{"vulnerability": "CVE-2021-39144", "sightings": [{"uuid": "5cf7b98a-6b02-4213-8d05-1a58488b2ddd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39144", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2023-06-14T21:10:04.000000Z"}, {"uuid": "8add757b-89eb-490c-b316-044e0fd9fd01", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39144", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-39144.yaml", "content": "", "creation_timestamp": "2023-04-27T09:58:59.000000Z"}, {"uuid": "045673f0-3a0e-4f80-9564-d756463bfdb2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39144", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971776", "content": "", "creation_timestamp": "2024-12-24T20:33:55.541946Z"}, {"uuid": "0e59c55c-9e1a-4b94-94d8-f637777d78ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39144", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:45.000000Z"}, {"uuid": "8a9b9136-9ace-4809-a92e-9cf743024eb4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39144", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-02-09)", "content": "", "creation_timestamp": "2025-02-09T00:00:00.000000Z"}, {"uuid": "7fe03638-6908-4ad4-89ac-24c38148c4d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39144", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2024-11-08)", "content": "", "creation_timestamp": "2024-11-08T00:00:00.000000Z"}, {"uuid": "5a6ae6df-7489-444e-9fe1-17d643588f10", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39144", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-02-09)", "content": "", "creation_timestamp": "2025-02-09T00:00:00.000000Z"}, {"uuid": "044deb31-3874-42a3-8810-ca118a9e5143", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39144", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:39.000000Z"}, {"uuid": "973ed8b1-ded6-413d-b4d3-841cb9068368", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39144", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-03-25)", "content": "", "creation_timestamp": "2025-03-25T00:00:00.000000Z"}, {"uuid": "0ce865c6-8c08-40fb-b0b9-8920d5ac6da2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39144", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-02-15)", "content": "", "creation_timestamp": "2025-02-15T00:00:00.000000Z"}, {"uuid": "57da0c7c-0c19-4e78-8a0c-960fb336f1d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39144", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-03-18)", "content": "", "creation_timestamp": "2025-03-18T00:00:00.000000Z"}, {"uuid": "cf8d1724-7460-4650-9914-6aec802c3b00", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39144", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-02-15)", "content": "", "creation_timestamp": "2025-02-15T00:00:00.000000Z"}, {"uuid": "e7fad09a-9aaf-4e26-b0ba-8c2e450d07d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39144", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-05-28)", "content": "", "creation_timestamp": "2025-05-28T00:00:00.000000Z"}, {"uuid": "3e4f045c-45a9-4c6a-ad7c-c5f82a92944d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39144", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:31.000000Z"}, {"uuid": "b1d0b0fe-9d2a-4c95-aefb-014b9855a2d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39144", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-06-02)", "content": "", "creation_timestamp": "2025-06-02T00:00:00.000000Z"}, {"uuid": "2a2b9d93-5160-49cf-86ea-c1c13c69b2f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39144", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-04-20)", "content": "", "creation_timestamp": "2025-04-20T00:00:00.000000Z"}, {"uuid": "d63660a4-1a8c-40f6-9a83-fcbceed1a8fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39144", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-06-30)", "content": "", "creation_timestamp": "2025-06-30T00:00:00.000000Z"}, {"uuid": "0a562dae-2d74-4d00-b55c-2c8ada5db045", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39144", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-05-03)", "content": "", "creation_timestamp": "2025-05-03T00:00:00.000000Z"}, {"uuid": "00b5a16d-6bc3-4688-bfa3-7a8da4a7c349", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39144", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-05-22)", "content": "", "creation_timestamp": "2025-05-22T00:00:00.000000Z"}, {"uuid": "03ec67cd-b7c9-497a-99ca-1f2e89c397d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39144", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-09-05)", "content": "", "creation_timestamp": "2025-09-05T00:00:00.000000Z"}, {"uuid": "b622f8fe-5bc9-4c7d-b929-2f8b35f0087e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39144", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-09-27)", "content": "", "creation_timestamp": "2025-09-27T00:00:00.000000Z"}, {"uuid": "6c8902a9-b4bb-43ec-adf2-a71c8e252e86", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39144", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/vmware_nsxmgr_xstream_rce_cve_2021_39144.rb", "content": "", "creation_timestamp": "2022-11-15T13:38:18.000000Z"}, {"uuid": "e7dd6e43-8376-4328-95ca-9e9e76062a6b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39144", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-08-24)", "content": "", "creation_timestamp": "2025-08-24T00:00:00.000000Z"}, {"uuid": "1ba0b1de-0db3-4498-95ff-263a43f85e37", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39144", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-08-25)", "content": "", "creation_timestamp": "2025-08-25T00:00:00.000000Z"}, {"uuid": "5a394292-9d1c-4b42-ac41-24a53f736097", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39144", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-09-20)", "content": "", "creation_timestamp": "2025-09-20T00:00:00.000000Z"}, {"uuid": "9a7d8060-1304-4db8-aed1-1f5c8ba448b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39144", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-11-30)", "content": "", "creation_timestamp": "2025-11-30T00:00:00.000000Z"}, {"uuid": "3780990a-3eaa-49f9-a8be-b0547167a1e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39144", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-10-05)", "content": "", "creation_timestamp": "2025-10-05T00:00:00.000000Z"}, {"uuid": "0c1c54ac-8b22-4497-97bc-aca2ce851dee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39144", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-10-04)", "content": "", "creation_timestamp": "2025-10-04T00:00:00.000000Z"}, {"uuid": "a69295b1-2c77-41c3-a809-41db2e51272b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39144", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-10-10)", "content": "", "creation_timestamp": "2025-10-10T00:00:00.000000Z"}, {"uuid": "398b889c-d2b7-4287-a3fb-6cecfe7d1070", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39144", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-09-18)", "content": "", "creation_timestamp": "2025-09-18T00:00:00.000000Z"}, {"uuid": "c73cbd12-951a-465e-a8ba-06ee1eb21368", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39144", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-12-12)", "content": "", "creation_timestamp": "2025-12-12T00:00:00.000000Z"}, {"uuid": "b1658127-43e5-4bb5-a708-38f0a2acb3a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2021-39144", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/ee560bf5-02e3-42fc-98df-db54163a8b91", "content": "", "creation_timestamp": "2026-02-02T12:27:03.924592Z"}, {"uuid": "71d4e4ea-3760-4f40-a381-524386818e70", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39144", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-12-31)", "content": "", "creation_timestamp": "2025-12-31T00:00:00.000000Z"}, {"uuid": "595c2466-84e0-4a2c-a29a-bbe6721de625", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39144", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-03-19)", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "135f4a9f-ab71-44ac-8f61-2f5403eea9de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39144", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-12-17)", "content": "", "creation_timestamp": "2025-12-17T00:00:00.000000Z"}, {"uuid": "7a335b99-493f-4edc-9465-00d6f578cb69", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39144", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-12-27)", "content": "", "creation_timestamp": "2025-12-27T00:00:00.000000Z"}, {"uuid": "0856f230-e9e3-4178-be7b-fb78df6a675f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39144", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-01-07)", "content": "", "creation_timestamp": "2026-01-07T00:00:00.000000Z"}, {"uuid": "103269cd-0ea0-4d91-b7b9-f9bbdf11f524", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39144", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-01-23)", "content": "", "creation_timestamp": "2026-01-23T00:00:00.000000Z"}, {"uuid": "ebf82bb1-29c9-4426-bf71-1dcd81e14893", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2021-39144", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=903", "content": "", "creation_timestamp": "2022-10-26T04:00:00.000000Z"}, {"uuid": "d03f32fd-6952-4488-b70b-c53bc7ed1bfd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39144", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-04-05)", "content": "", "creation_timestamp": "2026-04-05T00:00:00.000000Z"}, {"uuid": "b5e36de1-e7da-4f58-80f0-0c831da52549", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39144", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/379", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aXSTREAM&lt;=1.4.17\u6f0f\u6d1e\u590d\u73b0\uff08CVE-2021-39141\u3001CVE-2021-39144\u3001CVE-2021-39150\uff09\nURL\uff1ahttps://github.com/zwjjustdoit/Xstream-1.4.17", "creation_timestamp": "2021-08-24T06:17:39.000000Z"}, {"uuid": "d13a7faa-1092-4179-8bcb-a86b11e3d9ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39144", "type": "published-proof-of-concept", "source": "https://t.me/poxek/2543", "content": "#news \n#exploit \n#poc\n\n\u0412 \u0441\u0435\u0442\u0438 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d \u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442 \u0434\u043b\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 RCE-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 VMware Cloud Foundation\n\n\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d PoC-\u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442 \u0434\u043b\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2021-39144, \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0449\u0435\u0439 \u0433\u0438\u0431\u0440\u0438\u0434\u043d\u0443\u044e \u043e\u0431\u043b\u0430\u0447\u043d\u0443\u044e \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0443 VMware Cloud Foundation \u0438 NSX Manager. \u0422\u0430\u043a \u043a\u0430\u043a \u043d\u0435\u0434\u0430\u0432\u043d\u043e \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0439 \u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0439 \u0431\u0430\u0433 \u043f\u043e\u043b\u0443\u0447\u0438\u043b 9,8 \u0431\u0430\u043b\u043b\u0430 \u0438\u0437 10 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0445 \u043f\u043e \u0448\u043a\u0430\u043b\u0435 \u043e\u0446\u0435\u043d\u043a\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 CVSS, \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 \u043d\u0430\u043f\u043e\u043c\u0438\u043d\u0430\u044e\u0442 \u043e \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e\u0441\u0442\u0438 \u0441\u043a\u043e\u0440\u0435\u0439\u0448\u0435\u0439 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 \u043f\u0430\u0442\u0447\u0435\u0439.