cbcvebase.
CVE-2021-28472
published 2021-04-13

CVE-2021-28472: Visual Studio Code Maven for Java Extension Remote Code Execution Vulnerability

PriorityP357high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
63.03%
99.1th percentile
Visual Studio Code Maven for Java Extension Remote Code Execution Vulnerability

Affected

3 ranges
VendorProductVersion rangeFixed in
microsoftvisual_studio_code_maven_for_java_extension< publicationpublication
microsoftvscode-maven< 0.29.00.29.0
msrcvisual_studio_code_maven_for_java_extension

Detection & IOCsextracted from sources · hover to see the quote

  • ·No technical exploitation details, PoC, or indicators of compromise are publicly available for this CVE. Microsoft has confirmed it has NOT been publicly disclosed or exploited in the wild, and exploitation is rated 'Less Likely' for all software releases.
  • ·The affected component is the Visual Studio Code Maven for Java Extension. Remediation is via the extension's release notes/update on the VS Code Marketplace.

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vendor_msrc7.8HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.