A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream.

References

bugzilla.redhat.com/show_bug.cgi?id=1997772

github.com/x-stream/xstream/security/advisories/GHSA-j9h8-phrw-h4fh

nvd.nist.gov/vuln/detail/CVE-2021-39144

www.cve.org/CVERecord?id=CVE-2021-39144

prion 1

nuclei 1

cisa_kev 1

veracode 1

github 1

githubexploit 2

zdt 1

hivepro 1

osv 2

cvelist 1

rapid7blog 2

attackerkb 1

srcincite 1

cnvd 1

packetstorm 1

checkpoint_advisories 1

ubuntucve 1

redhat 8

debiancve 1

cve 1

metasploit 1

thn 2

wallarmlab 3

nessus 9

vmware 2

ibm 10

amazon 1

openvas 10

mageia 1

oraclelinux 1

fedora 3

oracle 3

prion

Command injection

2021-08-23 18:15:00

nuclei

XStream 1.4.18 - Remote Code Execution

2023-03-12 03:38:05

cisa_kev

XStream Remote Code Execution Vulnerability

2023-03-10 00:00:00

veracode

Remote Code Execution (RCE)

2021-08-24 06:32:47

github

XStream is vulnerable to a Remote Command Execution attack

2021-08-25 14:48:19

githubexploit

Exploit for Deserialization of Untrusted Data in Xstream Project Xstream

2022-10-31 10:27:35

Exploit for Unrestricted Upload of File with Dangerous Type in Xstream Project Xstream

2021-08-24 06:15:20

zdt

VMware NSX Manager XStream Unauthenticated Remote Code Execution Exploit

2022-11-16 00:00:00

hivepro

VMware Cloud Foundation has a significant RCE flaw

2022-10-28 07:27:55

osv

CVE-2021-39144

2021-08-23 18:15:12

XStream is vulnerable to a Remote Command Execution attack

2021-08-25 14:48:19

cvelist

CVE-2021-39144 XStream is vulnerable to a Remote Command Execution attack

2021-08-23 00:00:00

rapid7blog

CVE-2021-39144: VMware Cloud Foundation Unauthenticated Remote Code Execution

2022-10-27 15:22:09

Metasploit Weekly Wrap-Up

2022-11-18 21:49:52

attackerkb

CVE-2021-39144

2021-08-23 00:00:00

srcincite

SRC-2022-0021 : VMWare Cloud Foundation NSX-V XStream Deserialization of Untrusted Data Remote Code Execution Vulnerability

2022-08-03 00:00:00

cnvd

XStream Arbitrary Code Execution Vulnerability (CNVD-2021-67827)

2021-08-23 00:00:00

packetstorm

VMware NSX Manager XStream Unauthenticated Remote Code Execution

2022-11-15 00:00:00

checkpoint_advisories

XStream Command Injection (CVE-2021-39144)

2022-11-13 00:00:00

ubuntucve

CVE-2021-39144

2021-08-23 00:00:00

redhat

(RHSA-2023:1303) Important: Red Hat Data Grid 7.3.10 security update

2023-03-17 16:39:43

(RHSA-2023:3892) Important: Red Hat Single Sign-On 7.6.4 security update

2023-06-27 18:52:26

(RHSA-2021:3956) Important: xstream security update

2021-10-25 06:30:03

debiancve

CVE-2021-39144

2021-08-23 18:15:00

cve

CVE-2021-39144

2021-08-23 18:15:00

metasploit

VMware NSX Manager XStream unauthenticated RCE

2022-11-04 13:31:27

thn

VMware Releases Patch for Critical RCE Flaw in Cloud Foundation Platform

2022-10-26 04:24:00

CISA's KEV Catalog Updated with 3 New Flaws Threatening IT Management Systems

2023-03-08 06:30:00

wallarmlab

VMware NSX Manager vulnerabilities being actively exploited in the wild

2023-03-06 18:07:06

Changes in OWASP API Security Top-10 2023RC | API Security Newsletter

2023-04-06 14:27:28

Predictions for 2023 from Latest API Threat Research | API Security Newsletter

2023-03-09 13:10:48

nessus

VMware NSX for vSphere (NSX-v) < 6.4.14 Multiple Vulnerabilities (VMSA-2022-0027)

2022-10-28 00:00:00

RHEL 7 : xstream (RHSA-2021:3956)

2021-10-26 00:00:00

Amazon Linux 2 : xstream (ALAS-2021-1729)

2021-12-10 00:00:00

vmware

VMware Cloud Foundation updates address multiple vulnerabilities.

2022-10-25 00:00:00

VMware Cloud Foundation updates address multiple vulnerabilities.

2022-10-25 00:00:00

ibm

Security Bulletin: IBM Sterling B2B Integrator is vulnerable to multiple vulnerabilities due to Xstream

2022-05-13 14:58:22

Security Bulletin: Due to use of XStream, IBM Tivoli Netcool Configuration Manager is vulnerable to arbitrary code execution attack

2023-01-24 14:30:09

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in XStream

2021-10-01 06:19:43

amazon

Important: xstream

2021-12-08 16:28:00

openvas

SUSE: Security Advisory (SUSE-SU-2021:3476-1)

2021-10-21 00:00:00

Mageia: Security Advisory (MGASA-2021-0474)

2022-01-28 00:00:00

Ubuntu: Security Advisory (USN-5946-1)

2023-03-13 00:00:00

mageia

Updated xstream/xmlpull/mxparser packages fix security vulnerability

2021-10-13 22:39:52

oraclelinux

xstream security update

2021-10-25 00:00:00

fedora

[SECURITY] Fedora 33 Update: xstream-1.4.18-2.fc33

2021-10-12 23:47:14

[SECURITY] Fedora 34 Update: xstream-1.4.18-2.fc34

2021-10-12 23:45:05

[SECURITY] Fedora 35 Update: xstream-1.4.18-2.fc35

2021-10-29 23:18:39

oracle

Oracle Critical Patch Update Advisory - July 2022

2022-07-19 00:00:00

Oracle Critical Patch Update Advisory - January 2022

2022-01-18 00:00:00

Oracle Critical Patch Update Advisory - April 2022

2022-04-19 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

0.972 High

EPSS

Percentile

99.8%

JSON

Related for RH:CVE-2021-39144