\n\n\u0418\u0441\u0442\u043e\u0447\u043d\u0438\u043a: https://xakep.ru/2022/10/31/cloud-foundation-poc/", "creation_timestamp": "2022-10-31T17:11:47.000000Z"}, {"uuid": "ae7e1772-ce32-4721-ab26-ce05ecee1d3d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39144", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-04-09)", "content": "", "creation_timestamp": "2026-04-09T00:00:00.000000Z"}, {"uuid": "0a45843b-4553-4650-9bf7-bcc95468ba48", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39144", "type": "seen", "source": "https://t.me/itsec_news/1627", "content": "\u200b\u2694\ufe0f VMware \u043f\u0440\u043e\u043f\u0430\u0442\u0447\u0438\u043b\u0430 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e RCE-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 Cloud Foundation.\n\n\ud83d\udcac \u0412\u0447\u0435\u0440\u0430 VMware \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0432 \u043a\u043e\u0442\u043e\u0440\u043e\u043c \u0431\u044b\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 VMware Cloud Foundation, \u0433\u0438\u0431\u0440\u0438\u0434\u043d\u043e\u0439 \u043e\u0431\u043b\u0430\u0447\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435 \u0434\u043b\u044f \u0437\u0430\u043f\u0443\u0441\u043a\u0430 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u0445 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 \u0432 \u0447\u0430\u0441\u0442\u043d\u044b\u0445 \u0438\u043b\u0438 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u044b\u0445 \u0441\u0440\u0435\u0434\u0430\u0445.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0434 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u043e\u043c CVE-2021-39144 \u043d\u0430\u0445\u043e\u0434\u0438\u0442\u0441\u044f \u0432 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0435 \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c XStream, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u043e\u0439 Cloud Foundation, \u0438 \u0438\u043c\u0435\u0435\u0442 \u043e\u0446\u0435\u043d\u043a\u0443 9,8 \u0438\u0437 10 \u043f\u043e \u0448\u043a\u0430\u043b\u0435 CVSS. \u0415\u0439 \u043c\u043e\u0433\u0443\u0442 \u0432\u043e\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u043d\u0435\u0430\u0432\u0442\u043e\u0440\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0445\u0430\u043a\u0435\u0440\u044b \u0432 \u0445\u043e\u0434\u0435 \u043d\u0435\u0441\u043b\u043e\u0436\u043d\u044b\u0445 \u0430\u0442\u0430\u043a, \u043d\u0435 \u0442\u0440\u0435\u0431\u0443\u044e\u0449\u0438\u0445 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0441 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c.\n\n\u0412 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0438 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 \u0433\u043e\u0432\u043e\u0440\u0438\u0442\u0441\u044f, \u0447\u0442\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0441 \u043f\u0440\u0430\u0432\u0430\u043c\u0438 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u0438\u0437-\u0437\u0430 \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u043a\u043e\u043d\u0435\u0447\u043d\u043e\u0439 \u0442\u043e\u0447\u043a\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0435\u0439 XStream \u0434\u043b\u044f \u0441\u0435\u0440\u0438\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0432\u0432\u043e\u0434\u0430 \u0432 VMware Cloud Foundation. \u0422\u0430\u043a \u043a\u0430\u043a \u0431\u0440\u0435\u0448\u044c \u0432 \u0437\u0430\u0449\u0438\u0442\u0435 \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0430\u044f, VMware \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 \u0441 \u0438\u0441\u0442\u0435\u043a\u0448\u0438\u043c \u0441\u0440\u043e\u043a\u043e\u043c \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438.\n\n\u041e\u0434\u043d\u0438\u043c \u0438\u0437 \u0440\u0435\u0448\u0435\u043d\u0438\u0439 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0441\u0442\u0430\u043b\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 XStream \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1.4.19, \u0432 \u043a\u043e\u0442\u043e\u0440\u043e\u0439 CVE-2021-39144 \u0443\u0436\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430. \u041f\u043e \u043c\u043d\u0435\u043d\u0438\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u043e\u0432, \u044d\u0442\u043e \u0434\u043e\u043b\u0436\u043d\u043e \u0437\u0430\u0449\u0438\u0442\u0438\u0442\u044c \u043d\u0435\u043f\u0440\u043e\u043f\u0430\u0442\u0447\u0435\u043d\u043d\u044b\u0435 \u0441\u0435\u0440\u0432\u0435\u0440\u044b.