{"vulnerability": "CVE-2021-4452", "sightings": [{"uuid": "0c2b09c4-343f-4db0-8a0b-acd0569c4c41", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-44529", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2024-03-25T18:10:03.000000Z"}, {"uuid": "b6cb4ec5-b11f-433c-b652-f56ff09e9ce9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-44528", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-44528.yaml", "content": "", "creation_timestamp": "2023-04-27T09:58:59.000000Z"}, {"uuid": "bc2dd16b-dd79-430d-9472-4b429a82355d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-44529", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-44529.yaml", "content": "", "creation_timestamp": "2023-04-27T09:58:59.000000Z"}, {"uuid": "57d85c0c-f321-4b31-bffe-2091c99ae280", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-44529", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:45.000000Z"}, {"uuid": "f64ac159-8b0c-4b4d-bc37-a635c4fa44fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-44529", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/ivanti_csa_unauth_rce_cve_2021_44529.rb", "content": "", "creation_timestamp": "2023-01-17T19:33:02.000000Z"}, {"uuid": "141e63e2-a376-4532-925b-f55696bd42a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-44529", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:41.000000Z"}, {"uuid": "0c091729-1af0-48cc-9e9e-071ec9b4cad6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-44529", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:53.000000Z"}, {"uuid": "1e55a688-d154-421e-8dd7-3a85bc77a8a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-44529", "type": "seen", "source": "MISP/d17bd6ef-d68b-317b-ac33-cdbc44c5fc57", "content": "", "creation_timestamp": "2025-08-31T03:13:12.000000Z"}, {"uuid": "7166074a-1e02-4d81-89d1-d6e330cf464a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-44529", "type": "seen", "source": "https://t.me/poxek/2655", "content": "CVE-2021-44529\nIvanti EPM Cloud Services Appliance (CSA) RCE\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c RCE \u0432 Ivanti EPM Cloud Services Appliance (CSA) \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0435\u0430\u0432\u0442\u043e\u0440\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0441 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u044b\u043c\u0438 \u043f\u0440\u0430\u0432\u0430\u043c\u0438 (nobody).\n\n#CVE #POC", "creation_timestamp": "2023-01-13T11:04:04.000000Z"}, {"uuid": "bdf11a59-ea3e-4550-a42d-5418d81a544c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-44529", "type": "exploited", "source": "Telegram/qEB3cQjn89-Wp0e5IcB9U1WByFHdUfbB2SjNxLmQQweLTVo", "content": "", "creation_timestamp": "2024-03-26T07:18:45.000000Z"}, {"uuid": "1f1d245b-7484-47be-b6cb-2939625b551c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2021-44529", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/310c8510-0ddf-4906-8633-76e220a394dd", "content": "", "creation_timestamp": "2026-02-02T12:26:39.903783Z"}, {"uuid": "56c79ece-d1a8-4509-819f-fa06b917cc18", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-44529", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/1962", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1a\u4ee3\u7801\u6ce8\u5165\n\u63cf\u8ff0\uff1aCVE-2021-44529 Ivanti EPM \u4e91\u670d\u52a1\u8bbe\u5907 (CSA) \u4e2d\u7684\u4ee3\u7801\u6ce8\u5165\u6f0f\u6d1e\u5141\u8bb8\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u7528\u6237\u4ee5\u6709\u9650\u7684\u6743\u9650\uff08nobody\uff09\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\nURL\uff1ahttps://github.com/jax7sec/CVE-2021-44529\n\n\u6807\u7b7e\uff1a#\u4ee3\u7801\u6ce8\u5165", "creation_timestamp": "2022-04-16T15:24:17.000000Z"}, {"uuid": "6391b1ff-0302-487c-8014-2a40cce40de4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-4452", "type": "seen", "source": "https://t.me/cvedetector/8037", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2021-4452 - Google Language Translator for WordPress Reflected Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2021-4452 \nPublished : Oct. 16, 2024, 8:15 a.m. | 37\u00a0minutes ago \nDescription : The Google Language Translator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via multiple parameters in versions up to, and including, 6.