CVE-2021-20318 — Vulnetix

CVE-2021-20318 PUBLISHED CVSS 7.199999809265137 HIGH

The HornetQ component of Artemis in EAP 7 was not updated with the fix for CVE-2016-4978. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using a JMS ObjectMessage.

EPSS 2.13% · 84.5th percentile

Risk Scores

CVSS 3.1

7.199999809265137

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS Score

2.13%

84.5th percentile

Affected Products

Vendor	Product	Versions
n/a	Artemis in EAP 7	7.3.9.GA, 7.4.0.GA
redhat	jboss_enterprise_application_platform	7.4.0, 7.3.9

Exploit Intelligence

https://bugzilla.redhat.com/show_bug.cgi?id=2010559 (circl)

Timeline

Dec 23, 2021 CVE Published
Dec 24, 2021 EPSS Score
Feb 16, 2022 EPSS Score
Apr 11, 2022 EPSS Score
Jun 4, 2022 EPSS Score
Jul 29, 2022 EPSS Score
Nov 14, 2022 EPSS Score
Jan 7, 2023 EPSS Score
Mar 2, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 25, 2023 EPSS Score
Jun 18, 2023 EPSS Score

References

https://bugzilla.redhat.com/show_bug.cgi?id=2010559 url
https://nvd.nist.gov/vuln/detail/CVE-2021-20318 advisory

Open in Interactive Console →