{"vulnerability": "CVE-2021-4033", "sightings": [{"uuid": "8d6b7a85-a67d-47d7-9cd1-3eae7d4e686a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40331", "type": "seen", "source": "https://t.me/cibsecurity/63354", "content": "\u203c CVE-2021-40331 \u203c\n\nAn Incorrect Permission Assignment for Critical Resource vulnerability was found in the Apache Ranger Hive Plugin. Any user with SELECT privilege on a database can alter the ownership of the table in Hive when Apache Ranger Hive Plugin is enabledThis issue affects Apache Ranger Hive Plugin: from 2.0.0 through 2.3.0. Users are recommended to upgrade to version 2.4.0 or later.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-05T12:24:15.000000Z"}, {"uuid": "c1b91731-16a2-49ad-8194-1405989c4028", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40337", "type": "seen", "source": "https://t.me/cibsecurity/36263", "content": "\u203c CVE-2021-40337 \u203c\n\nCross-site Scripting (XSS) vulnerability in Hitachi Energy LinkOne allows an attacker that manages to exploit the vulnerability can take advantage to exploit multiple web attacks and stole sensitive information. This issue affects: Hitachi Energy LinkOne 3.20; 3.22; 3.23; 3.24; 3.25; 3.26.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-25T22:19:00.000000Z"}, {"uuid": "28fae4de-ad01-4617-89c5-fd949129ef9e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40335", "type": "seen", "source": "https://t.me/cibsecurity/46910", "content": "\u203c CVE-2021-40335 \u203c\n\nA vulnerability exists in the HTTP web interface where the web interface does not sufficiently verify if a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. This cause a Cross Site Request Forgery (CSRF), which if exploited could lead an attacker to gain unauthorized access to the web application and perform an unwanted operation on it without the knowledge of the legitimate user. An attacker, who successfully makes an MSM user who has already established a session to MSM web interface clicks a forged link to the MSM web interface, e.g., link is sent per E-Mail, could perform harmful command on MSM through its web server interface. This issue affects: Hitachi Energy MSM V2.2 and prior versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-25T18:33:10.000000Z"}, {"uuid": "d16d112f-a3af-4638-b96a-abb113cf0315", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40333", "type": "seen", "source": "https://t.me/cibsecurity/33283", "content": "\u203c CVE-2021-40333 \u203c\n\nWeak Password Requirements vulnerability in Hitachi Energy FOX61x, XCM20 allows an attacker to gain unauthorized access to the Data Communication Network (DCN) routing configuration. This issue affects: Hitachi Energy FOX61x versions prior to R15A. Hitachi Energy XCM20 versions prior to R15A.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-02T22:36:55.000000Z"}, {"uuid": "0f492011-811e-44bb-a14e-68773624dd14", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40334", "type": "seen", "source": "https://t.me/cibsecurity/33282", "content": "\u203c CVE-2021-40334 \u203c\n\nMissing Handler vulnerability in the proprietary management protocol (port TCP 5558) of Hitachi Energy FOX61x, XCM20 allows an attacker that exploits the vulnerability by activating SSH on port TCP 5558 to cause disruption to the NMS and NE communication. This issue affects: Hitachi Energy FOX61x versions prior to R15A. Hitachi Energy XCM20 versions prior to R15A.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-02T22:36:54.000000Z"}, {"uuid": "a3719c74-3dac-4877-bb8a-fd6e46db3608", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40330", "type": "seen", "source": "https://t.me/cibsecurity/28059", "content": "\u203c CVE-2021-40330 \u203c\n\ngit_connect_git in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in unexpected cross-protocol requests, as demonstrated by the git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 substring.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-31T07:33:04.000000Z"}]}