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. Specifically affects users with older browsers that lack proper URL encoding support. \nSeverity: 7.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-16T11:20:52.000000Z"}, {"uuid": "937dfb93-26c3-4e2a-865d-700db91db236", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-44529", "type": "exploited", "source": "Telegram/Mngct84mCz7lSDx0uk4uMuQLf745FDPXeRIP1hndScImTw", "content": "", "creation_timestamp": "2024-03-26T07:20:50.000000Z"}, {"uuid": "6409dc2e-f5e8-40f6-b712-8cf15ac10361", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-44529", "type": "exploited", "source": "https://t.me/tengkorakcybercrewz/816", "content": "The Hacker News\nCISA Alerts on Active Exploitation of Flaws in Fortinet, Ivanti, and Nice Products\n\nThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday placed three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.\nThe vulnerabilities added are as follows -\n\nCVE-2023-48788 (CVSS score: 9.3) - Fortinet FortiClient EMS SQL Injection Vulnerability\nCVE-2021-44529 (CVSS score: 9.8) - Ivanti", "creation_timestamp": "2024-03-26T07:20:51.000000Z"}, {"uuid": "b3ff2116-d7e0-49c1-b87f-d9f7411f1725", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-44529", "type": "exploited", "source": "https://t.me/tengkorakcybercrewz/4411", "content": "The Hacker News\nCISA Alerts on Active Exploitation of Flaws in Fortinet, Ivanti, and Nice Products\n\nThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday placed three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.\nThe vulnerabilities added are as follows -\n\nCVE-2023-48788 (CVSS score: 9.3) - Fortinet FortiClient EMS SQL Injection Vulnerability\nCVE-2021-44529 (CVSS score: 9.8) - Ivanti", "creation_timestamp": "2024-03-26T07:20:51.000000Z"}, {"uuid": "ad1d0242-6935-40b9-86c0-0a59a873b185", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-44529", "type": "exploited", "source": "Telegram/lvSx9mMlLtFKi8E1bKG9QE8-DBE32mfFsPXZxFV-Ra_jPg", "content": "", "creation_timestamp": "2024-03-26T07:53:45.000000Z"}, {"uuid": "c31c91ed-f080-4514-bcf9-9f2ebad2d0a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-44529", "type": "exploited", "source": "https://t.me/KomunitiSiber/1688", "content": "CISA Alerts on Active Exploitation of Flaws in Fortinet, Ivanti, and Nice Products\nhttps://thehackernews.com/2024/03/cisa-alerts-on-active-exploitation-of.html\n\nThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday\u00a0placed\u00a0three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.\nThe vulnerabilities added are as follows -\n\nCVE-2023-48788\u00a0(CVSS score: 9.3) - Fortinet FortiClient EMS SQL Injection Vulnerability\nCVE-2021-44529\u00a0(CVSS score: 9.8) - Ivanti", "creation_timestamp": "2024-03-26T07:46:39.000000Z"}, {"uuid": "af8ceda9-7522-4471-bb75-3d9704c81fde", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-44521", "type": "seen", "source": "https://t.me/true_secator/2636", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 DevOps-\u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 JFrog \u0440\u0430\u0441\u043a\u0440\u044b\u043b\u0438 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u0443\u0436\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0439 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 Apache Cassandra, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0434\u043b\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 (RCE).