{"vulnerability": "CVE-2021-4017", "sightings": [{"uuid": "49bce228-68bf-4577-9084-f8d399656924", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-4017", "type": "seen", "source": "https://t.me/cibsecurity/33179", "content": "\u203c CVE-2021-4017 \u203c\n\nshowdoc is vulnerable to Cross-Site Request Forgery (CSRF)\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-01T14:35:38.000000Z"}, {"uuid": "c74d7c0c-c0b8-4013-9647-69753af5d876", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40175", "type": "seen", "source": "https://t.me/cibsecurity/35336", "content": "\u203c CVE-2021-44651 \u203c\n\nZoho ManageEngine CloudSecurityPlus before Build 4117 allows remote code execution through the updatePersonalizeSettings component due to an improper security patch for CVE-2021-40175.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-12T18:17:06.000000Z"}, {"uuid": "24c3e806-7381-4405-a41d-6d2f18aa071a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40175", "type": "seen", "source": "https://t.me/cibsecurity/27985", "content": "\u203c CVE-2021-40175 \u203c\n\nZoho ManageEngine Log360 before Build 5219 allows unrestricted file upload with resultant remote code execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-30T00:31:19.000000Z"}, {"uuid": "36e65c17-2e78-409e-9db7-9cfb8d9262ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40178", "type": "seen", "source": "https://t.me/cibsecurity/27988", "content": "\u203c CVE-2021-40178 \u203c\n\nZoho ManageEngine Log360 before Build 5224 allows stored XSS via the LOGO_PATH key value in the logon settings.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-30T00:31:22.000000Z"}, {"uuid": "5253ad80-b2c8-4e1e-82e8-ddcc24b3fbbb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40172", "type": "seen", "source": "https://t.me/cibsecurity/27984", "content": "\u203c CVE-2021-40172 \u203c\n\nZoho ManageEngine Log360 before Build 5219 allows a CSRF attack on proxy settings.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-30T00:31:18.000000Z"}, {"uuid": "4f364310-5635-4d25-8f63-8d1a3b8996d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40176", "type": "seen", "source": "https://t.me/cibsecurity/27983", "content": "\u203c CVE-2021-40176 \u203c\n\nZoho ManageEngine Log360 before Build 5225 allows stored XSS.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-30T00:31:17.000000Z"}, {"uuid": "e24becea-9897-4466-b110-69717d410b06", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40177", "type": "seen", "source": "https://t.me/cibsecurity/27986", "content": "\u203c CVE-2021-40177 \u203c\n\nZoho ManageEngine Log360 before Build 5225 allows remote code execution via BCP file overwrite.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-30T00:31:20.000000Z"}, {"uuid": "0d7b79ef-1adb-4e91-94db-eed4bb92001e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40173", "type": "seen", "source": "https://t.me/cibsecurity/27987", "content": "\u203c CVE-2021-40173 \u203c\n\nZoho ManageEngine Cloud Security Plus before Build 4117 allows a CSRF attack on the server proxy settings.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-30T00:31:21.000000Z"}, {"uuid": "5daae954-0d8b-4577-bad9-5947e392543e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40174", "type": "seen", "source": "https://t.me/cibsecurity/27989", "content": "\u203c CVE-2021-40174 \u203c\n\nZoho ManageEngine Log360 before Build 5224 allows a CSRF attack for disabling the logon security settings.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-30T00:31:23.000000Z"}]}