← volver
CVE-2021-40865

Unsafe Pre-Authentication Deserialization In Workers

EPSS 65.6%CWE-502
Vexday Risk Score
15Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS EPSS 65.6%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
25 oct 2021Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
An Unsafe Deserialization vulnerability exists in the worker services of the Apache Storm supervisor server allowing pre-auth Remote Code Execution (RCE). Apache Storm 2.2.x users should upgrade to version 2.2.1 or 2.3.0. Apache Storm 2.1.x users should upgrade to version 2.1.1. Apache Storm 1.x users should upgrade to version 1.2.4
Productos afectados
Apache Software Foundation · Apache Storm

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://lists.apache.org/thread.html/r8d45e74299897b6734dd0f788c46a631009ce2eeb731523386f7a253%40%3Cuser.storm.apache.org%3Ehttps://seclists.org/oss-sec/2021/q4/45