\n\nApache Cassandra \u2014 \u044d\u0442\u043e \u0440\u0430\u0441\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0430\u0437\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 NoSQL \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c \u0434\u043b\u044f \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043e\u0447\u0435\u043d\u044c \u0431\u043e\u043b\u044c\u0448\u0438\u043c\u0438 \u043e\u0431\u044a\u0435\u043c\u0430\u043c\u0438 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u043d\u0430 \u043e\u0431\u044b\u0447\u043d\u044b\u0445 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u0445.\n\n\u041a\u0430\u043a \u043e\u0442\u043c\u0435\u0447\u0430\u044e\u0442 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 Apache \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u043b\u0435\u0433\u043a\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c, \u043d\u043e, \u043a \u0441\u0447\u0430\u0441\u0442\u044c\u044e, \u043f\u0440\u043e\u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0442\u043e\u043b\u044c\u043a\u043e \u0432 \u043d\u0435\u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043d\u044b\u0445 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f\u0445 Cassandra.\n\nCVE-2021-44521\u00a0(\u043e\u0446\u0435\u043d\u043a\u0430 CVSS: 8,4) \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043a\u043e\u043d\u043a\u0440\u0435\u0442\u043d\u044b\u043c \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u0435\u043c, \u0432 \u043a\u043e\u0442\u043e\u0440\u043e\u043c \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u0430 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u044f\u0435\u043c\u044b\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c \u0444\u0443\u043d\u043a\u0446\u0438\u0439 (UDF), \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u044d\u0444\u0444\u0435\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u0432\u0438\u0436\u043e\u043a\u00a0Nashorn\u00a0JavaScript, \u0447\u0442\u043e\u0431\u044b \u0432\u044b\u0439\u0442\u0438 \u0438\u0437 \u043f\u0435\u0441\u043e\u0447\u043d\u0438\u0446\u044b \u0438 \u0434\u043e\u0431\u0438\u0442\u044c\u0441\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043d\u0435\u043d\u0430\u0434\u0435\u0436\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430.\n\n\u041a \u0442\u0430\u043a\u043e\u0439 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u043e\u0442\u043d\u043e\u0441\u044f\u0442\u0441\u044f \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u044b cassandra.yaml: enable user defined functions: true; enable scripted user defined functions: true; enable user defined functions threads: false.\n\n\u041a\u043e\u0433\u0434\u0430 \u0434\u043b\u044f \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u0430 enable user defined functions hreads \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u043e \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435 false, \u0432\u0441\u0435 \u0432\u044b\u0437\u044b\u0432\u0430\u0435\u043c\u044b\u0435 UDF-\u0444\u0443\u043d\u043a\u0446\u0438\u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u044e\u0442\u0441\u044f \u0432 Cassandra daemon, \u0443 \u043a\u043e\u0442\u043e\u0440\u043e\u0433\u043e \u0435\u0441\u0442\u044c \u043c\u0435\u043d\u0435\u0434\u0436\u0435\u0440 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0441 \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u043c\u0438 \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u0438\u044f\u043c\u0438. \u0422\u0435\u043c \u0441\u0430\u043c\u044b\u043c \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043e\u0442\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u043c\u0435\u043d\u0435\u0434\u0436\u0435\u0440\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0432\u044b\u0439\u0442\u0438 \u0438\u0437 \u043f\u0435\u0441\u043e\u0447\u043d\u0438\u0446\u044b \u0438 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u043e\u0431\u043e\u043b\u043e\u0447\u043a\u0438 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435.