\n\n\u0412 \u0442\u043e\u043c \u0436\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0431\u044b\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u0434\u0440\u0443\u0433\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043f\u043e\u043b\u0443\u0447\u0438\u0432\u0448\u0430\u044f \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440 CVE-2022-31678. \u0415\u0451 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u043c \u043c\u043e\u0436\u0435\u0442 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0438\u043b\u0438 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044c \u043b\u0438\u0447\u043d\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u0436\u0435\u0440\u0442\u0432\u044b \u043f\u043e\u0441\u043b\u0435 \u0443\u0441\u043f\u0435\u0448\u043d\u043e\u0439 XEE-\u0430\u0442\u0430\u043a\u0438.\n\n\u041f\u043e\u043c\u0438\u043c\u043e \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 \u043f\u0430\u0442\u0447\u0430 \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d \u043e\u0431\u0445\u043e\u0434\u043d\u043e\u0439 \u043f\u0443\u0442\u044c \u2013 \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0435 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u044b \u0434\u043e\u043b\u0436\u043d\u044b \u0432\u043e\u0439\u0442\u0438 \u0432 \u043a\u0430\u0436\u0434\u0443\u044e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u0443\u044e \u043c\u0430\u0448\u0438\u043d\u0443 NSX-\u043c\u0435\u043d\u0435\u0434\u0436\u0435\u0440\u0430 SDDC \u0432 \u0441\u0440\u0435\u0434\u0435 Cloud Foundation. \u041f\u043e\u0441\u043b\u0435 \u044d\u0442\u043e\u0433\u043e \u043e\u043d\u0438 \u0434\u043e\u043b\u0436\u043d\u044b \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u0441\u0432\u0435\u0436\u0438\u0439 \u043f\u0430\u0442\u0447 NSX \u0434\u043b\u044f vSphere, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043e\u0431\u043d\u043e\u0432\u043b\u044f\u0435\u0442 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0443 XStream \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1.4.19, \u0447\u0442\u043e \u0437\u0430\u043a\u0440\u043e\u0435\u0442 \u0431\u0440\u0435\u0448\u044c \u0432 \u0437\u0430\u0449\u0438\u0442\u0435.\n\n#VMware #\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c #CloudFoundation\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2024-07-12T06:07:44.000000Z"}, {"uuid": "82702a33-654c-4f2c-8e43-4d462ded4695", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39144", "type": "exploited", "source": "https://t.me/itsec_news/2346", "content": "\u200b\u26a1\ufe0f CISA \u0434\u043e\u0431\u0430\u0432\u0438\u043b\u0430 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 VMware \u0432 \u0441\u0432\u043e\u0439 \u043a\u0430\u0442\u0430\u043b\u043e\u0433 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439.\n\n\ud83d\udcac \u0410\u0433\u0435\u043d\u0442\u0441\u0442\u0432\u043e CISA \u0434\u043e\u0431\u0430\u0432\u0438\u043b\u043e \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 VMware Cloud Foundation \u0432 \u0441\u0432\u043e\u0439 \u043a\u0430\u0442\u0430\u043b\u043e\u0433 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0445 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 (KEV).\n\nRCE-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2021-39144 (CVSS: 9.8 \u043f\u043e \u043e\u0446\u0435\u043d\u043a\u0435 VMware) \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0432 \u043e\u043a\u0442\u044f\u0431\u0440\u0435 2022 \u0433\u043e\u0434\u0430 \u0432 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0435 \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c XStream, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u043e\u0439 Cloud Foundation. \u0415\u0439 \u043c\u043e\u0433\u0443\u0442 \u0432\u043e\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u043d\u0435\u0430\u0432\u0442\u043e\u0440\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0445\u0430\u043a\u0435\u0440\u044b \u0432 \u0445\u043e\u0434\u0435 \u043d\u0435\u0441\u043b\u043e\u0436\u043d\u044b\u0445 \u0430\u0442\u0430\u043a, \u043d\u0435 \u0442\u0440\u0435\u0431\u0443\u044e\u0449\u0438\u0445 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0441 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c, \u0434\u043b\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 \u0441 root-\u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438. VMware \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u044d\u0442\u043e\u0442 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u043a , \u0438 \u0432 \u0434\u0435\u043d\u044c \u0432\u044b\u043f\u0443\u0441\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0431\u044b\u043b \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d PoC-\u043a\u043e\u0434 \u0434\u043b\u044f \u044d\u0442\u043e\u0439 \u043e\u0448\u0438\u0431\u043a\u0438.\n\nCISA \u0432\u043a\u043b\u044e\u0447\u0438\u043b\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2021-39144 \u0432 KEV \u043f\u043e\u0441\u043b\u0435 \u0442\u043e\u0433\u043e, \u043a\u0430\u043a VMware \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0434\u0438\u043b\u0430 , \u0447\u0442\u043e \u043e\u0448\u0438\u0431\u043a\u0430 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0430\u0442\u0430\u043a\u0430\u0445. 6 \u043c\u0430\u0440\u0442\u0430 \u0418\u0411-\u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f Wallarm \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0430 , \u0447\u0442\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f CVE-2021-39144 \u043d\u0430\u0447\u0430\u043b\u0430\u0441\u044c \u0432\u0441\u0435\u0433\u043e \u0447\u0435\u0440\u0435\u0437 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u043d\u0435\u0434\u0435\u043b\u044c \u043f\u043e\u0441\u043b\u0435 \u0432\u044b\u043f\u0443\u0441\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438. \u0417\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0435 2 \u043c\u0435\u0441\u044f\u0446\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u044b\u043b\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0431\u043e\u043b\u0435\u0435 40 000 \u0440\u0430\u0437. \u0410\u043a\u0442\u0438\u0432\u043d\u0430\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043d\u0430\u0447\u0430\u043b\u0430\u0441\u044c 8 \u0434\u0435\u043a\u0430\u0431\u0440\u044f 2022 \u0433\u043e\u0434\u0430 \u0438 \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u0442\u0441\u044f \u0434\u043e \u0441\u0438\u0445 \u043f\u043e\u0440.