{"vulnerability": "CVE-2022-21215", "sightings": [{"uuid": "15fbb3a0-9ad4-45bd-ae52-6888b22e980f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21215", "type": "seen", "source": "https://t.me/cibsecurity/37720", "content": "\u203c CVE-2022-21215 \u203c\n\nThis vulnerability could allow an attacker to force the server to create and execute a web request granting access to backend APIs that are only accessible to the Mimosa MMP server, or request pages that could perform some actions themselves. The attacker could force the server into accessing routes on those cloud-hosting platforms, accessing secret keys, changing configurations, etc. Affecting MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-18T20:40:21.000000Z"}, {"uuid": "16cfa15f-55c3-4878-833c-66da3e6b72b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21215", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12102", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-21215\n\ud83d\udd25 CVSS Score: 10 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\ud83d\udd39 Description: This vulnerability could allow an attacker to force the server to create and execute a web request granting access to backend APIs that are only accessible to the Mimosa MMP server, or request pages that could perform some actions themselves. The attacker could force the server into accessing routes on those cloud-hosting platforms, accessing secret keys, changing configurations, etc. Affecting MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1.\n\ud83d\udccf Published: 2022-02-18T17:50:15.950Z\n\ud83d\udccf Modified: 2025-04-16T16:46:02.036Z\n\ud83d\udd17 References:\n1. https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02", "creation_timestamp": "2025-04-16T16:56:18.000000Z"}]}