Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2021-34371 Vulnerability in maven package org.neo4j:neo4j

Description

Neo4j through 3.4.18 (with the shell server enabled) exposes an RMI service that arbitrarily deserializes Java objects, e.g., through setSessionVariable. An attacker can abuse this for remote code execution because there are dependencies with exploitable gadget chains.

Remediation

References

https://www.exploit-db.com/exploits/50170

Related Vulnerabilities

CVE-2020-23814 Vulnerability in maven package com.xuxueli:xxl-job

CVE-2021-22147 Vulnerability in maven package org.elasticsearch:elasticsearch

CVE-2022-31151 Vulnerability in npm package undici

CVE-2023-27564 Vulnerability in npm package n8n

CVE-2021-21266 Vulnerability in maven package org.openhab.addons.bundles:org.openhab.binding.enigma2

Severity

Critical

Classification

CWE-502 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Exploit Third Party Advisory VDB Entry