Lucene search

CVE-2021-21307

🗓️ 11 Feb 2021 19:13:15Reported by GitHub_MType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 131 Views

Lucee Server unauthenticated remote code exploit fix in versions 5.3.7.47, 5.3.6.68, or 5.3.5.9

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 13
OSV	CVE-2021-21307	11 Feb 202119:15	–	osv
Metasploit	Lucee Administrator imgProcess.cfm Arbitrary File Write	16 Aug 202115:09	–	metasploit
OpenVAS	Lucee < 5.3.5.96, 5.3.6.x < 5.3.6.68, 5.3.7.x < 5.3.7.47 RCE Vulnerability (GHSA-2xvv-723c-8p7r) - Version Check	11 Jun 202100:00	–	openvas
OpenVAS	Lucee < 5.3.5.96, 5.3.6.x < 5.3.6.68, 5.3.7.x < 5.3.7.47 RCE Vulnerability (GHSA-2xvv-723c-8p7r) - Active Check	11 Jun 202100:00	–	openvas
AttackerKB	CVE-2021-21307	11 Feb 202100:00	–	attackerkb
0day.today	Lucee Administrator imgProcess.cfm Arbitrary File Write Exploit	18 Aug 202100:00	–	zdt
Cvelist	CVE-2021-21307 Remote Code Exploit in Lucee Admin	11 Feb 202118:20	–	cvelist
Prion	Code injection	11 Feb 202119:15	–	prion
seebug.org	Lucee Server 未授权RCE漏洞（CVE-2021-21307）	8 Jun 202100:00	–	seebug
NVD	CVE-2021-21307	11 Feb 202119:15	–	nvd

Nvd

Vulners

Node

lucee lucee_serverRange5.3.5.00–5.3.5.96

lucee lucee_serverRange5.3.6.00–5.3.6.68

lucee lucee_serverRange5.3.7.00–5.3.7.47

[
  {
    "product": "Lucee",
    "vendor": "lucee",
    "versions": [
      {
        "status": "affected",
        "version": ">= 5.3.5.0, < 5.3.5.96"
      },
      {
        "status": "affected",
        "version": ">= 5.3.6.0, < 5.3.6.68"
      },
      {
        "status": "affected",
        "version": ">= 5.3.7.0, < 5.3.7.47"
      }
    ]
  }
]

Source	Link
github	www.github.com/lucee/Lucee/security/advisories/GHSA-2xvv-723c-8p7r
github	www.github.com/lucee/Lucee/commit/6208ab7c44c61d26c79e0b0af10382899f57e1ca
dev	www.dev.lucee.org/t/lucee-vulnerability-alert-november-2020/7643
portswigger	www.portswigger.net/daily-swig/security-researchers-earn-50k-after-exposing-critical-flaw-in-apple-travel-portal
packetstormsecurity	www.packetstormsecurity.com/files/163864/Lucee-Administrator-imgProcess.cfm-Arbitrary-File-Write.html
ciacfug	www.ciacfug.org/blog/updating-lucee-as-part-of-a-vulnerability-alert-response
github	www.github.com/httpvoid/writeups/blob/main/Apple-RCE.md

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

11 Feb 2021 19:15Current

9High risk

Vulners AI Score9

CVSS27.5

CVSS38.6 - 9.8

EPSS0.92969