Vulnerability Details : CVE-2021-36981
Potential exploit
In the server in SerNet verinice before 1.22.2, insecure Java deserialization allows remote authenticated attackers to execute arbitrary code.
Vulnerability category: Execute code
Products affected by CVE-2021-36981
- cpe:2.3:a:sernet:verinice:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-36981
4.33%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 88 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-36981
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
9.0
|
HIGH | AV:N/AC:L/Au:S/C:C/I:C/A:C |
8.0
|
10.0
|
NIST | |
|
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2021-36981
-
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-36981
-
https://verinice.com/en/support/security-advisory
Security AdvisoryPatch;Vendor Advisory
-
https://www.secianus.de/worum-geht-es/aktuelle-meldung/cve-2021-36981-verinicepro-unsafe-java-deserialization
CVE-2021-36981 - Verinice.Pro 1.22.1 Unsafe Java deserialization of untrusted data, leading to remote code execution (authenticated) | SECIANUS GmbH & Co. KGExploit;Third Party Advisory
-
https://github.com/SerNet/verinice/compare/1.22.1...1.22.2
Comparing 1.22.1...1.22.2 · SerNet/verinice · GitHubPatch
-
https://github.com/0xBrAinsTorM/CVE-2021-36981
GitHub - 0xBrAinsTorM/CVE-2021-36981Exploit;Issue Tracking
Jump to