CVE-2021-40865

Published: 25/10/2021 Updated: 28/10/2021

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

An Unsafe Deserialization vulnerability exists in the worker services of the Apache Storm supervisor server allowing pre-auth Remote Code Execution (RCE). Apache Storm 2.2.x users should upgrade to version 2.2.1 or 2.3.0. Apache Storm 2.1.x users should upgrade to version 2.1.1. Apache Storm 1.x users should upgrade to version 1.2.4

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache storm

Severity: high Description: An Unsafe Deserialization vulnerability exists in the worker services of the Apache Storm supervisor server allowing pre-auth Remote Code Execution (RCE) Apache Storm 22x users should upgrade to version 221 or 230 Apache Storm 21x users should upgrade to version 211 Apache Storm 1x users should upgrade ...

CVE-2021-40865

CVE-2021-40865 CVE-2021-40865 POC/exploit-poc import orgapachecommonsioIOUtils; import orgapachestormserializationKryoValuesSerializer; import ysoserialpayloadsObjectPayload; import ysoserialpayloadsURLDNS; import javaio*; import javamathBigInteger; import javanet*; import javautilHashMap; public class NettyExploit { /** * Encoded as -600 sho

CWE-502 https://seclists.org/oss-sec/2021/q4/45 https://lists.apache.org/thread.html/r8d45e74299897b6734dd0f788c46a631009ce2eeb731523386f7a253%40%3Cuser.storm.apache.org%3E https://nvd.nist.gov https://github.com/hktalent/CVE-2021-40865 http://seclists.org/oss-sec/2021/q4/45

CVE-2021-40865

Vulnerability Summary

Vulnerability Trend

Mailing Lists

Github Repositories

References

Vulmon Search

About

Products

Connect