Lucene search
+L

9 matches found

Tenable Nessus
Tenable Nessus
added 2023/09/26 12:0 a.m.23 views

Apache Storm 1.x < 1.2.4 / 2.1.x < 2.1.1 / 2.2.x < 2.2.1 Multiple Vulnerabilities

The version of Apache Storm running on the remote host is affected by multiple vulnerabilities, as follows: - An Unsafe Deserialization vulnerability exists in the worker services of the Apache Storm supervisor server allowing pre-auth Remote Code Execution RCE. CVE-2021-40865 - A Command Injecti...

9.8CVSS8.5AI score0.84489EPSS
Exploits5References4
F5 Networks
F5 Networks
added 2023/02/21 7:0 p.m.32 views

K44873550: Apache Storm vulnerability CVE-2021-38294

Security Advisory Description A Command Injection vulnerability exists in the getTopologyHistory service of the Apache Storm 2.x prior to 2.2.1 and Apache Storm 1.x prior to 1.2.4. A specially crafted thrift request to the Nimbus server allows Remote Code Execution RCE prior to authentication...

9.8CVSS9.5AI score0.84489EPSS
Exploits4
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/14 2:33 p.m.26 views

Security Bulletin: Due to use of Apache Storm IBM Tivoli Network Manager is vulnerable to arbiraty code execution ( CVE-2021-38294, CVE-2021-40865 )

Summary Apache Storm is used by IBM Tivoli Network Manager ITNM within Pollar and Reporting. Apache Strom has been upgraded to 2.2.1 Vulnerability Details CVEID: CVE-2021-38294 DESCRIPTION: Apache Storm could allow a remote attacker to execute arbitrary code on the system, caused by a command...

9.8CVSS1.1AI score0.84489EPSS
Exploits5Affected Software1
Rapid7 Blog
Rapid7 Blog
added 2021/11/26 5:21 p.m.110 views

Metasploit Wrap-Up

Self-Service Remote Code Execution This week, our own @wvu-r7 added an exploit module that achieves unauthenticated remote code execution in ManageEngine ADSelfService Plus, a self-service password management and single sign-on solution for Active Directory. This new module leverages a REST API...

7.5CVSS10.7AI score0.9896EPSS
Exploits12
Packet Storm
Packet Storm
added 2021/11/19 12:0 a.m.581 views

Apache Storm Nimbus 2.2.0 Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/proto/thrift' require 'rex/stopwatch' class MetasploitModule 'Apache Storm Nimbus getTopologyHistory Unauthenticated Command Execution', 'Description' = %q...

7.5CVSS9.2AI score0.84489EPSS
Exploits4
Circl
Circl
added 2021/11/18 11:24 p.m.15 views

CVE-2021-38294

creationtimestamp| type| source ---|---|--- 2021-11-18 23:24:22+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/misc/nimbusgettopologyhistorycmdexec.rb 2025-02-06 03:13:45+00:00| seen| MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd 2025-02-23...

9.8CVSS9.3AI score0.84489EPSS
Exploits4References1
NVD
NVD
added 2021/10/25 1:15 p.m.18 views

CVE-2021-38294

A Command Injection vulnerability exists in the getTopologyHistory service of the Apache Storm 2.x prior to 2.2.1 and Apache Storm 1.x prior to 1.2.4. A specially crafted thrift request to the Nimbus server allows Remote Code Execution RCE prior to authentication...

9.8CVSS0.84489EPSS
Exploits4References3
Cvelist
Cvelist
added 2021/10/25 12:22 p.m.50 views

CVE-2021-38294 Shell Command Injection Vulnerability in Nimbus Thrift Server

A Command Injection vulnerability exists in the getTopologyHistory service of the Apache Storm 2.x prior to 2.2.1 and Apache Storm 1.x prior to 1.2.4. A specially crafted thrift request to the Nimbus server allows Remote Code Execution RCE prior to authentication...

10AI score0.84489EPSS
Exploits4References3
CVE
CVE
added 2021/10/25 12:22 p.m.136 views

CVE-2021-38294

CVE-2021-38294 affects Apache Storm 2.x (&lt;2.2.1) and 1.x (

9.8CVSS9.8AI score0.84489EPSS
Exploits4References3Affected Software1
Rows per page
Query Builder