← back
CVE-2021-33523

CVE-2021-33523

EPSS 1.8%
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 1.8%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
30 Mar 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
MashZone NextGen through 10.7 GA allows a remote authenticated user, with access to the admin console, to upload a new JDBC driver that can execute arbitrary commands on the underlying host. This occurs in com.idsscheer.ppmmashup.business.jdbc.DriverUploadController.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/blackarrowsec/advisories/tree/master/2021/CVE-2021-33523https://www.softwareag.com/corporate/products/az/mashzone_nextgen/default