logo

CVE-2021-39144 - XStream Remote Code Execution Vulnerability

XStream | XStream

  • Date Added:
  • 2023-03-10
  • Due Date:
  • 2023-03-31
Vulnerability Name

XStream Remote Code Execution Vulnerability

Description

XStream contains a remote code execution vulnerability that allows an attacker to manipulate the processed input stream and replace or inject objects that result in the execution of a local command on the server. This vulnerability can affect multiple products, including but not limited to VMware Cloud Foundation.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply updates per vendor instructions.

Additional Notes
https://www.vmware.com/security/advisories/VMSA-2022-0027.html, https://x-stream.github.io/CVE-2021-39144.html; https://nvd.nist.gov/vuln/detail/CVE-2021-39144

Free online web security scanner