CVE-2021-41766 — Deserialization of Untrusted Data in Software Foundation Apache Karaf
Severity
8.1HIGHNVD
EPSS
0.5%
top 34.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 26
Latest updateJan 28
Description
Apache Karaf allows monitoring of applications and the Java runtime by using the Java Management Extensions (JMX). JMX is a Java RMI based technology that relies on Java serialized objects for client server communication. Whereas the default JMX implementation is hardened against unauthenticated deserialization attacks, the implementation used by Apache Karaf is not protected against this kind of attack. The impact of Java deserialization vulnerabilities strongly depends on the classes that are …
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9