{"vulnerability": "CVE-2021-4130", "sightings": [{"uuid": "a1f49701-d6c0-47ec-8647-1c6e7f98a9f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-4130", "type": "seen", "source": "https://t.me/cibsecurity/34240", "content": "\u203c CVE-2021-4130 \u203c\n\nsnipe-it is vulnerable to Cross-Site Request Forgery (CSRF)\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-18T07:38:07.000000Z"}, {"uuid": "15661575-b854-41c9-81c1-bd43c06352ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41303", "type": "seen", "source": "https://t.me/cibsecurity/29027", "content": "\u203c CVE-2021-41303 \u203c\n\nApache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass. Users should update to Apache Shiro 1.8.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-17T12:23:21.000000Z"}, {"uuid": "e006d1e6-5e01-4145-a4af-fc82efc234a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41301", "type": "seen", "source": "https://t.me/cibsecurity/29709", "content": "\u203c CVE-2021-41301 \u203c\n\nECOA BAS controller is vulnerable to configuration disclosure when direct object reference is made to the specific files using an HTTP GET request. This will enable the unauthenticated attacker to remotely disclose sensitive information and help her in authentication bypass, privilege escalation and full system access.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-30T14:37:59.000000Z"}, {"uuid": "bda1b4c7-7b60-41b3-97e9-986eac86c1c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41300", "type": "seen", "source": "https://t.me/cibsecurity/29705", "content": "\u203c CVE-2021-41300 \u203c\n\nECOA BAS controller\u00e2\u20ac\u2122s special page displays user account and passwords in plain text, thus unauthenticated attackers can access the page and obtain privilege with full functionality.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-30T14:37:56.000000Z"}, {"uuid": "99199e5d-d686-4ca1-9325-9e5abe3e511d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41302", "type": "seen", "source": "https://t.me/cibsecurity/29703", "content": "\u203c CVE-2021-41302 \u203c\n\nECOA BAS controller stores sensitive data (backup exports) in clear-text, thus the unauthenticated attacker can remotely query user password and obtain user\u00e2\u20ac\u2122s privilege.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-30T14:37:54.000000Z"}]}