A collection of proof-of-concept exploits for publicly disclosed vulnerabilities discovered by the STM Cyber team.
- CVE-2021-20572 - Stack overflow in IBM Security Identity Manager Windows Password Synch Plug-in
- CVE-2021-20573 - Heap overflow in IBM Security Identity Manager Windows Password Synch Plug-in
- CVE-2021-20574 - LDAP Injection leading to account takeover in IBM Security Identity Manager Windows Password Synch Plug-in
- CVE-2021-28958 - ManageEngine ADSelfService Plus - Unauthenticated RCE in password change function
- CVE-2021-31874 - ManageEngine ADSelfService Plus - Retrieval of linked databases credentials via HOST_NAME parameter manipulation
- CVE-2021-33055 - ManageEngine ADSelfService Plus - Unauthenticated RCE via PowerShell injection (system locale dependant)
- CVE-2021-37419 - ManageEngine ADSelfService Plus - SSRF vulnerability in /servlet/ADSHACluster endpoint
- CVE-2021-37420 - ManageEngine ADSelfService Plus - E-mail MIME injection in /RestAPI/PasswordSelfServiceAPI endpoint