CVE-2021-21783

A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability.

Published: Mar 25, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-21783
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-190

Affected Software
References

Software	From	Fixed in
genivia / gsoap	2.8.107	2.8.107.x
oracle / communications_lsms	13.1	13.1.x
oracle / communications_diameter_signaling_router	8.0.0	8.5.0.x
oracle / tekelec_virtual_operating_environment	3.4.0	3.7.1.x
oracle / communications_lsms	13.2	13.2.x
oracle / communications_lsms	13.3	13.3.x
oracle / communications_lsms	13.4	13.4.x
oracle / communications_eagle_lnp_application_processor	46.7	46.7.x
oracle / communications_eagle_lnp_application_processor	46.8	46.8.x
oracle / communications_eagle_lnp_application_processor	46.9	46.9.x
oracle / communications_eagle_application_processor	16.1.0	16.4.0.x

Vulnerability Database

289,599

CVE-2021-21783