9 matches found
Apache Storm 1.x < 1.2.4 / 2.1.x < 2.1.1 / 2.2.x < 2.2.1 Multiple Vulnerabilities
The version of Apache Storm running on the remote host is affected by multiple vulnerabilities, as follows: - An Unsafe Deserialization vulnerability exists in the worker services of the Apache Storm supervisor server allowing pre-auth Remote Code Execution RCE. CVE-2021-40865 - A Command Injecti...
K44873550: Apache Storm vulnerability CVE-2021-38294
Security Advisory Description A Command Injection vulnerability exists in the getTopologyHistory service of the Apache Storm 2.x prior to 2.2.1 and Apache Storm 1.x prior to 1.2.4. A specially crafted thrift request to the Nimbus server allows Remote Code Execution RCE prior to authentication...
Security Bulletin: Due to use of Apache Storm IBM Tivoli Network Manager is vulnerable to arbiraty code execution ( CVE-2021-38294, CVE-2021-40865 )
Summary Apache Storm is used by IBM Tivoli Network Manager ITNM within Pollar and Reporting. Apache Strom has been upgraded to 2.2.1 Vulnerability Details CVEID: CVE-2021-38294 DESCRIPTION: Apache Storm could allow a remote attacker to execute arbitrary code on the system, caused by a command...
Metasploit Wrap-Up
Self-Service Remote Code Execution This week, our own @wvu-r7 added an exploit module that achieves unauthenticated remote code execution in ManageEngine ADSelfService Plus, a self-service password management and single sign-on solution for Active Directory. This new module leverages a REST API...
Apache Storm Nimbus 2.2.0 Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/proto/thrift' require 'rex/stopwatch' class MetasploitModule 'Apache Storm Nimbus getTopologyHistory Unauthenticated Command Execution', 'Description' = %q...
CVE-2021-38294
creationtimestamp| type| source ---|---|--- 2021-11-18 23:24:22+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/misc/nimbusgettopologyhistorycmdexec.rb 2025-02-06 03:13:45+00:00| seen| MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd 2025-02-23...
CVE-2021-38294
A Command Injection vulnerability exists in the getTopologyHistory service of the Apache Storm 2.x prior to 2.2.1 and Apache Storm 1.x prior to 1.2.4. A specially crafted thrift request to the Nimbus server allows Remote Code Execution RCE prior to authentication...
CVE-2021-38294 Shell Command Injection Vulnerability in Nimbus Thrift Server
A Command Injection vulnerability exists in the getTopologyHistory service of the Apache Storm 2.x prior to 2.2.1 and Apache Storm 1.x prior to 1.2.4. A specially crafted thrift request to the Nimbus server allows Remote Code Execution RCE prior to authentication...
CVE-2021-38294
CVE-2021-38294 affects Apache Storm 2.x (<2.2.1) and 1.x (