{"vulnerability": "cve-2021-3897", "sightings": [{"uuid": "c36ac3d4-0c14-4041-8a3d-277a490bacd7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38977", "type": "seen", "source": "https://t.me/cibsecurity/32487", "content": "\u203c CVE-2021-38977 (security_guardium_key_lifecycle_manager, security_key_lifecycle_manager) \u203c\n\nIBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 212782.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-17T16:26:30.000000Z"}, {"uuid": "1313ea1e-cc1e-4587-b432-afc2e37910a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38979", "type": "seen", "source": "https://t.me/cibsecurity/32477", "content": "\u203c CVE-2021-38979 (security_guardium_key_lifecycle_manager, security_key_lifecycle_manager) \u203c\n\nIBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software does not also use a salt as part of the input. IBM X-Force ID: 212785.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-17T16:20:47.000000Z"}, {"uuid": "484009a2-4a09-4423-9f7c-f5bca3a56f4d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3897", "type": "seen", "source": "https://t.me/cibsecurity/41360", "content": "\u203c CVE-2021-3897 \u203c\n\nAn authentication bypass vulnerability was discovered in an internal service of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware during an that could allow an unauthenticated attacker to execute commands on the SMM and FPC2. SMM2 is not affected.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-23T00:28:29.000000Z"}, {"uuid": "ad14f5e5-cfa6-495a-9d43-64bef93e5434", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38971", "type": "seen", "source": "https://t.me/cibsecurity/38891", "content": "\u203c CVE-2021-38971 \u203c\n\nIBM Data Virtualization on Cloud Pak for Data 1.3.0, 1.4.1, 1.5.0, 1.7.1 and 1.7.3 could allow an authorized user to bypass data masking rules and obtain sensitve information. IBM X-Force ID: 212620.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-14T19:18:20.000000Z"}, {"uuid": "6b4afb71-6fcb-4dff-94a1-526a7e744405", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38978", "type": "seen", "source": "https://t.me/cibsecurity/32460", "content": "\u203c CVE-2021-38978 (security_guardium_key_lifecycle_manager, security_key_lifecycle_manager) \u203c\n\nIBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 212783.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-17T16:14:51.000000Z"}, {"uuid": "c9ab2209-69fb-4303-b12f-7c601f55dcdb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38973", "type": "seen", "source": "https://t.me/cibsecurity/32311", "content": "\u203c CVE-2021-38973 \u203c\n\nIBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-12T18:39:06.000000Z"}, {"uuid": "070034e8-41e5-4f55-ac3c-2501f650a87d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38972", "type": "seen", "source": "https://t.me/cibsecurity/32307", "content": "\u203c CVE-2021-38972 \u203c\n\nIBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-12T18:38:59.000000Z"}]}