CVE-2021-39181
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2021-39181
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-39181.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-39181
- Related
- Published
- 2021-09-01T20:15:07Z
- Modified
- 2025-01-15T02:02:42.519600Z
- Summary
- [none]
- Details
-
OpenOlat is a web-based learning management system (LMS). Prior to version 15.3.18, 15.5.3, and 16.0.0, using a prepared import XML file (e.g. a course) any class on the Java classpath can be instantiated, including spring AOP bean factories. This can be used to execute code arbitrary code by the attacker. The attack requires an OpenOlat user account with the authoring role. It can not be exploited by unregistered users. The problem is fixed in versions 15.3.18, 15.5.3, and 16.0.0. There are no known workarounds aside from upgrading.
- References
Affected packages
Git / github.com/openolat/openolat
Affected ranges
- Type
- GIT
- Repo
- https://github.com/openolat/openolat
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed
Affected versions
OLAT-7.*
OLAT-7.1.0
OpenOLAT_10.*
OpenOLAT_10.0.0
OpenOLAT_10.0.1
OpenOLAT_10.0.2
OpenOLAT_10.0.3
OpenOLAT_10.0.4
OpenOLAT_10.0.5
OpenOLAT_10.0.6
OpenOLAT_10.0.7
OpenOLAT_10.0.8
OpenOLAT_10.0.9
OpenOLAT_10.1.0
OpenOLAT_10.1.1
OpenOLAT_10.1.2
OpenOLAT_10.1.3
OpenOLAT_10.2.0
OpenOLAT_10.2.1
OpenOLAT_10.2.2
OpenOLAT_10.2.3
OpenOLAT_10.2.4
OpenOLAT_10.2.5
OpenOLAT_10.3.0
OpenOLAT_10.3.1
OpenOLAT_10.3.2
OpenOLAT_10.3.3
OpenOLAT_10.3.4
OpenOLAT_10.3.5
OpenOLAT_10.3.6
OpenOLAT_10.3.7
OpenOLAT_10.3.8
OpenOLAT_10.4.0
OpenOLAT_10.4.1
OpenOLAT_10.4.10
OpenOLAT_10.4.11
OpenOLAT_10.4.2
OpenOLAT_10.4.3
OpenOLAT_10.4.4
OpenOLAT_10.4.5
OpenOLAT_10.4.6
OpenOLAT_10.4.7
OpenOLAT_10.4.8
OpenOLAT_10.4.9
OpenOLAT_10.5.0
OpenOLAT_10.5.1
OpenOLAT_10.5.2
OpenOLAT_10.5.3
OpenOLAT_10.5.4
OpenOLAT_10.5.5
OpenOLAT_10.5.6
OpenOLAT_10.5.7
OpenOLAT_10.5.8
OpenOLAT_10.5.9
OpenOLAT_11.*
OpenOLAT_11.0.10
OpenOLAT_11.0.2
OpenOLAT_11.0.3