\n\n\u0421\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b Wallarm \u043e\u0442\u043c\u0435\u0442\u0438\u043b\u0438, \u0447\u0442\u043e \u0432 \u0441\u043b\u0443\u0447\u0430\u0435 \u0443\u0441\u043f\u0435\u0448\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u043a\u0430\u0442\u0430\u0441\u0442\u0440\u043e\u0444\u0438\u0447\u0435\u0441\u043a\u0438\u043c\u0438 \u2013 \u043a\u0438\u0431\u0435\u0440\u043f\u0440\u0435\u0441\u0442\u0443\u043f\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434, \u0443\u043a\u0440\u0430\u0441\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0435 \u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u043d\u0430\u0434 \u0441\u0435\u0442\u0435\u0432\u043e\u0439 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u043e\u0439. CISA \u0442\u0430\u043a\u0436\u0435 \u043e\u0431\u044f\u0437\u0430\u043b\u0430 \u0444\u0435\u0434\u0435\u0440\u0430\u043b\u044c\u043d\u044b\u0435 \u0430\u0433\u0435\u043d\u0442\u0441\u0442\u0432\u0430 \u0421\u0428\u0410 \u0437\u0430\u0449\u0438\u0442\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u043e\u0442 \u0430\u0442\u0430\u043a \u0434\u043e 31 \u043c\u0430\u0440\u0442\u0430.\n\n#CISA #\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2023-03-11T12:52:00.000000Z"}, {"uuid": "8edd7be3-f81c-47ba-a39d-dda1d9d1801f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39144", "type": "seen", "source": "https://t.me/JerusalemElectronicArmy/199", "content": "#\u0627\u062e\u0628\u0627\u0631_\u0633\u0627\u064a\u0628\u0631 \n\u0623\u0636\u0627\u0641\u062a CISA \u062b\u063a\u0631\u0629  VMware Cloud Foundation \u0625\u0644\u0649 \u0642\u0627\u0626\u0645\u0629 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0627\u0644\u0646\u0634\u0637\u0629 \u0627\u0644\u0645\u0633\u062a\u063a\u0644\u0629 \u0645\u0646 \u0627\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646 \n\n \u064a\u062a\u0645 \u062a\u062a\u0628\u0639 \u0627\u0644\u062b\u063a\u0631\u0629 \u0628\u0627\u0644\u0631\u0642\u0645 CVE-2021-39144 \u0648\u062a\u0642\u064a\u064a\u0645 9.8/10", "creation_timestamp": "2023-03-11T11:28:20.000000Z"}, {"uuid": "4c0848e6-b62f-41c2-8780-5ae78a1ddf72", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39144", "type": "seen", "source": "https://t.me/kasperskyb2b/511", "content": "\ud83d\udde3\u0414\u0430\u0439\u0434\u0436\u0435\u0441\u0442 \u043d\u043e\u0432\u043e\u0441\u0442\u0435\u0439 \u043d\u0435\u0434\u0435\u043b\u0438:\n\n\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u044e\u0442 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c OneNote \u0434\u043b\u044f \u0434\u043e\u0441\u0442\u0430\u0432\u043a\u0438 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u043d\u0430\u0433\u0440\u0443\u0437\u043e\u043a, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 Microsoft \u043f\u043b\u0430\u043d\u0438\u0440\u0443\u0435\u0442 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u0442\u044c \u0443\u0441\u0438\u043b\u0435\u043d\u043d\u0443\u044e \u0437\u0430\u0449\u0438\u0442\u0443 \u043e\u0442 \u043d\u0435\u0436\u0435\u043b\u0430\u0442\u0435\u043b\u044c\u043d\u044b\u0445 OneNote-\u0432\u043b\u043e\u0436\u0435\u043d\u0438\u0439 \u0432 \u043a\u043e\u043d\u0446\u0435 \u0430\u043f\u0440\u0435\u043b\u044f. \u0415\u0441\u043b\u0438 \u043d\u0435 \u0436\u0435\u043b\u0430\u0435\u0442\u0435 \u0436\u0434\u0430\u0442\u044c \u043c\u0438\u043b\u043e\u0441\u0442\u0435\u0439 \u043e\u0442 \u043f\u0440\u0438\u0440\u043e\u0434\u044b \u0420\u0435\u0434\u043c\u043e\u043d\u0434\u0430, \u043e\u0442\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u0432\u043b\u043e\u0436\u0435\u043d\u0438\u044f OneNote \u0446\u0435\u043b\u0438\u043a\u043e\u043c \u0438\u043b\u0438 \u043f\u043e \u043a\u043e\u043d\u043a\u0440\u0435\u0442\u043d\u044b\u043c \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u0438\u044f\u043c \u043c\u043e\u0436\u043d\u043e \u0438\u0437 \u0433\u0440\u0443\u043f\u043f\u043e\u0432\u044b\u0445 \u043f\u043e\u043b\u0438\u0442\u0438\u043a Microsoft 365.\n\n\u2705 Github \u0432\u0432\u043e\u0434\u0438\u0442 c \u0441\u0435\u0433\u043e\u0434\u043d\u044f\u0448\u043d\u0435\u0433\u043e \u0434\u043d\u044f \u043e\u0431\u044f\u0437\u0430\u0442\u0435\u043b\u044c\u043d\u0443\u044e 2FA \u0434\u043b\u044f \u0430\u043a\u0442\u0438\u0432\u043d\u044b\u0445 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u043e\u0432. \u041d\u0430\u043f\u043e\u043c\u043d\u0438\u043c \u0442\u0430\u043a\u0436\u0435, \u0447\u0442\u043e \u0441 1 \u043c\u0430\u0440\u0442\u0430 \u0434\u043b\u044f \u0432\u0441\u0435\u0445 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u044b\u0445 \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u0435\u0432 \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d \u0441\u0435\u0440\u0432\u0438\u0441 \u043f\u043e \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044e \u043a\u043e\u0434\u0430 \u043d\u0430 \u0441\u043e\u0445\u0440\u0430\u043d\u0451\u043d\u043d\u044b\u0435 \u0441\u0435\u043a\u0440\u0435\u0442\u044b.