cbcvebase.
CVE-2021-3584
published 2021-12-23

CVE-2021-3584: A server side remote code execution vulnerability was found in Foreman project. A authenticated attacker could use Sendmail configuration options to overwrite…

PriorityP351high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
3.89%
88.9th percentile
A server side remote code execution vulnerability was found in Foreman project. A authenticated attacker could use Sendmail configuration options to overwrite the defaults and perform command injection. The highest threat from this vulnerability is to confidentiality, integrity and availability of system. Fixed releases are 2.4.1, 2.5.1, 3.0.0.

Affected

5 ranges
VendorProductVersion rangeFixed in
redhatsatellite
theforemanforeman< 2.4.12.4.1
theforemanforeman
theforemanforeman
theforemanforeman>= 2.5.0 < 2.5.12.5.1

CVSS provenance

nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
vendor_redhat7.2HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.