Lucene search
K

9 matches found

Tenable Nessus
Tenable Nessus
added 2023/09/26 12:0 a.m.22 views

Apache Storm 1.x < 1.2.4 / 2.1.x < 2.1.1 / 2.2.x < 2.2.1 Multiple Vulnerabilities

The version of Apache Storm running on the remote host is affected by multiple vulnerabilities, as follows: - An Unsafe Deserialization vulnerability exists in the worker services of the Apache Storm supervisor server allowing pre-auth Remote Code Execution RCE. CVE-2021-40865 - A Command Injecti...

9.8CVSS8.5AI score0.84489EPSS
Exploits5References4
F5 Networks
F5 Networks
added 2023/02/21 8:0 p.m.55 views

K44104514: Apache Storm vulnerability CVE-2021-40865

Security Advisory Description An Unsafe Deserialization vulnerability exists in the worker services of the Apache Storm supervisor server allowing pre-auth Remote Code Execution RCE. Apache Storm 2.2.x users should upgrade to version 2.2.1 or 2.3.0. Apache Storm 2.1.x users should upgrade to...

9.8CVSS9.5AI score0.65587EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/14 2:33 p.m.26 views

Security Bulletin: Due to use of Apache Storm IBM Tivoli Network Manager is vulnerable to arbiraty code execution ( CVE-2021-38294, CVE-2021-40865 )

Summary Apache Storm is used by IBM Tivoli Network Manager ITNM within Pollar and Reporting. Apache Strom has been upgraded to 2.2.1 Vulnerability Details CVEID: CVE-2021-38294 DESCRIPTION: Apache Storm could allow a remote attacker to execute arbitrary code on the system, caused by a command...

9.8CVSS1.1AI score0.84489EPSS
Exploits5Affected Software1
Check Point Advisories
Check Point Advisories
added 2022/02/28 12:0 a.m.10 views

Apache Storm Remote Code Execution (CVE-2021-40865)

A remote code execution vulnerability exists in Apache Storm. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.5CVSS5.6AI score0.65587EPSS
Exploits1
Circl
Circl
added 2021/11/26 10:14 a.m.6 views

CVE-2021-40865

creationtimestamp| type| source ---|---|--- 2021-11-26 10:14:55+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/890 2021-11-26 12:34:01+00:00| published-proof-of-concept| https://t.me/BlueRedTeam/1237 2021-11-28 11:06:30+00:00| published-proof-of-concept| https://t.me/BlueRedTeam/12...

9.8CVSS8.7AI score0.65587EPSS
Exploits1References4
GithubExploit
GithubExploit
added 2021/11/26 10:9 a.m.657 views

Exploit for Deserialization of Untrusted Data in Apache Storm

CVE-2021-40865 CVE-2021-40865 POC/exploit-poc java impo...

9.8CVSS9.8AI score0.65587EPSS
Exploits1
NVD
NVD
added 2021/10/25 1:15 p.m.15 views

CVE-2021-40865

An Unsafe Deserialization vulnerability exists in the worker services of the Apache Storm supervisor server allowing pre-auth Remote Code Execution RCE. Apache Storm 2.2.x users should upgrade to version 2.2.1 or 2.3.0. Apache Storm 2.1.x users should upgrade to version 2.1.1. Apache Storm 1.x...

9.8CVSS0.65587EPSS
Exploits1References2
OSV
OSV
added 2021/10/25 1:15 p.m.25 views

CVE-2021-40865

An Unsafe Deserialization vulnerability exists in the worker services of the Apache Storm supervisor server allowing pre-auth Remote Code Execution RCE. Apache Storm 2.2.x users should upgrade to version 2.2.1 or 2.3.0. Apache Storm 2.1.x users should upgrade to version 2.1.1. Apache Storm 1.x...

9.8CVSS9.7AI score
Exploits0References2
CVE
CVE
added 2021/10/25 12:22 p.m.108 views

CVE-2021-40865

CVE-2021-40865 affects Apache Storm: Unsafe Deserialization in the worker services of the Storm supervisor server enables pre-auth remote code execution. Vulnerable lines include Storm 2.2.x (upgrade to 2.2.1 or 2.3.0), 2.1.x (upgrade to 2.1.1), and 1.x (upgrade to 1.2.4). Other connected advisor...

9.8CVSS9.6AI score0.65587EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder