← Retour aux CVEs
CVE-2021-20837
CRITICAL9.8
Description
Movable Type 7 r.5002 and earlier (Movable Type 7 Series), Movable Type 6.8.2 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.5002 and earlier (Movable Type Advanced 7 Series), Movable Type Advanced 6.8.2 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.46 and earlier, and Movable Type Premium Advanced 1.46 and earlier allow remote attackers to execute arbitrary OS commands via unspecified vectors. Note that all versions of Movable Type 4.0 or later including unsupported (End-of-Life, EOL) versions are also affected by this vulnerability.
Details CVE
Score CVSS v3.19.8
SeveriteCRITICAL
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie10/26/2021
Derniere modification11/21/2024
Sourcenvd
Observations honeypot0
Produits affectes
sixapart:movable_type
Faiblesses (CWE)
CWE-78
References
http://packetstormsecurity.com/files/164705/Movable-Type-7-r.5002-XMLRPC-API-Remote-Command-Injection.html(vultures@jpcert.or.jp)
http://packetstormsecurity.com/files/164818/Movable-Type-7-r.5002-XMLRPC-API-Remote-Command-Injection.html(vultures@jpcert.or.jp)
https://jvn.jp/en/jp/JVN41119755/index.html(vultures@jpcert.or.jp)
https://movabletype.org/news/2021/10/mt-782-683-released.html(vultures@jpcert.or.jp)
http://packetstormsecurity.com/files/164705/Movable-Type-7-r.5002-XMLRPC-API-Remote-Command-Injection.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/164818/Movable-Type-7-r.5002-XMLRPC-API-Remote-Command-Injection.html(af854a3a-2127-422b-91ae-364da2661108)
https://jvn.jp/en/jp/JVN41119755/index.html(af854a3a-2127-422b-91ae-364da2661108)
https://movabletype.org/news/2021/10/mt-782-683-released.html(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.