (ex. rsync://example.org/repo/../../etc/cron.daily/evil.roa), which would then be written to disk outside the base cache folder. This could allow for remote code execution on the host machine OctoRPKI is running on.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-12T00:38:07.000000Z"}]}