CVE-2021-34371

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-34371

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-34371.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-34371

Aliases

Withdrawn

2024-05-15T05:33:59.028331Z

Published

2021-08-05T20:15:09Z

Modified

2023-12-06T01:01:17.295219Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Neo4j through 3.4.18 (with the shell server enabled) exposes an RMI service that arbitrarily deserializes Java objects, e.g., through setSessionVariable. An attacker can abuse this for remote code execution because there are dependencies with exploitable gadget chains.

References

https://www.exploit-db.com/exploits/50170

Affected packages

Git / github.com/neo4j/neo4j

Affected ranges

Type: GIT
Repo: https://github.com/neo4j/neo4j
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

3fdd79db53ed030e569130c5fa17eaade1f0c85b

Affected versions

1.*

1.3

1.4

1.4.1

1.4.2

1.4.M01

1.4.M02

1.4.M03

1.4.M04

1.4.M05

1.4.M06

1.5

1.5.1

1.5.1.RC1

1.5.1.RC2

1.5.1.RC3

1.5.1.RC4

1.5.1.RC5

1.5.1.RC6

1.5.2

1.5.3

1.5.3.RC1

1.5.3.RC2

1.5.3.RC3

1.5.3.RC4

1.5.M01

1.5.M02

1.6

1.6.1

1.6.1.RC1

1.6.1.RC2

1.6.2

1.6.2.RC1

1.6.2.RC2

1.6.3

1.6.M01

1.6.M02

1.6.M03

1.7

1.7.1

1.7.2

1.7.M01

1.7.M02

1.7.M03

1.8

1.8.M01

1.8.M02

1.8.M03

1.8.M04

1.8.M05

1.8.M06

1.8.M07

1.8.M07ENG1

1.9

1.9.3

1.9.4

1.9.9

1.9.M01

1.9.M01ENG1

1.9.M02

1.9.M02ENG3

1.9.RC2

2.*

2.0.0-M04

2.0.0-M05

2.0.1

2.0.2-ENG03

2.0.3

2.0.4-20140514-PREVIEW1

2.0.4-20140520

2.0.5

2.1.1

2.1.4

2.1.5

2.1.5-ENG01

2.1.6

2.1.7

2.1.8

2.2.0

2.2.0-ENG01

2.2.0-M01

2.2.0-M03

2.2.0-RC01

2.2.10

2.2.3

2.2.4

2.2.5

2.2.6

2.2.7

2.2.8

2.2.9

2.3.0

2.3.0-M01

2.3.0-M02

2.3.0-M03

2.3.0-RC1

2.3.1

2.3.10

2.3.11

2.3.12

2.3.2

2.3.3

2.3.4

2.3.5

2.3.6

2.3.7

2.3.8

2.3.9

3.*

3.0.0

3.0.0-M01

3.0.0-M02

3.0.0-M03

3.0.0-M04

3.0.0-M05

3.0.0-RC1

3.0.1

3.0.10

3.0.11

3.0.12

3.0.2

3.0.3

3.0.4

3.0.5

3.0.6

3.0.6-ENG01

3.0.7

3.0.8

3.0.9

3.1.0

3.1.0-BETA1

3.1.0-M01

3.1.0-M02

3.1.0-M03

3.1.0-M04

3.1.0-M05

3.1.0-M06

3.1.0-M07

3.1.0-M08

3.1.0-M09

3.1.0-M10

3.1.0-M12-beta2

3.1.0-M13-beta3

3.1.0-RC1

3.1.1

3.1.2

3.1.3

3.1.4

3.1.5

3.1.6

3.1.7

3.1.8

3.1.9

3.2.0

3.2.0-alpha01

3.2.0-alpha02

3.2.0-alpha03

3.2.0-alpha04

3.2.0-alpha05

3.2.0-alpha06

3.2.0-alpha07

3.2.0-alpha08

3.2.0-rc1

3.2.0-rc2

3.2.0-rc3

3.2.1

3.2.10

3.2.11

3.2.12

3.2.13

3.2.14

3.2.2

3.2.3

3.2.4

3.2.5

3.2.6

3.2.7

3.2.8

3.2.9

3.3.0

3.3.0-alpha01

3.3.0-alpha02

3.3.0-alpha03

3.3.0-alpha04

3.3.0-alpha05

3.3.0-alpha06

3.3.0-alpha07

3.3.0-beta01

3.3.0-beta02

3.3.0-rc1

3.3.1

3.3.2

3.3.3

3.3.4

3.3.5

3.3.6

3.3.7

3.3.8

3.3.9

3.4.0

3.4.0-alpha01

3.4.0-alpha02

3.4.0-alpha03

3.4.0-alpha04

3.4.0-alpha05

3.4.0-alpha06

3.4.0-alpha07

3.4.0-alpha08

3.4.0-alpha09

3.4.0-alpha10

3.4.0-beta01

3.4.0-beta02

3.4.0-rc01

3.4.0-rc02

3.4.1

3.4.10

3.4.11

3.4.12

3.4.13

3.4.14

3.4.15

3.4.16

3.4.17

3.4.18

3.4.2

3.4.4

3.4.5

3.4.6

3.4.7

3.4.8

3.4.9

browser-0.*

browser-0.1.24