Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A Remote Code Execution (RCE) vulnerability through the XStream open-source library tagged as CVE-2021-39144 in the VMware Cloud Foundation, which is a hybrid cloud platform for hosting enterprise workloads in private or public environments.

prion 1

cisa_kev 1

nuclei 1

veracode 1

githubexploit 2

zdt 1

github 1

rapid7blog 2

osv 5

cnvd 1

attackerkb 1

packetstorm 1

srcincite 1

checkpoint_advisories 1

cve 1

redhatcve 1

redhat 8

ubuntucve 1

metasploit 1

debiancve 1

wallarmlab 3

thn 2

nessus 11

vmware 2

ibm 10

debian 4

openvas 10

amazon 1

ubuntu 1

suse 2

mageia 1

oraclelinux 1

fedora 3

oracle 3

prion

Command injection

2021-08-23 18:15:00

cisa_kev

XStream Remote Code Execution Vulnerability

2023-03-10 00:00:00

nuclei

XStream 1.4.18 - Remote Code Execution

2023-03-12 03:38:05

veracode

Remote Code Execution (RCE)

2021-08-24 06:32:47

githubexploit

Exploit for Deserialization of Untrusted Data in Xstream Project Xstream

2022-10-31 10:27:35

Exploit for Unrestricted Upload of File with Dangerous Type in Xstream Project Xstream

2021-08-24 06:15:20

zdt

VMware NSX Manager XStream Unauthenticated Remote Code Execution Exploit

2022-11-16 00:00:00

github

XStream is vulnerable to a Remote Command Execution attack

2021-08-25 14:48:19

rapid7blog

CVE-2021-39144: VMware Cloud Foundation Unauthenticated Remote Code Execution

2022-10-27 15:22:09

Metasploit Weekly Wrap-Up

2022-11-18 21:49:52

osv

CVE-2021-39144

2021-08-23 18:15:12

XStream is vulnerable to a Remote Command Execution attack

2021-08-25 14:48:19

libxstream-java vulnerabilities

2023-03-13 10:57:59

cnvd

XStream Arbitrary Code Execution Vulnerability (CNVD-2021-67827)

2021-08-23 00:00:00

attackerkb

CVE-2021-39144

2021-08-23 00:00:00

packetstorm

VMware NSX Manager XStream Unauthenticated Remote Code Execution

2022-11-15 00:00:00

srcincite

SRC-2022-0021 : VMWare Cloud Foundation NSX-V XStream Deserialization of Untrusted Data Remote Code Execution Vulnerability

2022-08-03 00:00:00

checkpoint_advisories

XStream Command Injection (CVE-2021-39144)

2022-11-13 00:00:00

cve

CVE-2021-39144

2021-08-23 18:15:00

redhatcve

CVE-2021-39144

2021-08-25 19:08:00

redhat

(RHSA-2023:1303) Important: Red Hat Data Grid 7.3.10 security update

2023-03-17 16:39:43

(RHSA-2023:3892) Important: Red Hat Single Sign-On 7.6.4 security update

2023-06-27 18:52:26

(RHSA-2021:3956) Important: xstream security update

2021-10-25 06:30:03

ubuntucve

CVE-2021-39144

2021-08-23 00:00:00

metasploit

VMware NSX Manager XStream unauthenticated RCE

2022-11-04 13:31:27

debiancve

CVE-2021-39144

2021-08-23 18:15:00

wallarmlab

VMware NSX Manager vulnerabilities being actively exploited in the wild

2023-03-06 18:07:06

Changes in OWASP API Security Top-10 2023RC | API Security Newsletter

2023-04-06 14:27:28

Predictions for 2023 from Latest API Threat Research | API Security Newsletter

2023-03-09 13:10:48

thn

VMware Releases Patch for Critical RCE Flaw in Cloud Foundation Platform

2022-10-26 04:24:00

CISA's KEV Catalog Updated with 3 New Flaws Threatening IT Management Systems

2023-03-08 06:30:00

nessus

VMware NSX for vSphere (NSX-v) < 6.4.14 Multiple Vulnerabilities (VMSA-2022-0027)

2022-10-28 00:00:00

RHEL 7 : xstream (RHSA-2021:3956)

2021-10-26 00:00:00

Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS : XStream vulnerabilities (USN-5946-1)

2023-03-13 00:00:00

vmware

VMware Cloud Foundation updates address multiple vulnerabilities.

2022-10-25 00:00:00

VMware Cloud Foundation updates address multiple vulnerabilities.

2022-10-25 00:00:00

ibm

Security Bulletin: IBM Sterling B2B Integrator is vulnerable to multiple vulnerabilities due to Xstream

2022-05-13 14:58:22

Security Bulletin: Due to use of XStream, IBM Tivoli Netcool Configuration Manager is vulnerable to arbitrary code execution attack

2023-01-24 14:30:09

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in XStream

2021-10-01 06:19:43

debian

[SECURITY] [DLA 2769-1] libxstream-java security update

2021-09-29 23:28:17

[SECURITY] [DSA 5004-1] libxstream-java security update

2021-11-10 20:29:25

[SECURITY] [DSA 5004-1] libxstream-java security update

2021-11-10 20:29:25

openvas

SUSE: Security Advisory (SUSE-SU-2021:3476-1)

2021-10-21 00:00:00

Mageia: Security Advisory (MGASA-2021-0474)

2022-01-28 00:00:00

Ubuntu: Security Advisory (USN-5946-1)

2023-03-13 00:00:00

amazon

Important: xstream

2021-12-08 16:28:00

ubuntu

XStream vulnerabilities

2023-03-13 00:00:00

suse

Security update for xstream (important)

2021-10-31 00:00:00

Security update for xstream (important)

2021-10-20 00:00:00

mageia

Updated xstream/xmlpull/mxparser packages fix security vulnerability

2021-10-13 22:39:52

oraclelinux

xstream security update

2021-10-25 00:00:00

fedora

[SECURITY] Fedora 33 Update: xstream-1.4.18-2.fc33

2021-10-12 23:47:14

[SECURITY] Fedora 34 Update: xstream-1.4.18-2.fc34

2021-10-12 23:45:05

[SECURITY] Fedora 35 Update: xstream-1.4.18-2.fc35

2021-10-29 23:18:39

oracle

Oracle Critical Patch Update Advisory - July 2022

2022-07-19 00:00:00

Oracle Critical Patch Update Advisory - January 2022

2022-01-18 00:00:00

Oracle Critical Patch Update Advisory - April 2022

2022-04-19 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

8.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

6 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

JSON

Related for HIVEPRO:8D1D94F11C7163E6C0DF10B434A7BBDD