CWE-502
Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
CVE-2021-33175 (GCVE-0-2021-33175)
Vulnerability from cvelistv5 – Published: 2021-06-08 14:31 – Updated: 2024-08-03 23:42
VLAI
Summary
EMQ X Broker versions prior to 4.2.8 are vulnerable to a denial of service attack as a result of excessive memory consumption due to the handling of untrusted inputs. These inputs cause the message broker to consume large amounts of memory, resulting in the application being terminated by the operating system.
Severity
No CVSS data available.
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.synopsys.com/blogs/software-security/… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| EMQ Technologies | EMQ X Broker |
Affected:
<4.2.8
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:42:20.215Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-rabbitmq-emqx-vernemq"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EMQ X Broker",
"vendor": "EMQ Technologies",
"versions": [
{
"status": "affected",
"version": "\u003c4.2.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "EMQ X Broker versions prior to 4.2.8 are vulnerable to a denial of service attack as a result of excessive memory consumption due to the handling of untrusted inputs. These inputs cause the message broker to consume large amounts of memory, resulting in the application being terminated by the operating system."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-08T14:31:16.000Z",
"orgId": "8cad7728-009c-4a3d-a95e-ca62e6ff8a0b",
"shortName": "SNPS"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-rabbitmq-emqx-vernemq"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "disclosure@synopsys.com",
"ID": "CVE-2021-33175",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EMQ X Broker",
"version": {
"version_data": [
{
"version_value": "\u003c4.2.8"
}
]
}
}
]
},
"vendor_name": "EMQ Technologies"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMQ X Broker versions prior to 4.2.8 are vulnerable to a denial of service attack as a result of excessive memory consumption due to the handling of untrusted inputs. These inputs cause the message broker to consume large amounts of memory, resulting in the application being terminated by the operating system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502: Deserialization of Untrusted Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-rabbitmq-emqx-vernemq",
"refsource": "MISC",
"url": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-rabbitmq-emqx-vernemq"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8cad7728-009c-4a3d-a95e-ca62e6ff8a0b",
"assignerShortName": "SNPS",
"cveId": "CVE-2021-33175",
"datePublished": "2021-06-08T14:31:16.000Z",
"dateReserved": "2021-05-18T00:00:00.000Z",
"dateUpdated": "2024-08-03T23:42:20.215Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33176 (GCVE-0-2021-33176)
Vulnerability from cvelistv5 – Published: 2021-06-08 14:31 – Updated: 2024-08-03 23:42
VLAI
Summary
VerneMQ MQTT Broker versions prior to 1.12.0 are vulnerable to a denial of service attack as a result of excessive memory consumption due to the handling of untrusted inputs. These inputs cause the message broker to consume large amounts of memory, resulting in the application being terminated by the operating system.
Severity
No CVSS data available.
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.synopsys.com/blogs/software-security/… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:42:20.143Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-rabbitmq-emqx-vernemq"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vernemq",
"vendor": "VerneMQ",
"versions": [
{
"status": "affected",
"version": "\u003c1.12.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VerneMQ MQTT Broker versions prior to 1.12.0 are vulnerable to a denial of service attack as a result of excessive memory consumption due to the handling of untrusted inputs. These inputs cause the message broker to consume large amounts of memory, resulting in the application being terminated by the operating system."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-08T14:31:23.000Z",
"orgId": "8cad7728-009c-4a3d-a95e-ca62e6ff8a0b",
"shortName": "SNPS"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-rabbitmq-emqx-vernemq"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "disclosure@synopsys.com",
"ID": "CVE-2021-33176",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "vernemq",
"version": {
"version_data": [
{
"version_value": "\u003c1.12.0"
}
]
}
}
]
},
"vendor_name": "VerneMQ"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VerneMQ MQTT Broker versions prior to 1.12.0 are vulnerable to a denial of service attack as a result of excessive memory consumption due to the handling of untrusted inputs. These inputs cause the message broker to consume large amounts of memory, resulting in the application being terminated by the operating system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502: Deserialization of Untrusted Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-rabbitmq-emqx-vernemq",
"refsource": "MISC",
"url": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-rabbitmq-emqx-vernemq"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8cad7728-009c-4a3d-a95e-ca62e6ff8a0b",
"assignerShortName": "SNPS",
"cveId": "CVE-2021-33176",
"datePublished": "2021-06-08T14:31:23.000Z",
"dateReserved": "2021-05-18T00:00:00.000Z",
"dateUpdated": "2024-08-03T23:42:20.143Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33728 (GCVE-0-2021-33728)
Vulnerability from cvelistv5 – Published: 2021-10-12 09:49 – Updated: 2024-08-03 23:58
VLAI
Summary
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system allows to upload JSON objects that are deserialized to JAVA objects. Due to insecure deserialization of user-supplied content by the affected software, a privileged attacker could exploit this vulnerability by sending a crafted serialized Java object. An exploit could allow the attacker to execute arbitrary code on the device with root privileges.