OpenOLAT_11.0.4
OpenOLAT_11.0.5
OpenOLAT_11.0.6
OpenOLAT_11.0.7
OpenOLAT_11.0.8
OpenOLAT_11.0.9
OpenOLAT_11.0_0
OpenOLAT_11.0_1
OpenOLAT_11.1.0
OpenOLAT_11.1.1
OpenOLAT_11.1.2
OpenOLAT_11.2.0
OpenOLAT_11.2.1
OpenOLAT_11.2.2
OpenOLAT_11.2.3
OpenOLAT_11.2.4
OpenOLAT_11.3.0
OpenOLAT_11.3.1
OpenOLAT_11.3.2
OpenOLAT_11.3.3
OpenOLAT_11.4.0
OpenOLAT_11.4.1
OpenOLAT_11.4.2
OpenOLAT_11.4.3
OpenOLAT_11.5.0
OpenOLAT_11.5.1
OpenOLAT_11.5.2
OpenOLAT_11.5.3
OpenOLAT_11.5.4
OpenOLAT_11.5.5
OpenOLAT_12.*
OpenOLAT_12.0.0
OpenOLAT_12.0.1
OpenOLAT_12.0.2
OpenOLAT_12.1.0
OpenOLAT_12.1.1
OpenOLAT_12.1.2
OpenOLAT_12.1.3
OpenOLAT_12.1.4
OpenOLAT_12.1.5
OpenOLAT_12.2.0
OpenOLAT_12.2.1
OpenOLAT_12.2.2
OpenOLAT_12.2.3
OpenOLAT_12.2.4
OpenOLAT_12.2.5
OpenOLAT_12.2.6
OpenOLAT_12.2.7
OpenOLAT_12.2.8
OpenOLAT_12.3.0
OpenOLAT_12.3.1
OpenOLAT_12.3.2
OpenOLAT_12.3.3
OpenOLAT_12.4.0
OpenOLAT_12.4.1
OpenOLAT_12.4.2
OpenOLAT_12.4.3a
OpenOLAT_12.5.0
OpenOLAT_12.5.1
OpenOLAT_12.5.10
OpenOLAT_12.5.11
OpenOLAT_12.5.12
OpenOLAT_12.5.13
OpenOLAT_12.5.14
OpenOLAT_12.5.15
OpenOLAT_12.5.16
OpenOLAT_12.5.17
OpenOLAT_12.5.18
OpenOLAT_12.5.19
OpenOLAT_12.5.2
OpenOLAT_12.5.20
OpenOLAT_12.5.21
OpenOLAT_12.5.22
OpenOLAT_12.5.23
OpenOLAT_12.5.24
OpenOLAT_12.5.25
OpenOLAT_12.5.26
OpenOLAT_12.5.3
OpenOLAT_12.5.4
OpenOLAT_12.5.5
OpenOLAT_12.5.6
OpenOLAT_12.5.7
OpenOLAT_12.5.8
OpenOLAT_12.5.9
OpenOLAT_13.*
OpenOLAT_13.0.0
OpenOLAT_13.0.0beta1
OpenOLAT_13.0.0beta3
OpenOLAT_13.0.0beta4
OpenOLAT_13.0.0beta5
OpenOLAT_13.0.0beta6
OpenOLAT_13.0.0beta7
OpenOLAT_13.0.0beta8
OpenOLAT_13.0.0beta9
OpenOLAT_13.0.1
OpenOLAT_13.0.2
OpenOLAT_13.0.3
OpenOLAT_13.1.0
OpenOLAT_13.1.1
OpenOLAT_13.1.2
OpenOLAT_13.2.0
OpenOLAT_13.2.1
OpenOLAT_13.2.2
OpenOLAT_13.2.3
OpenOLAT_13.2.4
OpenOLAT_13.2.5
OpenOLAT_13.2.6
OpenOLAT_13.2.7
OpenOLAT_13.2.8
OpenOLAT_14.*
OpenOLAT_14.0.0
OpenOLAT_14.0.2
OpenOLAT_14.0.3
OpenOLAT_14.0.4
OpenOLAT_14.01
OpenOLAT_14.1.0
OpenOLAT_14.1.1
OpenOLAT_14.1.2
OpenOLAT_14.1.3
OpenOLAT_14.1.4
OpenOLAT_14.1.5
