9 matches found
Apache Storm 1.x < 1.2.4 / 2.1.x < 2.1.1 / 2.2.x < 2.2.1 Multiple Vulnerabilities
The version of Apache Storm running on the remote host is affected by multiple vulnerabilities, as follows: - An Unsafe Deserialization vulnerability exists in the worker services of the Apache Storm supervisor server allowing pre-auth Remote Code Execution RCE. CVE-2021-40865 - A Command Injecti...
K44104514: Apache Storm vulnerability CVE-2021-40865
Security Advisory Description An Unsafe Deserialization vulnerability exists in the worker services of the Apache Storm supervisor server allowing pre-auth Remote Code Execution RCE. Apache Storm 2.2.x users should upgrade to version 2.2.1 or 2.3.0. Apache Storm 2.1.x users should upgrade to...
Security Bulletin: Due to use of Apache Storm IBM Tivoli Network Manager is vulnerable to arbiraty code execution ( CVE-2021-38294, CVE-2021-40865 )
Summary Apache Storm is used by IBM Tivoli Network Manager ITNM within Pollar and Reporting. Apache Strom has been upgraded to 2.2.1 Vulnerability Details CVEID: CVE-2021-38294 DESCRIPTION: Apache Storm could allow a remote attacker to execute arbitrary code on the system, caused by a command...
Apache Storm Remote Code Execution (CVE-2021-40865)
A remote code execution vulnerability exists in Apache Storm. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
CVE-2021-40865
creationtimestamp| type| source ---|---|--- 2021-11-26 10:14:55+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/890 2021-11-26 12:34:01+00:00| published-proof-of-concept| https://t.me/BlueRedTeam/1237 2021-11-28 11:06:30+00:00| published-proof-of-concept| https://t.me/BlueRedTeam/12...
Exploit for Deserialization of Untrusted Data in Apache Storm
CVE-2021-40865 CVE-2021-40865 POC/exploit-poc java impo...
CVE-2021-40865
An Unsafe Deserialization vulnerability exists in the worker services of the Apache Storm supervisor server allowing pre-auth Remote Code Execution RCE. Apache Storm 2.2.x users should upgrade to version 2.2.1 or 2.3.0. Apache Storm 2.1.x users should upgrade to version 2.1.1. Apache Storm 1.x...
CVE-2021-40865
An Unsafe Deserialization vulnerability exists in the worker services of the Apache Storm supervisor server allowing pre-auth Remote Code Execution RCE. Apache Storm 2.2.x users should upgrade to version 2.2.1 or 2.3.0. Apache Storm 2.1.x users should upgrade to version 2.1.1. Apache Storm 1.x...
CVE-2021-40865
CVE-2021-40865 affects Apache Storm: Unsafe Deserialization in the worker services of the Storm supervisor server enables pre-auth remote code execution. Vulnerable lines include Storm 2.2.x (upgrade to 2.2.1 or 2.3.0), 2.1.x (upgrade to 2.1.1), and 1.x (upgrade to 1.2.4). Other connected advisor...