Lucene search
CrafterCVELIST:CVE-2021-23262HistoryDec 02, 2021 - 3:40 p.m.
CVE-2021-23262 Snakeyaml deserialization vulnerability bypass
2021-12-0215:40:57
CWE-913
crafter
www.cve.org
2
cve-2021-23262
snakeyaml
deserialization
vulnerability
rce
administrators
yaml
configuration
java class
CVSS3
4.2
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H
EPSS
0.001
Percentile
42.8%
Authenticated administrators may modify the main YAML configuration file and load a Java class resulting in RCE.
CNA Affected
[
{
"product": "Crafter CMS",
"vendor": "Crafter Software",
"versions": [
{
"lessThan": "3.1.13",
"status": "affected",
"version": "3.1",
"versionType": "custom"
}
]
}
]Related
cnvd
cnvd
Crafter CMS Code Execution Vulnerability
2021-12-04 00:00:00
prion
prion
Security feature bypass
2021-12-02 16:15:00
nvd
nvd
CVE-2021-23262
2021-12-02 16:15:07
cve
cve
CVE-2021-23262
2021-12-02 16:15:07
osv
osv
CVE-2021-23262
2021-12-02 16:15:07
CVSS3
4.2
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H
EPSS
0.001
Percentile
42.8%
Related for CVELIST:CVE-2021-23262