CVE-2021-30642

Beschreibung:
An input validation flaw in the Symantec Security Analytics web UI 7.2 prior 7.2.7, 8.1, prior to 8.1.3-NSR3, 8.2, prior to 8.2.1-NSR2 or 8.2.2 allows a remote, unauthenticated attacker to execute arbitrary OS commands on the target with elevated privileges.

CWE: CWE-78 CWE-78

CVSS-Bewertung
CVSS 2: HIGH – 10 (Version: 2.0)
CVSS 3: CRITICAL – 9.8 (Version: 3.1)

Links:

NVD – CVE-2021-30642
CVE – CVE-2021-30642

Link (max. 20) Quelle Tags
https://support.broadcom.com/security-advisory/content/security-advisories/0/SYMSA17969 MISC Third Party Advisory Vendor Advisory VDB Entry
https://www.ibm.com/support/pages/node/6447107 CONFIRM Patch Vendor Advisory VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-21-491/ MISC Third Party Advisory VDB Entry Vendor Advisory
[oss-security] 20210427 [CVE-2021-29200] RCE vulnerability in latest Apache OFBiz due to Java serialisation using RMI MLIST Mailing List Patch Third Party Advisory
[ofbiz-dev] 20210427 [CVE-2021-29200] RCE vulnerability in latest Apache OFBiz due to Java serialisation using RMI MLIST Mailing List Vendor Advisory Vendor Advisory
[ofbiz-commits] 20210427 [ofbiz-site] branch master updated: Updates security page for CVE-2021-29200 and 30128 fixed in 17.12.07 MLIST Mailing List Patch Vendor Advisory
[announce] 20210427 [CVE-2021-29200] RCE vulnerability in latest Apache OFBiz due to Java serialisation using RMI MLIST Mailing List Vendor Advisory Vendor Advisory
[announce] 20210427 [CVE-2021-30128] Unsafe deserialization in OFBiz MLIST Mailing List Mitigation Vendor Advisory

Quelle: NVD – CVE-2021-30642
Datum Veröffentlichung: 2021-04-27T15:15Z, Datum letzte Änderung: 2021-05-07T16:21Z