CVE-2021-21479
CRITICAL EXPLOITED NUCLEISAP SCIMono < 0.0.19 - Remote Code Execution via Java Expression Injection
Title source: llmExploitation Summary
CVE-2021-21479 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.
Description
In SCIMono before 0.0.19, it is possible for an attacker to inject and execute java expression compromising the availability and integrity of the system.
Nuclei Templates (1)
SCIMono <0.0.19 - Remote Code Execution
CRITICALby dwisiswant0
References (1)
Core 1
Core References
Third Party Advisory x_refsource_confirm
https://github.com/SAP/scimono/security/advisories/GHSA-29q4-gxjq-rx5c
Scores
CVSS v3
9.1
EPSS
0.0871
EPSS Percentile
94.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Details
VulnCheck KEV
2023-11-30
CWE
CWE-74
Status
published
Products (2)
com.sap.scimono/scimono-server
0 - 0.0.19Maven
sap/scimono
< 0.0.19
Published
Feb 09, 2021
Tracked Since
Feb 18, 2026