CVE-2021-39144 - XStream Remote Code Execution Vulnerability
Project:XStream
Product:XStream
Date Added:2023-03-10Due Date:2023-03-31
Vulnerability Name
XStream Remote Code Execution Vulnerability
Description
XStream contains a remote code execution vulnerability that allows an attacker to manipulate the processed input stream and replace or inject objects that result in the execution of a local command on the server. This vulnerability can affect multiple products, including but not limited to VMware Cloud Foundation.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply updates per vendor instructions.
Additional Notes
https://www.vmware.com/security/advisories/VMSA-2022-0027.html, https://x-stream.github.io/CVE-2021-39144.html
https://nvd.nist.gov/vuln/detail/CVE-2021-39144