CVE-2021-34371

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-34371
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-34371.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-34371
Aliases
Withdrawn
2024-05-08T06:51:01.291501Z
Published
2021-08-05T20:15:09Z
Modified
2023-12-06T00:46:15.705815Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Neo4j through 3.4.18 (with the shell server enabled) exposes an RMI service that arbitrarily deserializes Java objects, e.g., through setSessionVariable. An attacker can abuse this for remote code execution because there are dependencies with exploitable gadget chains.

References

Affected packages

Git / github.com/neo4j/neo4j

Affected ranges

Type
GIT
Repo
https://github.com/neo4j/neo4j
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected

Affected versions

1.*

1.3
1.4
1.4.1
1.4.2
1.4.M01
1.4.M02
1.4.M03
1.4.M04
1.4.M05
1.4.M06
1.5
1.5.1
1.5.1.RC1
1.5.1.RC2
1.5.1.RC3
1.5.1.RC4
1.5.1.RC5
1.5.1.RC6
1.5.2
1.5.3
1.5.3.RC1
1.5.3.RC2
1.5.3.RC3
1.5.3.RC4
1.5.M01
1.5.M02
1.6
1.6.1
1.6.1.RC1
1.6.1.RC2
1.6.2
1.6.2.RC1
1.6.2.RC2
1.6.3
1.6.M01
1.6.M02
1.6.M03
1.7
1.7.1
1.7.2
1.7.M01
1.7.M02
1.7.M03
1.8
1.8.M01
1.8.M02
1.8.M03
1.8.M04
1.8.M05
1.8.M06
1.8.M07
1.8.M07ENG1
1.9
1.9.3
1.9.4
1.9.9
1.9.M01
1.9.M01ENG1
1.9.M02
1.9.M02ENG3
1.9.RC2

2.*

2.0.0-M04
2.0.0-M05
2.0.1
2.0.2-ENG03
2.0.3
2.0.4-20140514-PREVIEW1
2.0.4-20140520
2.0.5
2.1.1
2.1.4
2.1.5
2.1.5-ENG01
2.1.6
2.1.7
2.1.8
2.2.0
2.2.0-ENG01
2.2.0-M01
2.2.0-M03
2.2.0-RC01
2.2.10
2.2.3
2.2.4
2.2.5
2.2.6
2.2.7
2.2.8
2.2.9
2.3.0
2.3.0-M01
2.3.0-M02
2.3.0-M03
2.3.0-RC1
2.3.1
2.3.10
2.3.11
2.3.12
2.3.2
2.3.3
2.3.4
2.3.5
2.3.6
2.3.7
2.3.8
2.3.9

3.*

3.0.0
3.0.0-M01
3.0.0-M02
3.0.0-M03
3.0.0-M04
3.0.0-M05
3.0.0-RC1
3.0.1
3.0.10
3.0.11
3.0.12
3.0.2
3.0.3
3.0.4
3.0.5
3.0.6
3.0.6-ENG01
3.0.7
3.0.8
3.0.9
3.1.0
3.1.0-BETA1
3.1.0-M01
3.1.0-M02
3.1.0-M03
3.1.0-M04
3.1.0-M05
3.1.0-M06
3.1.0-M07
3.1.0-M08
3.1.0-M09
3.1.0-M10
3.1.0-M12-beta2
3.1.0-M13-beta3
3.1.0-RC1
3.1.1
3.1.2
3.1.3
3.1.4
3.1.5
3.1.6
3.1.7
3.1.8
3.1.9
3.2.0
3.2.0-alpha01
3.2.0-alpha02
3.2.0-alpha03
3.2.0-alpha04
3.2.0-alpha05
3.2.0-alpha06
3.2.0-alpha07
3.2.0-alpha08
3.2.0-rc1
3.2.0-rc2
3.2.0-rc3
3.2.1
3.2.10
3.2.11
3.2.12
3.2.13
3.2.14
3.2.2
3.2.3
3.2.4
3.2.5
3.2.6
3.2.7
3.2.8
3.2.9
3.3.0
3.3.0-alpha01
3.3.0-alpha02
3.3.0-alpha03
3.3.0-alpha04
3.3.0-alpha05
3.3.0-alpha06
3.3.0-alpha07
3.3.0-beta01
3.3.0-beta02
3.3.0-rc1
3.3.1
3.3.2
3.3.3
3.3.4
3.3.5
3.3.6
3.3.7
3.3.8
3.3.9
3.4.0
3.4.0-alpha01
3.4.0-alpha02
3.4.0-alpha03
3.4.0-alpha04
3.4.0-alpha05
3.4.0-alpha06
3.4.0-alpha07
3.4.0-alpha08
3.4.0-alpha09
3.4.0-alpha10
3.4.0-beta01
3.4.0-beta02
3.4.0-rc01
3.4.0-rc02
3.4.1
3.4.10
3.4.11
3.4.12
3.4.13
3.4.14
3.4.15
3.4.16
3.4.17
3.4.18
3.4.2
3.4.4
3.4.5
3.4.6
3.4.7
3.4.8
3.4.9

browser-0.*

browser-0.1.24