CVE-2021-42559: Command Injection
First published: Wed Jan 12 2022(Updated: )
An issue was discovered in CALDERA 2.8.1. It contains multiple startup "requirements" that execute commands when starting the server. Because these commands can be changed via the REST API, an authenticated user can insert arbitrary commands that will execute when the server is restarted.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| MITRE CALDERA | <=2.8.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-42559 vulnerability?
CVE-2021-42559 is a command injection vulnerability discovered in CALDERA 2.8.1, which allows an authenticated user to execute arbitrary commands when the server is restarted.
What is the severity of CVE-2021-42559?
CVE-2021-42559 has a severity rating of 8.8 (high).
How does CVE-2021-42559 affect CALDERA?
CVE-2021-42559 affects CALDERA version 2.8.1 by allowing authenticated users to insert arbitrary commands that will execute when the server is restarted.
Is there a fix available for CVE-2021-42559?
Yes, a fix for CVE-2021-42559 is available. It is recommended to update CALDERA to a version that addresses the vulnerability.
Where can I find more information about CVE-2021-42559?
More information about CVE-2021-42559 can be found in the official MITRE CALDERA GitHub repository and CALDERA release notes.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/author
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- vendor/mitre
- canonical/mitre caldera
- version/mitre caldera/2.8.1