CVE-2021-27198

CRITICAL

VisualWare MyConnection Server < 11.1a - Unauthenticated Remote Code Execution via Arbitrary File Upload

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-27198. PoCs published by rwincey.

AI-analyzed exploit summary This PoC exploits CVE-2021-27198, a remote code execution vulnerability in Visualware MyConnection Server. It uploads a malicious JAR file via a cron job on Linux or directly on Windows, then activates the server to trigger execution.

Description

An issue was discovered in Visualware MyConnection Server before v11.1a. Unauthenticated Remote Code Execution can occur via Arbitrary File Upload in the web service when using a myspeed/sf?filename= URI. This application is written in Java and is thus cross-platform. The Windows installation runs as SYSTEM, which means that exploitation gives one Administrator privileges on the target system.

Exploits (1)

nomisec WORKING POC

by rwincey · poc

https://github.com/rwincey/CVE-2021-27198

View Code ZIP pw:eip

This PoC exploits CVE-2021-27198, a remote code execution vulnerability in Visualware MyConnection Server. It uploads a malicious JAR file via a cron job on Linux or directly on Windows, then activates the server to trigger execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Visualware MyConnection Server

Auth required

Prerequisites: Network access to target · Valid credentials (default: admin/admin123) · Target OS type (Windows/Linux)

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter T1053 - Scheduled Task/Job

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Product, Vendor Advisory x_refsource_misc

https://myconnectionserver.visualware.com/download.html

Release Notes, Vendor Advisory x_refsource_misc

https://myconnectionserver.visualware.com/support/newrelease.html

Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2021/Feb/81

Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/161571/VisualWare-MyConnection-Server-11.x-Remote-Code-Execution.html

Third Party Advisory x_refsource_misc

https://www.securifera.com/advisories/cve-2021-27198/

Scores

CVSS v3 9.8

EPSS 0.1362

EPSS Percentile 96.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-434

Status published

Products (1)

visualware/myconnection_server < 11.1a

Published Feb 26, 2021

Tracked Since Feb 18, 2026