What is CVE-2021-20318?

CVE-2021-20318 is a vulnerability in the HornetQ component of Artemis in EAP 7 that allows a remote attacker to execute arbitrary code with the permissions of the application using a JMS ObjectMessage.

What is the severity of CVE-2021-20318?

CVE-2021-20318 has a severity rating of 7.2, which is classified as high.

Which software versions are affected by CVE-2021-20318?

CVE-2021-20318 affects Redhat Jboss Enterprise Application Platform versions 7.3.9 and 7.4.0, as well as versions of eap7-hornetq up to 2.4.8-1.Final_redhat_00001.1.el8ea and 2.4.8-1.Final_redhat_00001.1.el7ea.

How can CVE-2021-20318 be fixed?

To fix CVE-2021-20318, it is recommended to update to version 2.4.8-1.Final_redhat_00001.1.el8ea or later for eap7-hornetq, or follow the guidance provided by Red Hat in their RHSA-2022:0404 advisory.

Where can I find more information about CVE-2021-20318?

More information about CVE-2021-20318 can be found on the CVE website, NIST National Vulnerability Database, Red Hat Bugzilla, and Red Hat Access website.

Vulnerability/
CVE-2021-20318

high

7.2

CWE

502

5/10/2021

23/12/2021

3/8/2024

CVE-2021-20318

First published: Tue Oct 05 2021(Updated: )

The HornetQ component of Artemis in EAP 7 was not updated with the fix for CVE-2016-4978. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using a JMS ObjectMessage.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
redhat/eap7-hornetq	<0:2.4.8-1.Final_redhat_00001.1.el8ea	0:2.4.8-1.Final_redhat_00001.1.el8ea
redhat/eap7-hornetq	<0:2.4.8-1.Final_redhat_00001.1.el7ea	0:2.4.8-1.Final_redhat_00001.1.el7ea
Redhat Jboss Enterprise Application Platform	=7.3.9-general_availability
Redhat Jboss Enterprise Application Platform	=7.4.0-general_availability

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

What is CVE-2021-20318?
CVE-2021-20318 is a vulnerability in the HornetQ component of Artemis in EAP 7 that allows a remote attacker to execute arbitrary code with the permissions of the application using a JMS ObjectMessage.
What is the severity of CVE-2021-20318?
CVE-2021-20318 has a severity rating of 7.2, which is classified as high.
Which software versions are affected by CVE-2021-20318?
CVE-2021-20318 affects Redhat Jboss Enterprise Application Platform versions 7.3.9 and 7.4.0, as well as versions of eap7-hornetq up to 2.4.8-1.Final_redhat_00001.1.el8ea and 2.4.8-1.Final_redhat_00001.1.el7ea.
How can CVE-2021-20318 be fixed?
To fix CVE-2021-20318, it is recommended to update to version 2.4.8-1.Final_redhat_00001.1.el8ea or later for eap7-hornetq, or follow the guidance provided by Red Hat in their RHSA-2022:0404 advisory.
Where can I find more information about CVE-2021-20318?
More information about CVE-2021-20318 can be found on the CVE website, NIST National Vulnerability Database, Red Hat Bugzilla, and Red Hat Access website.

collector/redhat-cve
collector/nvd-index
agent/type
agent/softwarecombine
agent/first-publish-date
agent/tags
agent/author
agent/weakness
agent/references
agent/severity
agent/description
agent/event
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2021-20318
agent/last-modified-date
collector/mitre-cve
source/MITRE
package-manager/redhat
vendor/redhat
canonical/redhat jboss enterprise application platform
version/redhat jboss enterprise application platform/7.3.9-general_availability
version/redhat jboss enterprise application platform/7.4.0-general_availability