\n\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 Jenkins (CVE-2023-27898, 27899, 27905) \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.  \u041d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0441\u0440\u043e\u0447\u043d\u043e \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c Jenkins / Jenkins LTS, \u0430 \u0442\u0430\u043a\u0436\u0435 update-center2.\n\n\u0421\u0440\u043e\u0447\u043d\u044b\u0439 \u043f\u0430\u0442\u0447 \u0434\u043b\u044f FortiOS \u0438 FortiProxy \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u0442 \u043e\u0448\u0438\u0431\u043a\u0438 buffer underflow, \u0432\u044b\u0437\u044b\u0432\u0430\u044e\u0449\u0438\u0435 \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0438\u043b\u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 \u043d\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u0445 FortiGate \u0438 FortiWiFi (CVE-2023-25610, CVSS 9.3).\n\n\u0421\u0442\u0430\u0440\u044b\u0435, \u0437\u0430\u043f\u0430\u0442\u0447\u0435\u043d\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 VMWare Cloud Foundation (CVE-2021-39144, CVSS 9.8) \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u044e\u0442\u0441\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438. \u0421\u0442\u043e\u0438\u0442 \u043f\u0440\u043e\u0432\u0435\u0440\u0438\u0442\u044c, \u0447\u0442\u043e \u043f\u0430\u0442\u0447\u0438 \u0431\u044b\u043b\u0438 \u043f\u0440\u0438\u043c\u0435\u043d\u0435\u043d\u044b. \n\n\u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0432\u0441\u0435\u0445 \u0432\u0435\u0440\u0441\u0438\u0439  Veeam Backup &amp; Replication \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f, \u0447\u0442\u043e\u0431\u044b \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u0442\u044c \u043e\u0448\u0438\u0431\u043a\u0443, \u0432 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0439 \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0443\u0447\u0435\u0442\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c \u0438, \u043a\u0430\u043a \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442 \u2014 \u043a \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u043c \u0440\u0435\u0437\u0435\u0440\u0432\u043d\u043e\u0433\u043e \u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f (CVE-2023-27532, CVSS 7.5). \u0412 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u0432\u0440\u0435\u043c\u0435\u043d\u043d\u043e\u0439 \u0437\u0430\u0449\u0438\u0442\u043d\u043e\u0439 \u043c\u0435\u0440\u044b \u0442\u0430\u043a\u0436\u0435 \u043c\u043e\u0436\u043d\u043e \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a TCP \u043f\u043e\u0440\u0442\u0443 9401 \u043d\u0430 backup-\u0441\u0435\u0440\u0432\u0435\u0440\u0435.\n\n\u27a1\ufe0f \u041a\u043e\u043c\u0430\u043d\u0434\u0430 Kaspersky ICS \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u0437\u043e\u0440 \u043b\u0430\u043d\u0434\u0448\u0430\u0444\u0442\u0430 \u0443\u0433\u0440\u043e\u0437 \u0434\u043b\u044f \u0441\u0438\u0441\u0442\u0435\u043c \u043f\u0440\u043e\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u043e\u0439 \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0437\u0430\u0446\u0438\u0438 \u2014 \u0432 \u0420\u0424 \u0447\u0430\u0449\u0435 \u0441\u0442\u0430\u043b\u0438 \u043f\u043e\u0434\u0432\u0435\u0440\u0433\u0430\u0442\u044c\u0441\u044f \u0430\u0442\u0430\u043a\u0430\u043c \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 \u0438\u0437 \u044d\u043d\u0435\u0440\u0433\u0435\u0442\u0438\u043a\u0438, \u0438\u043d\u0436\u0438\u043d\u0438\u0440\u0438\u043d\u0433\u0430 \u0438 \u0430\u0432\u0442\u043e\u043c\u043e\u0431\u0438\u043b\u0435\u0441\u0442\u0440\u043e\u0435\u043d\u0438\u044f.\n\n#\u0434\u0430\u0439\u0434\u0436\u0435\u0441\u0442", "creation_timestamp": "2023-03-13T09:03:22.000000Z"}, {"uuid": "4bf218b5-3367-4eac-8739-68416748079a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39144", "type": "published-proof-of-concept", "source": "https://t.me/ctinow/72471", "content": "VMware warns of the public availability of CVE-2021-39144 exploit code\n\nhttps://ift.tt/EZg1MfB", "creation_timestamp": "2022-10-31T22:56:42.000000Z"}, {"uuid": "02ee4390-3b99-43bc-a37b-fcaf5f573e3c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39144", "type": "seen", "source": "https://t.me/arpsyndicate/1227", "content": "#ExploitObserverAlert\n\nCVE-2021-39144\n\nDESCRIPTION: Exploit Observer has 29 entries related to CVE-2021-39144. XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.\n\nFIRST-EPSS: 0.962720000\nNVD-IS: 6.0\nNVD-ES: 1.8", "creation_timestamp": "2023-12-04T14:30:06.000000Z"}, {"uuid": "f372c241-ee1c-4917-a141-5fa98c018224", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39144", "type": "seen", "source": "https://t.me/true_secator/3619", "content": "VMware \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043f\u0430\u0442\u0447 \u0434\u043b\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 RCE-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 Cloud Foundation, \u0433\u0438\u0431\u0440\u0438\u0434\u043d\u043e\u0439 \u043e\u0431\u043b\u0430\u0447\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435 \u0434\u043b\u044f \u0437\u0430\u043f\u0443\u0441\u043a\u0430 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u0445 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 \u0432 \u0447\u0430\u0441\u0442\u043d\u044b\u0445 \u0438\u043b\u0438 \u043e\u0431\u0449\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0445 \u0441\u0440\u0435\u0434\u0430\u0445.