{"vulnerability": "CVE-2021-4284", "sightings": [{"uuid": "e7ec84f1-a278-4db0-b767-8c04b25d165a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42840", "type": "exploited", "source": "https://www.exploit-db.com/exploits/50531", "content": "", "creation_timestamp": "2021-11-17T00:00:00.000000Z"}, {"uuid": "f87bcad3-cd20-4b59-9c43-d22c8fbca0f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42847", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:45.000000Z"}, {"uuid": "3a178b0a-ed14-47ac-a3fb-66dceb6eb9fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42847", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:41.000000Z"}, {"uuid": "24f9ea8f-66ea-4047-adb8-feca9b627981", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42840", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:45.000000Z"}, {"uuid": "ca319f33-ef3b-46d5-b379-4d85053a69e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-4284", "type": "seen", "source": "https://t.me/cibsecurity/55386", "content": "\u203c CVE-2021-4284 \u203c\n\nA vulnerability classified as problematic has been found in OpenMRS HTML Form Entry UI Framework Integration Module up to 1.x. This affects an unknown part. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 2.0.0 is able to address this issue. The name of the patch is 811990972ea07649ae33c4b56c61c3b520895f07. It is recommended to upgrade the affected component. The identifier VDB-216873 was assigned to this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-27T12:24:59.000000Z"}, {"uuid": "4efe6d2c-52d9-4c98-9438-99872c3d4ef4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42840", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:41.000000Z"}, {"uuid": "29a60f0c-7aa0-467f-97db-20a0ba051e0c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42847", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/manageengine_adaudit_plus_authenticated_rce.rb", "content": "", "creation_timestamp": "2023-05-08T18:49:17.000000Z"}, {"uuid": "bb5c9261-ca95-4bce-848d-b2495101af91", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42847", "type": "seen", "source": "MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7", "content": "", "creation_timestamp": "2025-10-23T21:12:59.000000Z"}, {"uuid": "a649a163-60ce-4ec5-8108-538e5542786b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42840", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/suitecrm_log_file_rce.rb", "content": "", "creation_timestamp": "2021-06-03T14:18:38.000000Z"}, {"uuid": "52fd0c7c-f829-4cbb-bbd2-0d44174d42a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42848", "type": "seen", "source": "https://t.me/cibsecurity/42934", "content": "\u203c CVE-2021-42848 \u203c\n\nAn information disclosure vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to retrieve device and networking details.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-18T20:28:44.000000Z"}, {"uuid": "76142690-2074-4abe-8820-a43ff5c51e90", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42847", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/6968", "content": "#exploit\n1. Pwning ManageEngine - From Endpoint to Exploit\n]-> CVE-2020-11531, CVE-2020-11532:\nhttps://medium.com/@erik.wynter/pwning-manageengine-from-poc-to-exploit-cfe5adb8c175\n]-> CVE-2021-42847:\nhttps://medium.com/@erik.wynter/pwning-manageengine-from-endpoint-to-exploit-bc5793836fd\n\n2. pfSense Post Auth RCE\nhttps://ssd-disclosure.com/ssd-advisory-pfsense-post-auth-rce", "creation_timestamp": "2022-11-09T06:35:44.000000Z"}, {"uuid": "332cbdd9-cc28-41cf-a10a-c34ea3261c5f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42841", "type": "seen", "source": "https://t.me/cibsecurity/35084", "content": "\u203c CVE-2021-42841 \u203c\n\nInsta HMS before 12.4.10 is vulnerable to XSS because of improper validation of user-supplied input by multiple scripts. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-07T00:11:17.000000Z"}, {"uuid": "56b0455b-2ab0-45a7-96ee-6e5182c5208b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42840", "type": "seen", "source": "https://t.me/cibsecurity/31054", "content": "\u203c CVE-2021-42840 \u203c\n\nSuiteCRM before 7.11.19 allows remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, logger_file_name can refer to an attacker-controlled PHP file under the web root, because only the all-lowercase PHP file extensions were blocked. NOTE: this issue exists because of an incomplete fix for CVE-2020-28328.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-22T22:39:21.000000Z"}]}