Severity
No CVSS data available.
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:58:22.903Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SINEC NMS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.0 SP2 Update 1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINEC NMS (All versions \u003c V1.0 SP2 Update 1). The affected system allows to upload JSON objects that are deserialized to JAVA objects. Due to insecure deserialization of user-supplied content by the affected software, a privileged attacker could exploit this vulnerability by sending a crafted serialized Java object. An exploit could allow the attacker to execute arbitrary code on the device with root privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-12T09:49:28.000Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-33728",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SINEC NMS",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V1.0 SP2 Update 1"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SINEC NMS (All versions \u003c V1.0 SP2 Update 1). The affected system allows to upload JSON objects that are deserialized to JAVA objects. Due to insecure deserialization of user-supplied content by the affected software, a privileged attacker could exploit this vulnerability by sending a crafted serialized Java object. An exploit could allow the attacker to execute arbitrary code on the device with root privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502: Deserialization of Untrusted Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-33728",
"datePublished": "2021-10-12T09:49:28.000Z",
"dateReserved": "2021-05-28T00:00:00.000Z",
"dateUpdated": "2024-08-03T23:58:22.903Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34992 (GCVE-0-2021-34992)
Vulnerability from cvelistv5 – Published: 2021-11-15 15:40 – Updated: 2024-08-04 00:26
VLAI
Summary
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Orckestra C1 CMS 6.10. Authentication is required to exploit this vulnerability. The specific flaw exists within Composite.dll. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-14740.
Severity
8.8 (High)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
| https://github.com/Orckestra/C1-CMS-Foundation/re… | x_refsource_MISC |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:26:55.827Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1304/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Orckestra/C1-CMS-Foundation/releases/tag/v6.11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "C1 CMS",
"vendor": "Orckestra",
"versions": [
{
"status": "affected",
"version": "6.10"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Le Ngoc Anh - Sun* Cyber Security Research Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Orckestra C1 CMS 6.10. Authentication is required to exploit this vulnerability. The specific flaw exists within Composite.dll. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-14740."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-13T21:44:44.000Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1304/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Orckestra/C1-CMS-Foundation/releases/tag/v6.11"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2021-34992",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "C1 CMS",
"version": {
"version_data": [
{
"version_value": "6.10"
}
]
}
}
]
},
"vendor_name": "Orckestra"
}
]
}
},
"credit": "Le Ngoc Anh - Sun* Cyber Security Research Team",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Orckestra C1 CMS 6.10. Authentication is required to exploit this vulnerability. The specific flaw exists within Composite.dll. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-14740."
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502: Deserialization of Untrusted Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1304/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1304/"
},
{
"name": "https://github.com/Orckestra/C1-CMS-Foundation/releases/tag/v6.11",
"refsource": "MISC",
"url": "https://github.com/Orckestra/C1-CMS-Foundation/releases/tag/v6.11"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2021-34992",
"datePublished": "2021-11-15T15:40:18.000Z",
"dateReserved": "2021-06-17T00:00:00.000Z",
"dateUpdated": "2024-08-04T00:26:55.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-35215 (GCVE-0-2021-35215)
Vulnerability from cvelistv5 – Published: 2021-09-01 14:21 – Updated: 2024-09-16 19:52
VLAI
Title
ActionPluginBaseView Deserialization of Untrusted Data RCE
Summary
Insecure deserialization leading to Remote Code Execution was detected in the Orion Platform version 2020.2.5. Authentication is required to exploit this vulnerability.
