CVE-2021-42550 vulnerability in Qos and Other Products
Published on December 16, 2021
RCE from attacker with configuration edit priviledges through JNDI lookup
Vulnerability Analysis
CVE-2021-42550 is exploitable with network access, and requires user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
What is a Marshaling, Unmarshaling Vulnerability?
The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.
CVE-2021-42550 has been classified to as a Marshaling, Unmarshaling vulnerability or weakness.
Products Associated with CVE-2021-42550
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-42550 are published in these products:
Affected Versions
QOS.ch logback:- Version unspecified and below 1.2.9 is affected.
- Version unspecified and below 1.3.0-alpha11 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.