Lucene search

GitHub_MCVELIST:CVE-2021-39181

HistorySep 01, 2021 - 7:45 p.m.

CVE-2021-39181 Unsafe Deserialization of User Data Using XStream

2021-09-0119:45:11

CWE-91

GitHub_M

www.cve.org

openolat

learning management system

unsafe deserialization

user data

xstream

java classpath

arbitrary code

authoring role

upgrade

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

58.4%

JSON

OpenOlat is a web-based learning management system (LMS). Prior to version 15.3.18, 15.5.3, and 16.0.0, using a prepared import XML file (e.g. a course) any class on the Java classpath can be instantiated, including spring AOP bean factories. This can be used to execute code arbitrary code by the attacker. The attack requires an OpenOlat user account with the authoring role. It can not be exploited by unregistered users. The problem is fixed in versions 15.3.18, 15.5.3, and 16.0.0. There are no known workarounds aside from upgrading.

CNA Affected

[
  {
    "product": "OpenOLAT",
    "vendor": "OpenOLAT",
    "versions": [
      {
        "status": "affected",
        "version": "< 15.3.18"
      },
      {
        "status": "affected",
        "version": ">= 15.4.0, < 15.5.3"
      }
    ]
  }
]

References

github.com/OpenOLAT/OpenOLAT/commit/3f219ac457afde82e3be57bc614352ab92c05684

github.com/OpenOLAT/OpenOLAT/security/advisories/GHSA-596v-3gwh-2m9w

jira.openolat.org/browse/OO-5548

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

58.4%

JSON

Related for CVELIST:CVE-2021-39181