{"vulnerability": "CVE-2021-40327", "sightings": [{"uuid": "71e1aa08-345e-4626-9fc1-07d54ea71755", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40327", "type": "seen", "source": "https://t.me/cibsecurity/35417", "content": "\u203c CVE-2021-40327 \u203c\n\nTrusted Firmware-M (TF-M) 1.4.0, when Profile Small is used, has incorrect access control. NSPE can access a secure key (held by the Crypto service) based solely on knowledge of its key ID. For example, there is no authorization check associated with the relationship between a caller and a key owner.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-13T18:18:34.000000Z"}]}