Severity
8.9 (High)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://documentation.solarwinds.com/en/success_c… | x_refsource_MISC |
| https://www.solarwinds.com/trust-center/security-… | x_refsource_MISC |
| https://documentation.solarwinds.co/enm/success_c… | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SolarWinds | Orion Platform |
Affected:
2020.2.5 and previous versions , < 2020.2.6
(custom)
|
Date Public
2021-07-15 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:33:51.252Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35215"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.solarwinds.co/enm/success_center/orionplatform/content/release_notes/orion_platform_2020-2-6_release_notes.htm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1245/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "Orion Platform",
"vendor": "SolarWinds",
"versions": [
{
"lessThan": "2020.2.6",
"status": "affected",
"version": "2020.2.5 and previous versions",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Jangggggg working with Trend Micro Zero Day Initiative"
}
],
"datePublic": "2021-07-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Insecure deserialization leading to Remote Code Execution was detected in the Orion Platform version 2020.2.5. Authentication is required to exploit this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-28T11:06:20.000Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35215"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.solarwinds.co/enm/success_center/orionplatform/content/release_notes/orion_platform_2020-2-6_release_notes.htm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1245/"
}
],
"solutions": [
{
"lang": "en",
"value": "Customers are advised to update to Orion Platform 2020.2.6 once it becomes available,"
}
],
"source": {
"defect": [
"CVE-2021-35215"
],
"discovery": "UNKNOWN"
},
"title": "ActionPluginBaseView Deserialization of Untrusted Data RCE",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@solarwinds.com",
"DATE_PUBLIC": "2021-07-15T16:08:00.000Z",
"ID": "CVE-2021-35215",
"STATE": "PUBLIC",
"TITLE": "ActionPluginBaseView Deserialization of Untrusted Data RCE"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Orion Platform",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "2020.2.5 and previous versions",
"version_value": "2020.2.6"
}
]
}
}
]
},
"vendor_name": "SolarWinds"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Jangggggg working with Trend Micro Zero Day Initiative"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insecure deserialization leading to Remote Code Execution was detected in the Orion Platform version 2020.2.5. Authentication is required to exploit this vulnerability."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502 Deserialization of Untrusted Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm",
"refsource": "MISC",
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm"
},
{
"name": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35215",
"refsource": "MISC",
"url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35215"
},
{
"name": "https://documentation.solarwinds.co/enm/success_center/orionplatform/content/release_notes/orion_platform_2020-2-6_release_notes.htm",
"refsource": "MISC",
"url": "https://documentation.solarwinds.co/enm/success_center/orionplatform/content/release_notes/orion_platform_2020-2-6_release_notes.htm"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1245/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1245/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Customers are advised to update to Orion Platform 2020.2.6 once it becomes available,"
}
],
"source": {
"defect": [
"CVE-2021-35215"
],
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2021-35215",
"datePublished": "2021-09-01T14:21:46.258Z",
"dateReserved": "2021-06-22T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:52:15.792Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-35216 (GCVE-0-2021-35216)
Vulnerability from cvelistv5 – Published: 2021-09-01 14:23 – Updated: 2024-08-04 00:33
VLAI
Title
Deserialization of Untrusted Data in Resource Controls Remote Code Execution
Summary
Insecure Deserialization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module. An Authenticated Attacker with network access via HTTP can compromise this vulnerability can result in Remote Code Execution.
