{"vulnerability": "cve-2020-3521", "sightings": [{"uuid": "5603e527-c556-41f9-b316-50b5ded933f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35210", "type": "seen", "source": "https://t.me/cibsecurity/34157", "content": "\u203c CVE-2020-35210 \u203c\n\nA vulnerability in Atomix v3.1.5 allows attackers to cause a denial of service (DoS) via a Raft session flooding attack using Raft OpenSessionRequest messages.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-16T22:35:58.000000Z"}, {"uuid": "d6e36f2f-1d5d-470f-b91c-4606fe8ed576", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35215", "type": "seen", "source": "https://t.me/cibsecurity/34167", "content": "\u203c CVE-2020-35215 \u203c\n\nAn issue in Atomix v3.1.5 allows attackers to access sensitive information when a malicious Atomix node queries distributed variable primitives which contain the entire primitive lists that ONOS nodes use to share important states.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-16T22:36:11.000000Z"}, {"uuid": "573183d6-1dbe-42d8-9851-7235a661d07d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35213", "type": "seen", "source": "https://t.me/cibsecurity/34166", "content": "\u203c CVE-2020-35213 \u203c\n\nAn issue in Atomix v3.1.5 allows attackers to cause a denial of service (DoS) via false link event messages sent to a master ONOS node.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-16T22:36:10.000000Z"}, {"uuid": "c0205a2f-7bcf-4640-b7a6-eb8c13c53a89", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35216", "type": "seen", "source": "https://t.me/cibsecurity/34161", "content": "\u203c CVE-2020-35216 \u203c\n\nAn issue in Atomix v3.1.5 allows attackers to cause a denial of service (DoS) via false member down event messages.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-16T22:36:03.000000Z"}, {"uuid": "f914e6da-8f00-4399-9b06-964420552ae9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35214", "type": "seen", "source": "https://t.me/cibsecurity/34160", "content": "\u203c CVE-2020-35214 \u203c\n\nAn issue in Atomix v3.1.5 allows a malicious Atomix node to remove states of ONOS storage via abuse of primitive operations.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-16T22:36:02.000000Z"}, {"uuid": "16c89776-e48a-48a5-a28d-baf0772c527a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35211", "type": "seen", "source": "https://t.me/cibsecurity/34158", "content": "\u203c CVE-2020-35211 \u203c\n\nAn issue in Atomix v3.1.5 allows unauthorized Atomix nodes to become the lead node in a target cluster via manipulation of the variable terms in RaftContext.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-16T22:35:59.000000Z"}, {"uuid": "0b1cf265-bed4-44c0-b611-e58e741e0e84", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35217", "type": "seen", "source": "https://t.me/cibsecurity/22329", "content": "\u203c CVE-2020-35217 \u203c\n\nVert.x-Web framework v4.0 milestone 1-4 does not perform a correct CSRF verification. Instead of comparing the CSRF token in the request with the CSRF token in the cookie, it compares the CSRF token in the cookie against a CSRF token that is stored in the session. An attacker does not even need to provide a CSRF token in the request because the framework does not consider it. The cookies are automatically sent by the browser and the verification will always succeed, leading to a successful CSRF attack.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-20T16:27:07.000000Z"}]}