\n\n\u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c Apache Cassandra \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0439\u00a03.0.26\u00a0,\u00a03.11.12\u00a0\u0438\u00a04.0.2, \u0447\u0442\u043e\u0431\u044b \u0438\u0437\u0431\u0435\u0436\u0430\u0442\u044c \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438. \u0412 \u043d\u043e\u0432\u043e\u043c \u0438\u0441\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0438 \u0434\u043b\u044f allow extra insecure udfs \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435 false \u0438 \u0431\u043b\u043e\u043a\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435 \u043c\u0435\u043d\u0435\u0434\u0436\u0435\u0440\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438.", "creation_timestamp": "2022-02-16T16:20:00.000000Z"}, {"uuid": "d9c61187-2149-40aa-a48d-8f7c9877ac68", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-44529", "type": "seen", "source": "https://t.me/true_secator/5429", "content": "\u0412\u043e\u043e\u0431\u0449\u0435 \u043d\u0435\u0443\u0434\u0438\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u043e, \u0447\u0442\u043e \u0443 Ivanti \u0442\u0430\u043a\u0430\u044f \u0447\u0435\u0445\u0430\u0440\u0434\u0430 \u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c\u0438 \u0438 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438.\n\n\u041a\u0430\u043a \u0432\u044b\u044f\u0441\u043d\u0438\u043b\u0438 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 GreyNoise, \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0430\u044f \u0432 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0435 Ivanti \u0432 2021 \u0433\u043e\u0434\u0443 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0430 \u0441\u0430\u043c\u043e\u043c \u0434\u0435\u043b\u0435 \u0431\u044b\u043b\u0430 \u043f\u0440\u0435\u0434\u043d\u0430\u043c\u0435\u0440\u0435\u043d\u043d\u044b\u043c \u0431\u044d\u043a\u0434\u043e\u0440\u043e\u043c \u0432 PHP-\u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c \u0434\u043b\u044f \u0437\u0430\u0449\u0438\u0442\u044b \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 \u043e\u0442 \u0430\u0442\u0430\u043a \u0441 \u043f\u043e\u0434\u0434\u0435\u043b\u043a\u043e\u0439 \u043c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u044b\u0445 \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 - csrf-magic.\n\n\u041f\u0440\u0438\u0447\u0435\u043c, \u0434\u0430\u0436\u0435 \u0442\u043e\u0433\u0434\u0430, \u043a\u043e\u0433\u0434\u0430 \u0431\u044d\u043a\u0434\u043e\u0440 \u0431\u044b\u043b \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e \u0440\u0430\u0441\u043a\u0440\u044b\u0442 \u0432 2016 \u0433\u043e\u0434\u0443, Ivanti \u043f\u043e-\u043f\u0440\u0435\u0436\u043d\u0435\u043c\u0443 \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u043b\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0443 \u0434\u043b\u044f \u0441\u0432\u043e\u0435\u0433\u043e \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 EPM Cloud Services Appliance (CSA).\n\n\u0418 \u0442\u043e\u043b\u044c\u043a\u043e \u043f\u043e\u0437\u0436\u0435 Ivanti \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0430 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443, \u043d\u043e \u043e\u043f\u0438\u0441\u0430\u043b\u0430 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443 \u043a\u0430\u043a \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 (CVE-2021-44529), \u0432\u043e\u0432\u0441\u0435 \u043d\u0435 \u043e\u0431\u0440\u0430\u0449\u0430\u044f \u0432\u043d\u0438\u043c\u0430\u043d\u0438\u0435 \u043d\u0430 \u0442\u043e, \u0447\u0442\u043e \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u0438 \u043e\u043d\u0430 \u0431\u044b\u043b\u0430 \u043d\u0438\u0447\u0435\u043c \u0434\u0440\u0443\u0433\u0438\u043c, \u043a\u0430\u043a \u0431\u044d\u043a\u0434\u043e\u0440\u043e\u043c.