Severity
8.9 (High)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://documentation.solarwinds.com/en/success_c… | x_refsource_MISC |
| https://www.solarwinds.com/trust-center/security-… | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SolarWinds | Patch Manager |
Affected:
2020.2.5 and previous versions. , < 2020.2.6
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:33:51.219Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.solarwinds.com/en/success_center/patchman/content/release_notes/patchman_2020-2-6_release_notes.htm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35216"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1246/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "Patch Manager",
"vendor": "SolarWinds",
"versions": [
{
"lessThan": "2020.2.6",
"status": "affected",
"version": "2020.2.5 and previous versions.",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Jangggggg working with Trend Micro Zero Day Initiative"
}
],
"descriptions": [
{
"lang": "en",
"value": "Insecure Deserialization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module. An Authenticated Attacker with network access via HTTP can compromise this vulnerability can result in Remote Code Execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-28T11:06:08.000Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.solarwinds.com/en/success_center/patchman/content/release_notes/patchman_2020-2-6_release_notes.htm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35216"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1246/"
}
],
"solutions": [
{
"lang": "en",
"value": "SolarWinds recommends upgrading to both the latest version of Patch Manager and Orion Integration Module as soon as it becomes available."
}
],
"source": {
"defect": [
"CVE-2021-35216"
],
"discovery": "UNKNOWN"
},
"title": "Deserialization of Untrusted Data in Resource Controls Remote Code Execution",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@solarwinds.com",
"ID": "CVE-2021-35216",
"STATE": "PUBLIC",
"TITLE": "Deserialization of Untrusted Data in Resource Controls Remote Code Execution"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Patch Manager",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "2020.2.5 and previous versions.",
"version_value": "2020.2.6"
}
]
}
}
]
},
"vendor_name": "SolarWinds"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Jangggggg working with Trend Micro Zero Day Initiative"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insecure Deserialization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module. An Authenticated Attacker with network access via HTTP can compromise this vulnerability can result in Remote Code Execution."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502 Deserialization of Untrusted Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.solarwinds.com/en/success_center/patchman/content/release_notes/patchman_2020-2-6_release_notes.htm",
"refsource": "MISC",
"url": "https://documentation.solarwinds.com/en/success_center/patchman/content/release_notes/patchman_2020-2-6_release_notes.htm"
},
{
"name": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35216",
"refsource": "MISC",
"url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35216"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1246/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1246/"
}
]
},
"solution": [
{
"lang": "en",
"value": "SolarWinds recommends upgrading to both the latest version of Patch Manager and Orion Integration Module as soon as it becomes available."
}
],
"source": {
"defect": [
"CVE-2021-35216"
],
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2021-35216",
"datePublished": "2021-09-01T14:23:01.000Z",
"dateReserved": "2021-06-22T00:00:00.000Z",
"dateUpdated": "2024-08-04T00:33:51.219Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-35218 (GCVE-0-2021-35218)
Vulnerability from cvelistv5 – Published: 2021-09-01 14:24 – Updated: 2024-08-04 00:33
VLAI
Title
Chart Endpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability
Summary
Deserialization of Untrusted Data in the Web Console Chart Endpoint can lead to remote code execution. An unauthorized attacker who has network access to the Orion Patch Manager Web Console could potentially exploit this and compromise the server
Severity
8.9 (High)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://documentation.solarwinds.com/en/success_c… | x_refsource_MISC |
| https://www.solarwinds.com/trust-center/security-… | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SolarWinds | Patch Manager |
Affected:
2020.5 and previous versions , < 2020.2.6
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:33:51.326Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.solarwinds.com/en/success_center/patchman/content/release_notes/patchman_2020-2-6_release_notes.htm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35218"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1248/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "Patch Manager",
"vendor": "SolarWinds",
"versions": [
{
"lessThan": "2020.2.6",
"status": "affected",
"version": "2020.5 and previous versions",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Jangggggg via Trend Micro Zero Day Initiative"
}
],
"descriptions": [
{
"lang": "en",
"value": "Deserialization of Untrusted Data in the Web Console Chart Endpoint can lead to remote code execution. An unauthorized attacker who has network access to the Orion Patch Manager Web Console could potentially exploit this and compromise the server"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-28T11:06:06.000Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.solarwinds.com/en/success_center/patchman/content/release_notes/patchman_2020-2-6_release_notes.htm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35218"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1248/"
}
],
"solutions": [
{
"lang": "en",
"value": "This issue is fixed in the release of the Patch Manager module for Orion Platform version 2020.2.6."
