CVE-2021-21783
Severity CVSS v4.0:
Pending analysis
Type:
CWE-190
Integer Overflow or Wraparound
Publication date:
25/03/2021
Last modified:
21/07/2022
Description
A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:genivia:gsoap:2.8.107:*:*:*:*:*:*:* | ||
| cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:* | 8.0.0 (including) | 8.5.0 (including) |
| cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:* | 16.1.0 (including) | 16.4.0 (including) |
| cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:46.7:*:*:*:*:*:*:* | ||
| cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:46.8:*:*:*:*:*:*:* | ||
| cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:46.9:*:*:*:*:*:*:* | ||
| cpe:2.3:a:oracle:communications_lsms:13.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:oracle:communications_lsms:13.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:oracle:communications_lsms:13.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:oracle:communications_lsms:13.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:oracle:tekelec_virtual_operating_environment:*:*:*:*:*:*:*:* | 3.4.0 (including) | 3.7.1 (including) |
To consult the complete list of CPE names with products and versions, see this page