CVE-2021-20318
HIGH WAF: Medium
CVSS 7.2
Published: 2021-12-23
CWE-502
The HornetQ component of Artemis in EAP 7 was not updated with the fix for CVE-2016-4978. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using a JMS ObjectMessage.
WAF Coverage Analysis
Insecure Deserialization
Medium WAF Coverage
OWASP: A08:2021 Software and Data Integrity Failures
944xxx - Java Attack
Affected Software
| Vendor | Product | Version |
|---|---|---|
| redhat | jboss_enterprise_application_platform | 7.3.9 |
| redhat | jboss_enterprise_application_platform | 7.4.0 |
References
- bugzilla.redhat.com (Issue Tracking, Vendor Advisory)