OpenOLAT_14.1.6
OpenOLAT_14.1.7
OpenOLAT_14.2.0
OpenOLAT_14.2.1
OpenOLAT_14.2.10
OpenOLAT_14.2.11
OpenOLAT_14.2.12
OpenOLAT_14.2.13
OpenOLAT_14.2.14
OpenOLAT_14.2.15
OpenOLAT_14.2.16
OpenOLAT_14.2.17
OpenOLAT_14.2.18
OpenOLAT_14.2.2
OpenOLAT_14.2.3
OpenOLAT_14.2.4
OpenOLAT_14.2.5
OpenOLAT_14.2.6
OpenOLAT_14.2.7
OpenOLAT_14.2.8
OpenOLAT_14.2.9
OpenOLAT_15.*
OpenOLAT_15.0.0
OpenOLAT_15.0.1
OpenOLAT_15.0.2
OpenOLAT_15.0.3
OpenOLAT_15.0.4
OpenOLAT_15.0.5
OpenOLAT_15.0.6
OpenOLAT_15.1.0
OpenOLAT_15.1.1
OpenOLAT_15.1.2
OpenOLAT_15.1.3
OpenOLAT_15.1.4
OpenOLAT_15.2.0
OpenOLAT_15.2.1
OpenOLAT_15.2.10
OpenOLAT_15.2.11
OpenOLAT_15.2.12
OpenOLAT_15.2.2
OpenOLAT_15.2.3
OpenOLAT_15.2.4
OpenOLAT_15.2.5
OpenOLAT_15.2.6
OpenOLAT_15.2.7
OpenOLAT_15.2.8
OpenOLAT_15.2.9
OpenOLAT_15.3.0
OpenOLAT_15.3.1
OpenOLAT_15.3.10
OpenOLAT_15.3.11
OpenOLAT_15.3.12
OpenOLAT_15.3.13
OpenOLAT_15.3.14
OpenOLAT_15.3.15
OpenOLAT_15.3.16
OpenOLAT_15.3.17
OpenOLAT_15.3.2
OpenOLAT_15.3.3
OpenOLAT_15.3.4
OpenOLAT_15.3.5
OpenOLAT_15.3.6
OpenOLAT_15.3.7
OpenOLAT_15.3.8
OpenOLAT_15.3.9
OpenOLAT_15.pre.0.a
OpenOLAT_15.pre.1
OpenOLAT_15.pre.2
OpenOLAT_15.pre.3
OpenOLAT_15.pre.4
OpenOLAT_15.pre.5
OpenOLAT_15.pre.6
OpenOLAT_15.pre.7
OpenOLAT_15.pre.8
OpenOLAT_15.pre.9
OpenOLAT_8.*
OpenOLAT_8.0
OpenOLAT_8.0.2
OpenOLAT_8.0.3
OpenOLAT_8.1
OpenOLAT_8.1.1
OpenOLAT_8.1.2
OpenOLAT_8.1.3
OpenOLAT_8.1.4
OpenOLAT_8.2.0
OpenOLAT_8.2.0beta
OpenOLAT_8.2.0beta2
OpenOLAT_8.2.1
OpenOLAT_8.3.0
OpenOLAT_8.3.1
OpenOLAT_8.3.2
OpenOLAT_8.3.3
OpenOLAT_8.3.4
OpenOLAT_8.3.5
OpenOLAT_8.4.0
OpenOLAT_8.4.0beta
OpenOLAT_8.4.1
OpenOLAT_8.4.2
OpenOLAT_8.4.3
OpenOLAT_8.4.4
OpenOLAT_9.*
OpenOLAT_9.0.0
OpenOLAT_9.0.1
OpenOLAT_9.0.2
OpenOLAT_9.0.3
OpenOLAT_9.0.4
OpenOLAT_9.0.5
OpenOLAT_9.0.6
OpenOLAT_9.1.0
OpenOLAT_9.1.1
OpenOLAT_9.1.2
OpenOLAT_9.2.0
OpenOLAT_9.2.1
OpenOLAT_9.3.0
OpenOLAT_9.3.1
OpenOLAT_9.3.2
OpenOLAT_9.3.3
OpenOLAT_9.3.4
OpenOLAT_9.3.5
OpenOLAT_9.4.0
OpenOLAT_9.4.1
OpenOLAT_9.4.2
OpenOLAT_9.4.3
OpenOLAT_9.4.4