CVE-2021-44026

Vulnerability updated a year ago (2024-05-04T19:33:18.431Z)

Download STIX

Preview STIX

Not enough context has been learned about CVE-2021-44026 for a description yet. However we're tracking it as a Vulnerability profile. Vulnerability: A flaw in software design or implementation

Description last updated:

What's your take? (Question 1 of 2)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The APT28 Threat Actor is associated with CVE-2021-44026. APT28, also known as Fancy Bear, Pawn Storm, Sofacy Group, Sednit, and STRONTIUM, is a threat actor linked to Russia. The group has been associated with cyber espionage campaigns across Central Asia and has historically targeted areas of national security, military operations, and geopolitical influ	Targets	3

Associated Vulnerabilities

To see the evidence that has resulted in these vulnerability associations, create a free account

Alias Description	Association Type	Votes
The CVE-2020-35730 Vulnerability is associated with CVE-2021-44026. CVE-2020-35730 is a Cross-Site Scripting (XSS) vulnerability in Roundcube Webmail, first discovered three years ago. The flaw has been actively exploited by threat actors in various campaigns. In the BlueDelta and APT28 campaigns, spear-phishing techniques were employed, with email attachments desig	Unspecified	4
The CVE-2020-12641 Vulnerability is associated with CVE-2021-44026. CVE-2020-12641 is a significant vulnerability discovered in the Roundcube Webmail application. It is an issue that arises from a flaw in the software's design or implementation, which allows for Command Injection and Cross-Site Scripting (XSS) attacks (CVE-2020-35730). The exploitation of this vulne	Unspecified	2

Source Document References

Information about the CVE-2021-44026 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
InfoSecurity-magazine	a month ago	Western Logistics and Tech Firms Targeted by Russia’s APT28
CISA	a month ago	Russian GRU Targeting Western Logistics Entities and Technology Companies \| CISA
Securityaffairs	a year ago	NATO and the EU formally condemned APT28 cyber espionage
Securityaffairs	2 years ago	Russia's APT8 exploited Outlook 0day to target EU NATO members
Securityaffairs	2 years ago	Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts
CERT-EU	2 years ago	Advanced threat predictions for 2024 – GIXtools
Securelist	2 years ago	Kaspersky Security Bulletin: APT predictions 2024
CERT-EU	2 years ago	Several French critical networks subjected to Russian APT attacks
Securityaffairs	2 years ago	ANSSI warns of Russia-linked APT28 attacks on French entities
CERT-EU	2 years ago	Microsoft warns of rise in credential stealing attacks by Russia-linked group
CERT-EU	2 years ago	Several bugs added to CISA vulnerability catalog
CERT-EU	2 years ago	Ex-FBI employee jailed for mishandling classified material
Securityaffairs	2 years ago	CISA adds recently disclosed Apple flaws to its Known Exploited Vulnerabilities catalog
CERT-EU	2 years ago	CISA Tells US Agencies to Patch Exploited Roundcube, VMware Flaws
CERT-EU	2 years ago	Cyber security week in review: June 23, 2023
CERT-EU	2 years ago	Governmental Agencies Ordered by CISA to Patch Vulnerabilities Exploited by Russian APT Groups
CERT-EU	2 years ago	CISA Adds Six Known Exploited Vulnerabilities to Catalog \| CISA
Securityaffairs	2 years ago	APT28 hacked Roundcube email servers of Ukrainian entities
CERT-EU	2 years ago	Russian hackers breach Ukrainian government and military entities
BankInfoSecurity	2 years ago	Ukraine Tracks Multiple Spear-Phishing Campaigns From Russia