CVE-2021-27335

CRITICAL

KollectApps <4.8.16c - RCE

Title source: llm

Description

KollectApps before 4.8.16c is affected by insecure Java deserialization, leading to Remote Code Execution via a ysoserial.payloads.CommonsCollections parameter.

References (1)

[Exploit, Third Party Advisory] https://hacked0x90.net/index.php/2021/02/15/kollectapp-insecure-java-deserialization/

Scores

CVSS v3 9.8

EPSS 0.0199

EPSS Percentile 83.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-502

Status published

Affected Products (1)

kollectapp/kollect < 4.8.16c

Timeline

Published Feb 18, 2021

Tracked Since Feb 18, 2026