CVE-2021-34539

HIGH

Cubecoders Amp < 2.1.1.8 - Exposure to Wrong Actor

Title source: rule

Description

An issue was discovered in CubeCoders AMP before 2.1.1.8. A lack of validation of the Java Version setting means that an unintended executable path can be set. The result is that high-privileged users can trigger code execution.

References (1)

[Third Party Advisory] https://github.com/CubeCoders/AMP/issues/464

Scores

CVSS v3 7.2

EPSS 0.0092

EPSS Percentile 75.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-668

Status published

Affected Products (1)

cubecoders/amp < 2.1.1.8

Timeline

Published Jun 10, 2021

Tracked Since Feb 18, 2026