}
],
"source": {
"defect": [
"CVE-2021-35218",
""
],
"discovery": "EXTERNAL"
},
"title": "Chart Endpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@solarwinds.com",
"ID": "CVE-2021-35218",
"STATE": "PUBLIC",
"TITLE": "Chart Endpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Patch Manager",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "2020.5 and previous versions",
"version_value": "2020.2.6"
}
]
}
}
]
},
"vendor_name": "SolarWinds"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Jangggggg via Trend Micro Zero Day Initiative"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Deserialization of Untrusted Data in the Web Console Chart Endpoint can lead to remote code execution. An unauthorized attacker who has network access to the Orion Patch Manager Web Console could potentially exploit this and compromise the server"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502 Deserialization of Untrusted Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.solarwinds.com/en/success_center/patchman/content/release_notes/patchman_2020-2-6_release_notes.htm",
"refsource": "MISC",
"url": "https://documentation.solarwinds.com/en/success_center/patchman/content/release_notes/patchman_2020-2-6_release_notes.htm"
},
{
"name": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35218",
"refsource": "MISC",
"url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35218"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1248/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1248/"
}
]
},
"solution": [
{
"lang": "en",
"value": "This issue is fixed in the release of the Patch Manager module for Orion Platform version 2020.2.6."
}
],
"source": {
"defect": [
"CVE-2021-35218",
""
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2021-35218",
"datePublished": "2021-09-01T14:24:13.000Z",
"dateReserved": "2021-06-22T00:00:00.000Z",
"dateUpdated": "2024-08-04T00:33:51.326Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-36336 (GCVE-0-2021-36336)
Vulnerability from cvelistv5 – Published: 2021-12-21 17:05 – Updated: 2024-09-16 19:24
VLAI
Summary
Wyse Management Suite 3.3.1 and below versions contain a deserialization vulnerability that could allow an unauthenticated attacker to execute code on the affected system.
Severity
9.8 (Critical)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/000193079 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Dell | Wyse Management Suite |
Affected:
unspecified , < 3.5
(custom)
|
Date Public
2021-11-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:54:51.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/000193079"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wyse Management Suite",
"vendor": "Dell",
"versions": [
{
"lessThan": "3.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-11-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Wyse Management Suite 3.3.1 and below versions contain a deserialization vulnerability that could allow an unauthenticated attacker to execute code on the affected system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-21T17:05:26.000Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/kbdoc/000193079"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2021-11-18",
"ID": "CVE-2021-36336",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Wyse Management Suite",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.5"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Wyse Management Suite 3.3.1 and below versions contain a deserialization vulnerability that could allow an unauthenticated attacker to execute code on the affected system."
}
]
},
"impact": {
"cvss": {
"baseScore": 9.8,
"baseSeverity": "Critical",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502: Deserialization of Untrusted Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/kbdoc/000193079",
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/000193079"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2021-36336",
"datePublished": "2021-12-21T17:05:26.467Z",
"dateReserved": "2021-07-08T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:24:32.413Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-37181 (GCVE-0-2021-37181)
Vulnerability from cvelistv5 – Published: 2021-09-14 10:47 – Updated: 2024-08-04 01:16
VLAI
Summary
A vulnerability has been identified in Cerberus DMS V4.0 (All versions), Cerberus DMS V4.1 (All versions), Cerberus DMS V4.2 (All versions), Cerberus DMS V5.0 (All versions < v5.0 QU1), Desigo CC Compact V4.0 (All versions), Desigo CC Compact V4.1 (All versions), Desigo CC Compact V4.2 (All versions), Desigo CC Compact V5.0 (All versions < V5.0 QU1), Desigo CC V4.0 (All versions), Desigo CC V4.1 (All versions), Desigo CC V4.2 (All versions), Desigo CC V5.0 (All versions < V5.0 QU1). The application deserialises untrusted data without sufficient validations, that could result in an arbitrary deserialization. This could allow an unauthenticated attacker to execute code in the affected system. The CCOM communication component used for Windows App / Click-Once and IE Web / XBAP client connectivity are affected by the vulnerability.