\n\nCVE-2021-39144 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0443 \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c XStream \u0438 \u0438\u043c\u0435\u0435\u0442 \u043f\u043e\u0447\u0442\u0438 \u043c\u0430\u043a\u0441\u0438\u043c\u0430\u043b\u044c\u043d\u0443\u044e \u0431\u0430\u0437\u043e\u0432\u0443\u044e \u043e\u0446\u0435\u043d\u043a\u0443 CVSSv3 9,8/10, \u043f\u0440\u0438\u0441\u0432\u043e\u0435\u043d\u043d\u0443\u044e VMware.\n\n\u041e \u043d\u0435\u0439 \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0438 \u0421\u0438\u043d\u0430 \u0425\u0435\u0439\u0440\u043a\u0445 \u0438 \u0421\u0442\u0438\u0432\u0435\u043d \u0421\u0438\u043b\u0438 \u0438\u0437 Source Incite.\n\n\u0418\u0437-\u0437\u0430 \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u043a\u043e\u043d\u0435\u0447\u043d\u043e\u0439 \u0442\u043e\u0447\u043a\u0438, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 XStream \u0434\u043b\u044f \u0441\u0435\u0440\u0438\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0432\u0432\u043e\u0434\u0430 \u0432 VMware Cloud Foundation (NSX-V), \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a\u043e\u0434\u0430 \u0432 \u043a\u043e\u043d\u0442\u0435\u043a\u0441\u0442\u0435 \u00abroot\u00bb \u043d\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0435.\n\n\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u043a \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438, \u043d\u0435 \u043f\u0440\u043e\u0448\u0435\u0434\u0448\u0438\u043c\u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438, \u0432 \u043d\u0435\u0441\u043b\u043e\u0436\u043d\u044b\u0445 \u0430\u0442\u0430\u043a\u0430\u0445, \u043d\u0435 \u0442\u0440\u0435\u0431\u0443\u044e\u0449\u0438\u0445 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0441 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c.\n\n\u0414\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f CVE-2021-39144 VMware \u043e\u0431\u043d\u043e\u0432\u0438\u043b\u0430 XStream \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1.4.19.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u044b \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f\u00a0\u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 \u0441 \u0438\u0441\u0442\u0435\u043a\u0448\u0438\u043c \u0441\u0440\u043e\u043a\u043e\u043c\u00a0\u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438.\n\n\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0434\u0440\u0443\u0433\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2022-31678, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u0432\u044b\u0437\u0432\u0430\u0442\u044c DoS \u0438\u043b\u0438 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044c \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u043f\u043e\u0441\u043b\u0435 \u0443\u0441\u043f\u0435\u0448\u043d\u044b\u0445 \u0430\u0442\u0430\u043a \u0441 \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435\u043c \u0432\u043d\u0435\u0448\u043d\u0438\u0445 \u043e\u0431\u044a\u0435\u043a\u0442\u043e\u0432 XML (XXE).\n\nVMware \u0442\u0430\u043a\u0436\u0435 \u043f\u0440\u0435\u0434\u043b\u043e\u0436\u0435\u043d\u043e\u00a0\u0432\u0440\u0435\u043c\u0435\u043d\u043d\u043e\u0435 \u0440\u0435\u0448\u0435\u043d\u0438\u0435\u00a0\u0434\u043b\u044f \u0442\u0435\u0445, \u043a\u0442\u043e \u043d\u0435 \u043c\u043e\u0436\u0435\u0442 \u043e\u043f\u0435\u0440\u0430\u0442\u0438\u0432\u043d\u043e \u043f\u0440\u043e\u043f\u0430\u0442\u0447\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430.\n\n\u0410\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430\u043c \u043f\u043e\u0442\u0440\u0435\u0431\u0443\u0435\u0442\u0441\u044f \u0432\u0445\u043e\u0434 \u0432 \u043a\u0430\u0436\u0434\u0443\u044e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u0443\u044e \u043c\u0430\u0448\u0438\u043d\u0443 \u0434\u0438\u0441\u043f\u0435\u0442\u0447\u0435\u0440\u0430 SDDC \u0432 \u0441\u0432\u043e\u0435\u0439 \u0441\u0440\u0435\u0434\u0435 Cloud Foundation \u0434\u043b\u044f \u043f\u0440\u0438\u043c\u0435\u043d\u0435\u043d\u0438\u044f \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f NSX \u0434\u043b\u044f vSphere (NSX-V), \u043a\u043e\u0442\u043e\u0440\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u0438\u0442 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0443 XStream \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1.4.19.\n\n\u041e\u0434\u043d\u0430\u043a\u043e, \u0432 \u043e\u0442\u043b\u0438\u0447\u0438\u0435 \u043e\u0442 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439, \u043e\u0431\u0445\u043e\u0434\u043d\u043e\u0439 \u043f\u0443\u0442\u044c \u043f\u043e\u0442\u0440\u0435\u0431\u0443\u0435\u0442 \u043e\u0442 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u043e\u0432 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0432\u0441\u0435\u0445 \u0448\u0430\u0433\u043e\u0432 \u043a\u0430\u0436\u0434\u044b\u0439 \u0440\u0430\u0437, \u043a\u043e\u0433\u0434\u0430 \u0441\u043e\u0437\u0434\u0430\u0435\u0442\u0441\u044f \u043d\u043e\u0432\u044b\u0439 \u0434\u043e\u043c\u0435\u043d \u0440\u0430\u0431\u043e\u0447\u0435\u0439 \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0438 VI.", "creation_timestamp": "2022-10-26T13:20:03.000000Z"}, {"uuid": "142619e0-770c-47f5-bf5f-1535c5d15007", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39144", "type": "published-proof-of-concept", "source": "Telegram/rTFtZQ2PDDyyueDMAX7-LGdZBvsDBd1oNKrnE_JULGtl3Io", "content": "", "creation_timestamp": "2023-01-02T12:53:30.000000Z"}, {"uuid": "7b48a1c1-4452-4a03-99f3-ea6d38935fae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39144", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/582", "content": "CVE-2021-39144 : VMware Cloud Foundation (NSX-V) 3.11- Unauthenticated Remote Code Execution Vulnerability via XStream\nhttps://github.com/b3wT/CVE-2021-39144-XSTREAM-RCE", "creation_timestamp": "2022-11-14T09:30:15.000000Z"}, {"uuid": "014e1928-5385-4f4a-ab11-4cbf92d70728", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39144", "type": "seen", "source": "https://t.me/professional_c_h/1834", "content": "VMware has released security updates to address a critical RCE vulnerability (CVE-2021-39144) affecting the VMware Cloud Foundation product.