CVE-2021-36981
HIGHSernet Verinice < 1.22.2 - Insecure Deserialization
Title source: ruleDescription
In the server in SerNet verinice before 1.22.2, insecure Java deserialization allows remote authenticated attackers to execute arbitrary code.
Exploits (1)
References (4)
Scores
CVSS v3
8.8
EPSS
0.1650
EPSS Percentile
94.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Classification
CWE
CWE-502
Status
published
Affected Products (1)
sernet/verinice
< 1.22.2
Timeline
Published
Aug 31, 2021
Tracked Since
Feb 18, 2026