Severity
No CVSS data available.
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_MISC |
Impacted products
12 products
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | Cerberus DMS V4.0 |
Affected:
All versions
|
|
| Siemens | Cerberus DMS V4.1 |
Affected:
All versions
|
|
| Siemens | Cerberus DMS V4.2 |
Affected:
All versions
|
|
| Siemens | Cerberus DMS V5.0 |
Affected:
All versions < v5.0 QU1
|
|
| Siemens | Desigo CC Compact V4.0 |
Affected:
All versions
|
|
| Siemens | Desigo CC Compact V4.1 |
Affected:
All versions
|
|
| Siemens | Desigo CC Compact V4.2 |
Affected:
All versions
|
|
| Siemens | Desigo CC Compact V5.0 |
Affected:
All versions < V5.0 QU1
|
|
| Siemens | Desigo CC V4.0 |
Affected:
All versions
|
|
| Siemens | Desigo CC V4.1 |
Affected:
All versions
|
|
| Siemens | Desigo CC V4.2 |
Affected:
All versions
|
|
| Siemens | Desigo CC V5.0 |
Affected:
All versions < V5.0 QU1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:16:03.922Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-453715.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cerberus DMS V4.0",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "Cerberus DMS V4.1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "Cerberus DMS V4.2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "Cerberus DMS V5.0",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c v5.0 QU1"
}
]
},
{
"product": "Desigo CC Compact V4.0",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "Desigo CC Compact V4.1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "Desigo CC Compact V4.2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "Desigo CC Compact V5.0",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.0 QU1"
}
]
},
{
"product": "Desigo CC V4.0",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "Desigo CC V4.1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "Desigo CC V4.2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "Desigo CC V5.0",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.0 QU1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Cerberus DMS V4.0 (All versions), Cerberus DMS V4.1 (All versions), Cerberus DMS V4.2 (All versions), Cerberus DMS V5.0 (All versions \u003c v5.0 QU1), Desigo CC Compact V4.0 (All versions), Desigo CC Compact V4.1 (All versions), Desigo CC Compact V4.2 (All versions), Desigo CC Compact V5.0 (All versions \u003c V5.0 QU1), Desigo CC V4.0 (All versions), Desigo CC V4.1 (All versions), Desigo CC V4.2 (All versions), Desigo CC V5.0 (All versions \u003c V5.0 QU1). The application deserialises untrusted data without sufficient validations, that could result in an arbitrary deserialization. This could allow an unauthenticated attacker to execute code in the affected system. The CCOM communication component used for Windows App / Click-Once and IE Web / XBAP client connectivity are affected by the vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-14T10:47:46.000Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-453715.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-37181",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cerberus DMS V4.0",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "Cerberus DMS V4.1",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "Cerberus DMS V4.2",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "Cerberus DMS V5.0",
"version": {
"version_data": [
{
"version_value": "All versions \u003c v5.0 QU1"
}
]
}
},
{
"product_name": "Desigo CC Compact V4.0",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "Desigo CC Compact V4.1",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "Desigo CC Compact V4.2",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "Desigo CC Compact V5.0",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.0 QU1"
}
]
}
},
{
