{"vulnerability": "CVE-2021-3908", "sightings": [{"uuid": "2d2b2c8e-254a-4208-8a1c-50803108f608", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39081", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113676682434744713", "content": "", "creation_timestamp": "2024-12-19T00:35:19.091393Z"}, {"uuid": "2f7551c5-8b39-4bd8-b449-9682a35305db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39089", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9685", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-39089\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 could allow an authenticated user to obtain sensitive information from a specially crafted HTTP request.  IBM X-Force ID:  216387.\n\ud83d\udccf Published: 2023-01-20T18:14:59.231Z\n\ud83d\udccf Modified: 2025-03-31T14:59:42.233Z\n\ud83d\udd17 References:\n1. https://www.ibm.com/support/pages/node/6856405\n2. https://exchange.xforce.ibmcloud.com/vulnerabilities/216387", "creation_timestamp": "2025-03-31T15:31:26.000000Z"}, {"uuid": "54e660aa-18f3-4f7f-9716-990fe70edf5c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39081", "type": "seen", "source": "https://t.me/cvedetector/13296", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2021-39081 - IBM Cognos Analytics Mobile Android Weak Cryptography Flaw\", \n  \"Content\": \"CVE ID : CVE-2021-39081 \nPublished : Dec. 19, 2024, 1:15 a.m. | 39\u00a0minutes ago \nDescription : IBM Cognos Analytics Mobile for Android 1.1.14 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. \nSeverity: 5.9 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-19T03:05:39.000000Z"}, {"uuid": "53d7a75b-70e3-4664-a42f-3130b508c280", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39089", "type": "seen", "source": "https://t.me/cibsecurity/56782", "content": "\u203c CVE-2021-39089 \u203c\n\nIBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 could allow an authenticated user to obtain sensitive information from a specially crafted HTTP request. IBM X-Force ID: 216387.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-20T22:28:48.000000Z"}, {"uuid": "a2140beb-da2b-4451-8288-7d3a2ebc3eb5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39087", "type": "seen", "source": "https://t.me/cibsecurity/48238", "content": "\u203c CVE-2021-39087 \u203c\n\nIBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 could allow an authenticated user to obtain sensitive information due to improper permission controls. IBM X-Force ID: 216109.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-16T22:39:23.000000Z"}, {"uuid": "8389c01f-3fb5-4ad4-aa2e-71e0e3a0bdc3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39086", "type": "seen", "source": "https://t.me/cibsecurity/48235", "content": "\u203c CVE-2021-39086 \u203c\n\nIBM Sterling File Gateway 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 215889.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-16T22:39:19.000000Z"}, {"uuid": "577aac37-83c7-4e75-bbfe-6dc492268dc6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39085", "type": "seen", "source": "https://t.me/cibsecurity/48234", "content": "\u203c CVE-2021-39085 \u203c\n\nIBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 215888.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-16T22:39:18.000000Z"}, {"uuid": "ad2b12bd-bd2b-4a30-a9c2-19a0f4ecba62", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39080", "type": "seen", "source": "https://t.me/cibsecurity/37439", "content": "\u203c CVE-2021-39080 \u203c\n\nDue to weak obfuscation, IBM Cognos Analytics Mobile for Android application prior to version 1.1.14 , an attacker could be able to reverse engineer the codebase to gain knowledge about the programming technique, interface, class definitions, algorithms and functions used. IBM X-Force ID: 215593.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-14T20:32:59.000000Z"}, {"uuid": "1b790dc1-174b-4ac7-bf58-be95a92171e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3908", "type": "seen", "source": "https://t.me/cibsecurity/32260", "content": "\u203c CVE-2021-3908 \u203c\n\nOctoRPKI does not limit the depth of a certificate chain, allowing for a CA to create children in an ad-hoc fashion, thereby making tree traversal never end.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-12T00:38:02.000000Z"}]}