\n\n\u0421\u043e\u0431\u0441\u0442\u0432\u0435\u043d\u043d\u043e, \u0438\u043c\u0435\u043d\u043d\u043e \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u043e\u0434\u0438\u043d \u0438\u0437 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439, \u043a\u043e\u043c\u0443 \u0435\u0449\u0435 \u0440\u0430\u043d\u0435\u0435 \u0443\u0434\u0430\u043b\u043e\u0441\u044c \u0441\u0442\u043e\u043b\u043a\u043d\u0443\u0442\u044c\u0441\u044f \u0441 CVE-2021-44529, \u0437\u0430\u0434\u0430\u043b\u0441\u044f \u0432\u043e\u043f\u0440\u043e\u0441\u043e\u043c: \u041f\u043e\u0447\u0435\u043c\u0443 \u044d\u0442\u043e \u0431\u044b\u043b\u043e \u0434\u043e\u0431\u0430\u0432\u043b\u0435\u043d\u043e \u0432 \u043a\u043e\u0434?\u00a0\u041d\u0435 \u0443\u0431\u0440\u0430\u043d\u043e \u043f\u043e\u0441\u043b\u0435 \u0442\u0435\u0441\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0438\u043b\u0438, \u0447\u0442\u043e \u0431\u043e\u043b\u0435\u0435 \u0432\u0435\u0440\u043e\u044f\u0442\u043d\u043e, \u043b\u0430\u0437\u0435\u0439\u043a\u0430 \u0434\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u043c?", "creation_timestamp": "2024-02-19T15:49:10.000000Z"}, {"uuid": "5d824ef1-1888-4d58-b9ff-d32ba282409f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-44521", "type": "seen", "source": "https://t.me/true_secator/2737", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0438\u0437 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 DevSecOps JFrog \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0430\u0437\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c ClickHouse OLAP. \u0421\u043b\u0443\u0447\u0438\u043b\u043e\u0441\u044c \u044d\u0442\u043e \u0441\u0440\u0430\u0437\u0443 \u043f\u043e\u0441\u043b\u0435 \u0442\u043e\u0433\u043e, \u043a\u0430\u043a JFrog \u0440\u0430\u0441\u043a\u0440\u044b\u043b \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u0434\u0440\u0443\u0433\u043e\u0439 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0432 Apache Cassandra (CVE-2021-44521\u00a0\u0441 \u043e\u0446\u0435\u043d\u043a\u043e\u0439 CVSS: 8,4), \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0449\u0435\u0439 \u043a RCE \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u043c \u0441\u0435\u0440\u0432\u0435\u0440\u0435.\n\n\u0422\u0435\u0445\u043d\u043e\u043b\u043e\u0433\u0438\u044f ClickHouse \u0431\u044b\u043b\u0430 \u0432\u043f\u0435\u0440\u0432\u044b\u0435 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0430\u043d\u0430 \u0431\u043e\u043b\u0435\u0435 10 \u043b\u0435\u0442 \u043d\u0430\u0437\u0430\u0434 \u0432\u00a0\u042f\u043d\u0434\u0435\u043a\u0441\u0435. \u0428\u0442\u0430\u0431-\u043a\u0432\u0430\u0440\u0442\u0438\u0440\u0430 ClickHouse Inc. \u043d\u0430\u0445\u043e\u0434\u0438\u0442\u0441\u044f \u0432 \u041a\u0430\u043b\u0438\u0444\u043e\u0440\u043d\u0438\u0439\u0441\u043a\u043e\u043c \u0437\u0430\u043b\u0438\u0432\u0435, \u0421\u0428\u0410, \u0430 \u0434\u043e\u0447\u0435\u0440\u043d\u044f\u044f \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f ClickHouse BV \u0431\u0430\u0437\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u0432\u00a0\u0410\u043c\u0441\u0442\u0435\u0440\u0434\u0430\u043c\u0435, \u041d\u0438\u0434\u0435\u0440\u043b\u0430\u043d\u0434\u044b.\n\n\u0421 \u0442\u0435\u0445 \u043f\u043e\u0440 \u043a\u0430\u043a \u0432 2016 \u0433\u043e\u0434\u0443 \u043f\u0440\u043e\u0435\u043a\u0442 ClickHouse \u0431\u044b\u043b \u0432\u044b\u043f\u0443\u0449\u0435\u043d \u043a\u0430\u043a \u041e\u041f \u0441\u00a0\u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c\u00a0\u043f\u043e\u0434\u00a0\u043b\u0438\u0446\u0435\u043d\u0437\u0438\u0435\u0439 Apache 2\u00a0\u0435\u0433\u043e \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u043e\u0441\u0442\u044c \u0440\u043e\u0441\u043b\u0430 \u0432 \u0433\u0435\u043e\u043c\u0435\u0442\u0440\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u043f\u0440\u043e\u0433\u0440\u0435\u0441\u0441\u0438\u0438, \u043e \u0447\u0435\u043c \u0441\u0432\u0438\u0434\u0435\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0443\u0435\u0442 \u0435\u0433\u043e \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435 \u0432 Uber, Comcast, eBay \u0438 Cisco.