{"containers": {"cna": {"affected": [{"product": "OpenOLAT", "vendor": "OpenOLAT", "versions": [{"status": "affected", "version": "< 15.3.18"}, {"status": "affected", "version": ">= 15.4.0, < 15.5.3"}]}], "descriptions": [{"lang": "en", "value": "OpenOlat is a web-based learning management system (LMS). Prior to version 15.3.18, 15.5.3, and 16.0.0, using a prepared import XML file (e.g. a course) any class on the Java classpath can be instantiated, including spring AOP bean factories. This can be used to execute code arbitrary code by the attacker. The attack requires an OpenOlat user account with the authoring role. It can not be exploited by unregistered users. The problem is fixed in versions 15.3.18, 15.5.3, and 16.0.0. There are no known workarounds aside from upgrading."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-91", "description": "CWE-91: XML Injection (aka Blind XPath Injection)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-09-01T19:45:11", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/OpenOLAT/OpenOLAT/security/advisories/GHSA-596v-3gwh-2m9w"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/OpenOLAT/OpenOLAT/commit/3f219ac457afde82e3be57bc614352ab92c05684"}, {"tags": ["x_refsource_MISC"], "url": "https://jira.openolat.org/browse/OO-5548"}], "source": {"advisory": "GHSA-596v-3gwh-2m9w", "discovery": "UNKNOWN"}, "title": "Unsafe Deserialization of User Data Using XStream", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-39181", "STATE": "PUBLIC", "TITLE": "Unsafe Deserialization of User Data Using XStream"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "OpenOLAT", "version": {"version_data": [{"version_value": "< 15.3.18"}, {"version_value": ">= 15.4.0, < 15.5.3"}]}}]}, "vendor_name": "OpenOLAT"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "OpenOlat is a web-based learning management system (LMS). Prior to version 15.3.18, 15.5.3, and 16.0.0, using a prepared import XML file (e.g. a course) any class on the Java classpath can be instantiated, including spring AOP bean factories. This can be used to execute code arbitrary code by the attacker. The attack requires an OpenOlat user account with the authoring role. It can not be exploited by unregistered users. The problem is fixed in versions 15.3.18, 15.5.3, and 16.0.0. There are no known workarounds aside from upgrading."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-91: XML Injection (aka Blind XPath Injection)"}]}]}, "references": {"reference_data": [{"name": "https://github.com/OpenOLAT/OpenOLAT/security/advisories/GHSA-596v-3gwh-2m9w", "refsource": "CONFIRM", "url": "https://github.com/OpenOLAT/OpenOLAT/security/advisories/GHSA-596v-3gwh-2m9w"}, {"name": "https://github.com/OpenOLAT/OpenOLAT/commit/3f219ac457afde82e3be57bc614352ab92c05684", "refsource": "MISC", "url": "https://github.com/OpenOLAT/OpenOLAT/commit/3f219ac457afde82e3be57bc614352ab92c05684"}, {"name": "https://jira.openolat.org/browse/OO-5548", "refsource": "MISC", "url": "https://jira.openolat.org/browse/OO-5548"}]}, "source": {"advisory": "GHSA-596v-3gwh-2m9w", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T01:58:18.230Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/OpenOLAT/OpenOLAT/security/advisories/GHSA-596v-3gwh-2m9w"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/OpenOLAT/OpenOLAT/commit/3f219ac457afde82e3be57bc614352ab92c05684"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://jira.openolat.org/browse/OO-5548"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2021-39181", "datePublished": "2021-09-01T19:45:11", "dateReserved": "2021-08-16T00:00:00", "dateUpdated": "2024-08-04T01:58:18.230Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:frentix:openolat:*:*:*:*:*:*:*:*", "matchCriteriaId": "D18C8612-B20D-48F2-9C01-E85A5E518CD7", "versionEndExcluding": "15.3.18", "vulnerable": true}, {"criteria": "cpe:2.3:a:frentix:openolat:*:*:*:*:*:*:*:*", "matchCriteriaId": "9D657DED-9FB5-4E6E-BC7A-2E9F008F2C22", "versionEndExcluding": "15.5.3", "versionStartIncluding": "15.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "OpenOlat is a web-based learning management system (LMS). Prior to version 15.3.18, 15.5.3, and 16.0.0, using a prepared import XML file (e.g. a course) any class on the Java classpath can be instantiated, including spring AOP bean factories. This can be used to execute code arbitrary code by the attacker. The attack requires an OpenOlat user account with the authoring role. It can not be exploited by unregistered users. The problem is fixed in versions 15.3.18, 15.5.3, and 16.0.0. There are no known workarounds aside from upgrading."}, {"lang": "es", "value": "OpenOlat es un sistema de administraci\u00f3n de aprendizaje (LMS) basado en la web. En versiones anteriores a 15.3.18, 15.5.3 y 16.0.0, usando un archivo XML de importaci\u00f3n preparado (por ejemplo, un curso) se puede instanciar cualquier clase en el classpath de Java, incluyendo las f\u00e1bricas de beans de Spring AOP. Esto puede ser usado para ejecutar c\u00f3digo arbitrario por el atacante. El ataque requiere una cuenta de usuario de OpenOlat con el rol de autor. No puede ser explotado por usuarios no registrados. El problema est\u00e1 corregido en las versiones 15.3.18, 15.5.3 y 16.0.0. No se conocen soluciones aparte de la actualizaci\u00f3n"}], "id": "CVE-2021-39181", "lastModified": "2024-11-21T06:18:49.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2021-09-01T20:15:07.383", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/OpenOLAT/OpenOLAT/commit/3f219ac457afde82e3be57bc614352ab92c05684"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/OpenOLAT/OpenOLAT/security/advisories/GHSA-596v-3gwh-2m9w"}, {"source": "security-advisories@github.com", "tags": ["Permissions Required"], "url": "https://jira.openolat.org/browse/OO-5548"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/OpenOLAT/OpenOLAT/commit/3f219ac457afde82e3be57bc614352ab92c05684"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/OpenOLAT/OpenOLAT/security/advisories/GHSA-596v-3gwh-2m9w"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "https://jira.openolat.org/browse/OO-5548"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-91"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}