CVE-2021-3584

HIGH Year: 2021
CVSS v3 Score
7.2
High
CVSS v2 Score
9.0
Critical
Weakness Type
CWE-78
View all →

Vulnerability Description

A server side remote code execution vulnerability was found in Foreman project. A authenticated attacker could use Sendmail configuration options to overwrite the defaults and perform command injection. The highest threat from this vulnerability is to confidentiality, integrity and availability of system. Fixed releases are 2.4.1, 2.5.1, 3.0.0.

Related Vulnerabilities

CVE-2013-3322

HIGH
CVSS:7.2(High)

NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to inject arbitrary commands in the Halt/Reboot interface.

CWE-782013

CVE-2015-2201

HIGH
CVSS:7.2(High)

Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows VisualRF remote OS command execution and file disclosure by administrative users.

CWE-782015

CVE-2016-11021

HIGH
CVSS:7.2(High)

setSystemCommand on D-Link DCS-930L devices before 2.12 allows a remote attacker to execute code via an OS command in the SystemCommand parameter.

CWE-782016

CVE-2016-11022

HIGH
CVSS:7.2(High)

NETGEAR Prosafe WC9500 5.1.0.17, WC7600 5.1.0.17, and WC7520 2.5.0.35 devices allow a remote attacker to execute code with root privileges via shell metacharacters in the reqMethod parameter to login_...

CWE-782016

CVE-2016-11054

HIGH
CVSS:7.2(High)

NETGEAR DGN2200v4 devices before 2017-01-06 are affected by command execution and an FTP insecure root directory.

CWE-782016

CVE-2016-6373

HIGH
CVSS:7.2(High)

The web-based GUI in Cisco Cloud Services Platform (CSP) 2100 2.0 allows remote authenticated administrators to execute arbitrary OS commands as root via crafted platform commands, aka Bug ID CSCva005...

CWE-782016