{"vulnerability": "cve-2021-3956", "sightings": [{"uuid": "6d24e172-188d-40d7-b6f6-a58117a1a223", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3956", "type": "seen", "source": "https://t.me/cibsecurity/42926", "content": "\u203c CVE-2021-3956 \u203c\n\nA read-only authentication bypass vulnerability was reported in the Third Quarter 2021 release of Lenovo XClarity Controller (XCC) firmware affecting XCC devices configured in LDAP Authentication Only Mode and using an LDAP server that supports \u00e2\u20ac\u0153unauthenticated bind\u00e2\u20ac\ufffd, such as Microsoft Active Directory. An unauthenticated user can gain read-only access to XCC in such a configuration, thereby allowing the XCC device configuration to be viewed but not changed. XCC devices configured to use local authentication, LDAP Authentication + Authorization Mode, or LDAP servers that support only \u00e2\u20ac\u0153authenticated bind\u00e2\u20ac\ufffd and/or \u00e2\u20ac\u0153anonymous bind\u00e2\u20ac\ufffd are not affected.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-19T01:48:13.000000Z"}, {"uuid": "8da8984a-8859-4408-a2d7-a20a3565bbb9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39569", "type": "seen", "source": "https://t.me/cibsecurity/29134", "content": "\u203c CVE-2021-39569 \u203c\n\nAn issue was discovered in swftools through 20200710. A heap-buffer-overflow exists in the function OpAdvance() located in swfaction.c. It allows an attacker to cause code Execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-20T20:27:21.000000Z"}, {"uuid": "43493470-3e2d-4ef1-9c48-95ddb2c83982", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39564", "type": "seen", "source": "https://t.me/cibsecurity/29137", "content": "\u203c CVE-2021-39564 \u203c\n\nAn issue was discovered in swftools through 20200710. A heap-buffer-overflow exists in the function swf_DumpActions() located in swfaction.c. It allows an attacker to cause code Execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-20T20:33:03.000000Z"}]}