\u00a0\n\nClickHouse \u0442\u0430\u043a\u0436\u0435 \u0431\u044b\u043b \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d \u0432\u00a0CERN\u00a0LHCb\u00a0\u0434\u043b\u044f \u0445\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438\u00a0\u043c\u0435\u0442\u0430\u0434\u0430\u043d\u043d\u044b\u0445\u00a0\u043e 10 \u043c\u0438\u043b\u043b\u0438\u0430\u0440\u0434\u0430\u0445 \u0441\u043e\u0431\u044b\u0442\u0438\u0439 \u0441 \u0431\u043e\u043b\u0435\u0435 \u0447\u0435\u043c 1000 \u0430\u0442\u0440\u0438\u0431\u0443\u0442\u043e\u0432 \u0434\u043b\u044f \u043a\u0430\u0436\u0434\u043e\u0433\u043e \u0441\u043e\u0431\u044b\u0442\u0438\u044f.\n\n\u0412\u044b\u044f\u0432\u043b\u0435\u043d\u043d\u044b\u0435 \u0432 ClickHouse \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u044b \u0434\u043b\u044f \u0432\u044b\u0437\u043e\u0432\u0430 \u0441\u0431\u043e\u0435\u0432 \u0432 \u0440\u0430\u0431\u043e\u0442\u0435 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432, \u0443\u0442\u0435\u0447\u043a\u0438 \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u043c\u043e\u0433\u043e \u043f\u0430\u043c\u044f\u0442\u0438 \u0438 \u0434\u0430\u0436\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430. \u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u0438\u0445 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0442\u0440\u0435\u0431\u0443\u044e\u0442 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438, \u043d\u043e \u0442\u0430\u043a\u0436\u0435 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0430\u043a\u0442\u0438\u0432\u0438\u0440\u043e\u0432\u0430\u043d\u044b \u043b\u044e\u0431\u044b\u043c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c \u0441 \u043f\u0440\u0430\u0432\u0430\u043c\u0438 \u043d\u0430 \u0447\u0442\u0435\u043d\u0438\u0435, \u0442\u043e \u0435\u0441\u0442\u044c \u0434\u0430\u0436\u0435 \u0441 \u0441\u0430\u043c\u044b\u043c\u0438 \u043d\u0438\u0437\u043a\u0438\u043c\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438.\n\n\u0421\u0440\u0435\u0434\u0438 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u043e\u0448\u0438\u0431\u043e\u043a \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435:\n \u2022 CVE-2021-43304 \u0438 CVE-2021-43305\u00a0(\u043e\u0446\u0435\u043d\u043a\u0430 CVSS: 8,8) \u2014 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0438 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0431\u0443\u0444\u0435\u0440\u0430 \u043a\u0443\u0447\u0438 \u0432 \u043a\u043e\u0434\u0435\u043a\u0435 \u0441\u0436\u0430\u0442\u0438\u044f LZ4, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043a\u043e\u0434\u0430.\n \u2022 CVE-2021-42387 \u0438 CVE-2021-42388\u00a0(\u043e\u0446\u0435\u043d\u043a\u0430 CVSS: 7,1) \u2014 \u043e\u0448\u0438\u0431\u043a\u0430 \u0447\u0442\u0435\u043d\u0438\u044f \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u0430\u043c\u0438 \u043a\u0443\u0447\u0438 \u0432 \u043a\u043e\u0434\u0435\u043a\u0435 \u0441\u0436\u0430\u0442\u0438\u044f LZ4, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u043e\u0442\u043a\u0430\u0437\u0443 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0438\u043b\u0438 \u0443\u0442\u0435\u0447\u043a\u0435 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438.\n \u2022 CVE-2021-42389\u00a0(\u043e\u0446\u0435\u043d\u043a\u0430 CVSS: 6,5) \u2014 \u043e\u0448\u0438\u0431\u043a\u0430 \u0434\u0435\u043b\u0435\u043d\u0438\u044f \u043d\u0430 \u043d\u043e\u043b\u044c \u0432 \u043a\u043e\u0434\u0435\u043a\u0435 \u0441\u0436\u0430\u0442\u0438\u044f Delta, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u043e\u0442\u043a\u0430\u0437\u0443 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438.