CVE-2021-21479

Critical

In SCIMono before 0.0.19, it is possible for an attacker to inject and execute java expression compromising the availability and integrity…

sap·CWE-74·Published 2021-02-09

CVSS

9.1

EPSS

0.09

KEV

Exploits

cve.orgen

153 chars

In SCIMono before 0.0.19, it is possible for an attacker to inject and execute java expression compromising the availability and integrity of the system.

NVDen

153 chars

In SCIMono before 0.0.19, it is possible for an attacker to inject and execute java expression compromising the availability and integrity of the system.

### Impact It is possible for attacker to inject and execute java expression and compromising the availability and integrity of the system. ### Patches The issue was fixed on [0.0.19 version](https://mvnrepository.com/artifact/com.sap.scimono/scimono-server/0.0.19)

GHSAen

267 chars

NVDes

166 chars

En SCIMono versiones anteriores a 0.0.19, es posible para un atacante inyectar y ejecutar una expresión java comprometiendo la disponibilidad e integridad del sistema

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	6.4	10.0	4.9	AV:N/AC:L/Au:N/C:N/I:P/A:P
3.0	Primary	cve.org	8.1	—	—	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
3.0	Primary	cve.org	8.1	—	—	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
3.0	Secondary	NVD	8.1	2.8	5.2	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
3.1	Primary	NVD	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H