"product_name": "Desigo CC V4.0",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "Desigo CC V4.1",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "Desigo CC V4.2",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "Desigo CC V5.0",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.0 QU1"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Cerberus DMS V4.0 (All versions), Cerberus DMS V4.1 (All versions), Cerberus DMS V4.2 (All versions), Cerberus DMS V5.0 (All versions \u003c v5.0 QU1), Desigo CC Compact V4.0 (All versions), Desigo CC Compact V4.1 (All versions), Desigo CC Compact V4.2 (All versions), Desigo CC Compact V5.0 (All versions \u003c V5.0 QU1), Desigo CC V4.0 (All versions), Desigo CC V4.1 (All versions), Desigo CC V4.2 (All versions), Desigo CC V5.0 (All versions \u003c V5.0 QU1). The application deserialises untrusted data without sufficient validations, that could result in an arbitrary deserialization. This could allow an unauthenticated attacker to execute code in the affected system. The CCOM communication component used for Windows App / Click-Once and IE Web / XBAP client connectivity are affected by the vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502: Deserialization of Untrusted Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-453715.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-453715.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-37181",
"datePublished": "2021-09-14T10:47:46.000Z",
"dateReserved": "2021-07-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T01:16:03.922Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-37578 (GCVE-0-2021-37578)
Vulnerability from cvelistv5 – Published: 2021-07-29 07:05 – Updated: 2024-08-04 01:23
VLAI
Title
Remote code execution via RMI
Summary
Apache jUDDI uses several classes related to Java's Remote Method Invocation (RMI) which (as an extension to UDDI) provides an alternate transport for accessing UDDI services. RMI uses the default Java serialization mechanism to pass parameters in RMI invocations. A remote attacker can send a malicious serialized object to the above RMI entries. The objects get deserialized without any check on the incoming data. In the worst case, it may let the attacker run arbitrary code remotely. For both jUDDI web service applications and jUDDI clients, the usage of RMI is disabled by default. Since this is an optional feature and an extension to the UDDI protocol, the likelihood of impact is low. Starting with 3.3.10, all RMI related code was removed.
Severity
No CVSS data available.
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://lists.apache.org/thread.html/r82047b3ba77… | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2021/07/29/1 | mailing-listx_refsource_MLIST |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache jUDDI |
Affected:
unspecified , < 3.3.10
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:23:01.344Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r82047b3ba774cf870ea8e1e9ec51c6107f6cd056d4e36608148c6e71%40%3Cprivate.juddi.apache.org%3E"
},
{
"name": "[oss-security] 20210728 [SECURITY] CVE-2021-37578 Apache jUDDI Remote code execution",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/07/29/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache jUDDI",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "3.3.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Reported by Artem Smotrakov"
}
],
"descriptions": [
{
"lang": "en",
"value": "Apache jUDDI uses several classes related to Java\u0027s Remote Method Invocation (RMI) which (as an extension to UDDI) provides an alternate transport for accessing UDDI services. RMI uses the default Java serialization mechanism to pass parameters in RMI invocations. A remote attacker can send a malicious serialized object to the above RMI entries. The objects get deserialized without any check on the incoming data. In the worst case, it may let the attacker run arbitrary code remotely. For both jUDDI web service applications and jUDDI clients, the usage of RMI is disabled by default. Since this is an optional feature and an extension to the UDDI protocol, the likelihood of impact is low. Starting with 3.3.10, all RMI related code was removed."