\n \u2022 CVE-2021-42390\u00a0(\u043e\u0446\u0435\u043d\u043a\u0430 CVSS: 6,5) \u2014 \u043e\u0448\u0438\u0431\u043a\u0430 \u0434\u0435\u043b\u0435\u043d\u0438\u044f \u043d\u0430 \u043d\u043e\u043b\u044c \u0432 \u043a\u043e\u0434\u0435\u043a\u0435 \u0441\u0436\u0430\u0442\u0438\u044f DeltaDouble, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u043e\u0442\u043a\u0430\u0437\u0443 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438.\n \u2022 CVE-2021-42391\u00a0(\u043e\u0446\u0435\u043d\u043a\u0430 CVSS: 6,5) \u2014 \u043e\u0448\u0438\u0431\u043a\u0430 \u0434\u0435\u043b\u0435\u043d\u0438\u044f \u043d\u0430 \u043d\u043e\u043b\u044c \u0432 \u043a\u043e\u0434\u0435\u043a\u0435 \u0441\u0436\u0430\u0442\u0438\u044f Gorilla, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u043e\u0442\u043a\u0430\u0437\u0443 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438.\n\n\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0432\u043e\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u043b\u044e\u0431\u044b\u043c \u0438\u0437 \u0432\u044b\u0448\u0435\u0443\u043f\u043e\u043c\u044f\u043d\u0443\u0442\u044b\u0445 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u043e\u0432, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0439 \u0441\u0436\u0430\u0442\u044b\u0439 \u0444\u0430\u0439\u043b \u0434\u043b\u044f \u0441\u0431\u043e\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0433\u043e \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0431\u0430\u0437\u044b \u0434\u0430\u043d\u043d\u044b\u0445. \u0412 \u0441\u0432\u044f\u0437\u0438 \u0441 \u0447\u0435\u043c \u043d\u0430\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u043c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c ClickHouse \u043f\u043e\u0441\u043a\u043e\u0440\u0435\u0435 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 v21.10.2.15-stable \u0438\u043b\u0438 \u0432\u044b\u0448\u0435 \u0432\u043e \u0438\u0437\u0431\u0435\u0436\u0430\u043d\u0438\u0435 \u0432\u044b\u0448\u0435\u043f\u0435\u0440\u0435\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u044b\u0445 \u043f\u0440\u043e\u0431\u043b\u0435\u043c.", "creation_timestamp": "2022-03-16T14:30:16.000000Z"}, {"uuid": "26b5fcbc-b94b-412e-bb1c-43edecc1fed8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-44528", "type": "seen", "source": "https://t.me/cibsecurity/35167", "content": "\u203c CVE-2021-44528 \u203c\n\nA open redirect vulnerability exists in Action Pack >= 6.0.0 that could allow an attacker to craft a \"X-Forwarded-Host\" headers in combination with certain \"allowed host\" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-10T16:21:05.000000Z"}, {"uuid": "675896f4-ac09-493a-a331-b1954138d03f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-44521", "type": "seen", "source": "https://t.me/cibsecurity/37297", "content": "\u203c CVE-2021-44521 \u203c\n\nWhen running Apache Cassandra with the following configuration: enable_user_defined_functions: true enable_scripted_user_defined_functions: true enable_user_defined_functions_threads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would need to have enough permissions to create user defined functions in the cluster to be able to exploit this. Note that this configuration is documented as unsafe, and will continue to be considered unsafe after this CVE.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-11T16:29:38.000000Z"}, {"uuid": "83374cc4-6c61-4923-8f44-c6c99adac3a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-44529", "type": "seen", "source": "https://t.me/ctinow/189779", "content": "https://ift.tt/IjA5cx3\nCode Injection Or Backdoor: A New Look At Ivanti's CVE-2021-44529", "creation_timestamp": "2024-02-21T17:08:53.000000Z"}, {"uuid": "19278da6-a35c-493f-a38b-8503cffe3ca3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-44528", "type": "seen", "source": "https://t.me/ctinow/181326", "content": "https://ift.tt/UxOwytN\nCVE-2021-44528 Ruby on Rails Vulnerability in NetApp Products", "creation_timestamp": "2024-02-08T12:26:40.000000Z"}, {"uuid": "ef42e6a0-09ed-49da-9ac0-695406837955", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-44525", "type": "seen", "source": "https://t.me/cibsecurity/34288", "content": "\u203c CVE-2021-44525 \u203c\n\nZoho ManageEngine PAM360 before build 5303 allows attackers to modify a few aspects of application state because of a filter bypass in which authentication is not required.