{"vulnerability": "cve-2021-4212", "sightings": [{"uuid": "f68e7b49-4ade-4b6d-9599-48ef1f470aff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-4212", "type": "seen", "source": "https://t.me/cibsecurity/41358", "content": "\u203c CVE-2021-4212 \u203c\n\nA potential vulnerability in the SMI callback function used in the Legacy BIOS mode driver in some Lenovo Notebook models may allow an attacker with local access and elevated privileges to execute arbitrary code.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-23T00:28:27.000000Z"}, {"uuid": "2f9366a2-eeff-4079-8b9a-6848a70b7194", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42129", "type": "seen", "source": "https://t.me/cibsecurity/33452", "content": "\u203c CVE-2021-42129 \u203c\n\nA command injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-07T16:22:03.000000Z"}, {"uuid": "3f34ba64-1237-419e-a4c3-9ef2f38b49d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42125", "type": "seen", "source": "https://t.me/cibsecurity/33451", "content": "\u203c CVE-2021-42125 \u203c\n\nAn unrestricted file upload vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to write dangerous files.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-07T16:22:02.000000Z"}, {"uuid": "a2a761f9-34e8-4883-8d85-dbdccbe3537b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42127", "type": "seen", "source": "https://t.me/cibsecurity/33441", "content": "\u203c CVE-2021-42127 \u203c\n\nA deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 using Inforail Service allows arbitrary code execution via Data Repository Service.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-07T16:21:47.000000Z"}, {"uuid": "7fa23c7f-e44e-4f68-9083-d495780da379", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42126", "type": "seen", "source": "https://t.me/cibsecurity/33443", "content": "\u203c CVE-2021-42126 \u203c\n\nAn improper authorization control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-07T16:21:49.000000Z"}, {"uuid": "84700b9e-1dde-4cd7-970c-87e852f9c747", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42128", "type": "seen", "source": "https://t.me/cibsecurity/33442", "content": "\u203c CVE-2021-42128 \u203c\n\nAn exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 using inforail Service allows Privilege Escalation via Enterprise Server Service.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-07T16:21:48.000000Z"}, {"uuid": "13adf2a3-6460-4b09-859c-b571ec53f6bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42124", "type": "seen", "source": "https://t.me/cibsecurity/33449", "content": "\u203c CVE-2021-42124 \u203c\n\nAn improper access control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform a session takeover.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-07T16:21:57.000000Z"}]}