\n\nSource : HackerNews", "creation_timestamp": "2022-11-15T09:52:57.000000Z"}, {"uuid": "31771fc8-b7d8-4277-850a-296074003f78", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39144", "type": "seen", "source": "https://t.me/thehackernews/2700", "content": "VMware has released security updates to address a critical RCE vulnerability (CVE-2021-39144) affecting the VMware Cloud Foundation product.\n\nRead: https://thehackernews.com/2022/10/vmware-releases-patch-for-critical-rce.html", "creation_timestamp": "2022-10-26T10:16:51.000000Z"}, {"uuid": "fb523cd7-b7fb-43ba-ab80-6a756459f7f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39144", "type": "seen", "source": "https://t.me/cibsecurity/27713", "content": "\u203c CVE-2021-39144 \u203c\n\nXStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-23T22:23:29.000000Z"}, {"uuid": "d052a2b8-8ff9-412d-b2f6-02d49638f9b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39144", "type": "published-proof-of-concept", "source": "https://t.me/xakep_ru/13147", "content": "\u0412 \u0441\u0435\u0442\u0438 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d \u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442 \u0434\u043b\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 RCE-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 VMware Cloud Foundation\n\n\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d PoC-\u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442 \u0434\u043b\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2021-39144, \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0449\u0435\u0439 \u0433\u0438\u0431\u0440\u0438\u0434\u043d\u0443\u044e \u043e\u0431\u043b\u0430\u0447\u043d\u0443\u044e \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0443 VMware Cloud Foundation \u0438 NSX Manager. \u0422\u0430\u043a \u043a\u0430\u043a \u043d\u0435\u0434\u0430\u0432\u043d\u043e \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0439 \u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0439 \u0431\u0430\u0433 \u043f\u043e\u043b\u0443\u0447\u0438\u043b 9,8 \u0431\u0430\u043b\u043b\u0430 \u0438\u0437 10 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0445 \u043f\u043e \u0448\u043a\u0430\u043b\u0435 \u043e\u0446\u0435\u043d\u043a\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 CVSS, \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 \u043d\u0430\u043f\u043e\u043c\u0438\u043d\u0430\u044e\u0442 \u043e \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e\u0441\u0442\u0438 \u0441\u043a\u043e\u0440\u0435\u0439\u0448\u0435\u0439 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 \u043f\u0430\u0442\u0447\u0435\u0439.\n\nhttps://xakep.ru/2022/10/31/cloud-foundation-poc/", "creation_timestamp": "2022-10-31T15:40:12.000000Z"}, {"uuid": "70f8f241-ba8e-454d-8542-8c7e5f143db3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39144", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/330", "content": "https://github.com/b3wT/CVE-2021-39144-XSTREAM-RCE\n#github", "creation_timestamp": "2022-11-03T15:39:56.000000Z"}, {"uuid": "5af6ca8a-8494-4f6e-9954-e036bb371311", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39144", "type": "published-proof-of-concept", "source": "https://t.me/BugCod3/86", "content": "VMware-NSX-Manager-XStream\nVMware NSX Manager XStream Unauthenticated Remote Code Execution Exploit\n\nCVE : CVE-2021-39144\n\n\ud83c\udf10Github\n\n#RemoteCode #Exploit #Php #Injection\n\u2797\u2797\u2797\u2797\u2797\u2797\u2797\u2797\u2797\u2797\u2797\u2797\n\ud83d\udc64 T.me/MRvirusIRBOT \n\ud83d\udce2 T.me/SashClient\n\ud83e\udea9 Https://discord.gg/UfFvDYBBMM \n\ud83c\udf10 Https://sash.mybin.ir", "creation_timestamp": "2023-02-01T02:23:51.000000Z"}, {"uuid": "edea99dc-23c7-4476-a2da-04b28d921a09", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39144", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/7085", "content": "#exploit\n1. CVE-2021-39144:\nVMware Cloud Foundation RCE vulnerability via XStream\nhttps://github.com/b3wT/CVE-2021-39144-XSTREAM-RCE\n\n2. CVE-2022-3236:\nSophos Firewall User Portal and Web Admin Code Injection\nhttps://www.zerodayinitiative.com/blog/2022/10/19/cve-2022-3236-sophos-firewall-user-portal-and-web-admin-code-injection", "creation_timestamp": "2022-11-01T11:01:02.000000Z"}, {"uuid": "d5c7d948-66fb-4dee-9126-57e81d413692", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39144", "type": "published-proof-of-concept", "source": "https://t.me/LearnExploit/4283", "content": "CVE-2021-39144 ( VMware Cloud Foundation RCE vulnerability via XStream )\n\nGithub \n\n#RCE\n\u2014\u2014\u2014\u2014\u2014\u2014\n0Day.Today\n@LearnExploit\n@Tech_Army", "creation_timestamp": "2022-11-01T10:36:43.000000Z"}, {"uuid": "7d0fe2bd-b8a9-4ef7-b4c9-73871ecdff54", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39144", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-04-30)", "content": "", "creation_timestamp": "2026-04-30T00:00:00.000000Z"}]}