}
],
"metrics": [
{
"other": {
"content": {
"other": "moderate"
},
"type": "unknown"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-29T14:06:11.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/r82047b3ba774cf870ea8e1e9ec51c6107f6cd056d4e36608148c6e71%40%3Cprivate.juddi.apache.org%3E"
},
{
"name": "[oss-security] 20210728 [SECURITY] CVE-2021-37578 Apache jUDDI Remote code execution",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/07/29/1"
}
],
"source": {
"defect": [
"JUDDI-1018"
],
"discovery": "UNKNOWN"
},
"title": "Remote code execution via RMI",
"workarounds": [
{
"lang": "en",
"value": "For the jUDDI service web application, RMI and JNDI service registration is disabled by default. If it was enabled by the system owner, disable it.\n\nFor jUDDI Clients, do not use RMI Transports. This is an opt-in feature and is not typically used."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2021-37578",
"STATE": "PUBLIC",
"TITLE": "Remote code execution via RMI"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache jUDDI",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.3.10"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Reported by Artem Smotrakov"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache jUDDI uses several classes related to Java\u0027s Remote Method Invocation (RMI) which (as an extension to UDDI) provides an alternate transport for accessing UDDI services. RMI uses the default Java serialization mechanism to pass parameters in RMI invocations. A remote attacker can send a malicious serialized object to the above RMI entries. The objects get deserialized without any check on the incoming data. In the worst case, it may let the attacker run arbitrary code remotely. For both jUDDI web service applications and jUDDI clients, the usage of RMI is disabled by default. Since this is an optional feature and an extension to the UDDI protocol, the likelihood of impact is low. Starting with 3.3.10, all RMI related code was removed."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": [
{
"other": "moderate"
}
],
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502 Deserialization of Untrusted Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread.html/r82047b3ba774cf870ea8e1e9ec51c6107f6cd056d4e36608148c6e71%40%3Cprivate.juddi.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/r82047b3ba774cf870ea8e1e9ec51c6107f6cd056d4e36608148c6e71%40%3Cprivate.juddi.apache.org%3E"
},
{
"name": "[oss-security] 20210728 [SECURITY] CVE-2021-37578 Apache jUDDI Remote code execution",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/07/29/1"
}
]
},
"source": {
"defect": [
"JUDDI-1018"
],
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"value": "For the jUDDI service web application, RMI and JNDI service registration is disabled by default. If it was enabled by the system owner, disable it.\n\nFor jUDDI Clients, do not use RMI Transports. This is an opt-in feature and is not typically used."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2021-37578",
"datePublished": "2021-07-29T07:05:10.000Z",
"dateReserved": "2021-07-27T00:00:00.000Z",
"dateUpdated": "2024-08-04T01:23:01.344Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phases: Architecture and Design, Implementation
Description:
- If available, use the signing/sealing features of the programming language to assure that deserialized data has not been tainted. For example, a hash-based message authentication code (HMAC) could be used to ensure that data has not been modified.
Mitigation
Phase: Implementation
Description:
- When deserializing data, populate a new object rather than just deserializing. The result is that the data flows through safe input validation and that the functions are safe.
Mitigation
Phase: Implementation
Description:
- Explicitly define a final object() to prevent deserialization.
Mitigation
Phases: Architecture and Design, Implementation
Description:
- Make fields transient to protect them from deserialization.
- An attempt to serialize and then deserialize a class containing transient fields will result in NULLs where the transient data should be. This is an excellent way to prevent time, environment-based, or sensitive variables from being carried over and used improperly.
Mitigation
Phase: Implementation
Description:
- Avoid having unnecessary types or gadgets (a sequence of instances and method invocations that can self-execute during the deserialization process, often found in libraries) available that can be leveraged for malicious ends. This limits the potential for unintended or unauthorized types and gadgets to be leveraged by the attacker. Add only acceptable classes to an allowlist. Note: new gadgets are constantly being discovered, so this alone is not a sufficient mitigation.
Mitigation
Phases: Architecture and Design, Implementation
Description:
- Employ cryptography of the data or code for protection. However, it's important to note that it would still be client-side security. This is risky because if the client is compromised then the security implemented on the client (the cryptography) can be bypassed.
Mitigation ID: MIT-29
Phase: Operation
Strategy: Firewall
Description:
- Use an application firewall that can detect attacks against this weakness. It can be beneficial in cases in which the code cannot be fixed (because it is controlled by a third party), as an emergency prevention measure while more comprehensive software assurance measures are applied, or to provide defense in depth [REF-1481].
CAPEC-586: Object Injection
An adversary attempts to exploit an application by injecting additional, malicious content during its processing of serialized objects. Developers leverage serialization in order to convert data or state into a static, binary format for saving to disk or transferring over a network. These objects are then deserialized when needed to recover the data/state. By injecting a malformed object into a vulnerable application, an adversary can potentially compromise the application by manipulating the deserialization process. This can result in a number of unwanted outcomes, including remote code execution.