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-20T18:41:14.000000Z"}, {"uuid": "e5f94f86-b4aa-4c17-8555-82688a9a3ec0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-44526", "type": "seen", "source": "https://t.me/cibsecurity/34568", "content": "\u203c CVE-2021-44526 \u203c\n\nZoho ManageEngine ServiceDesk Plus before 12003 allows authentication bypass in certain admin configurations.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-23T18:19:18.000000Z"}, {"uuid": "f8416761-d347-412b-b0c7-397696ba107e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-44522", "type": "seen", "source": "https://t.me/cibsecurity/33908", "content": "\u203c CVE-2021-44522 \u203c\n\nA vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). Affected applications insufficiently limit the access to the internal message broker system. This could allow an unauthenticated remote attacker to subscribe to arbitrary message queues.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-14T14:13:13.000000Z"}, {"uuid": "31d3b87c-e3fa-4dc6-bc43-1495d2fdddd2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-44527", "type": "seen", "source": "https://t.me/cibsecurity/33444", "content": "\u203c CVE-2021-44527 \u203c\n\nA vulnerability found in UniFi Switch firmware Version 5.43.35 and earlier allows a malicious actor who has already gained access to the network to perform a Deny of Service (DoS) attack on the affected switch.This vulnerability is fixed in UniFi Switch firmware 5.76.6 and later.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-07T16:21:50.000000Z"}, {"uuid": "dac5fc96-21dd-49c2-b742-45339626f79b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-44523", "type": "seen", "source": "https://t.me/cibsecurity/33916", "content": "\u203c CVE-2021-44523 \u203c\n\nA vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). Affected applications insufficiently limit the access to the internal activity feed database. This could allow an unauthenticated remote attacker to read, modify or delete activity feed entries.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-14T14:13:25.000000Z"}, {"uuid": "76fe4fa8-b08a-41c4-81dc-d5c470ca0b1c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-44524", "type": "seen", "source": "https://t.me/cibsecurity/33897", "content": "\u203c CVE-2021-44524 \u203c\n\nA vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). Affected applications insufficiently limit the access to the internal user authentication service. This could allow an unauthenticated remote attacker to trigger several actions on behalf of valid user accounts.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-14T14:12:57.000000Z"}, {"uuid": "47229f6f-637d-4041-920e-2867498b182a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-44529", "type": "seen", "source": "https://t.me/cibsecurity/33664", "content": "\u203c CVE-2021-44529 \u203c\n\nA code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with limited permissions (nobody).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-09T00:24:21.000000Z"}, {"uuid": "d1f783ea-33c1-421a-b11c-d9a7a116bca0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-44521", "type": "seen", "source": "https://t.me/thehackernews/1889", "content": "A new high-severity vulnerability (CVE-2021-44521) has been reported in the popular distributed NoSQL database software Apache Cassandra, which, if left unfixed, could lead to RCE attacks on affected installations.\n\nDetails: https://thehackernews.com/2022/02/high-severity-rce-security-bug-reported.html", "creation_timestamp": "2022-02-16T06:26:39.000000Z"}]}