CVE-2021-20318

The HornetQ component of Artemis in EAP 7 was not updated with the fix for CVE-2016-4978. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using a JMS ObjectMessage.

Weakness

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

Affected Software

Name	Vendor	Start Version	End Version
Jboss_enterprise_application_platform	Redhat	7.3.9-general_availability (including)	7.3.9-general_availability (including)
Jboss_enterprise_application_platform	Redhat	7.4.0-general_availability (including)	7.4.0-general_availability (including)
Red Hat JBoss Enterprise Application Platform	RedHat	org.hornetq/hornetq-jms-client:2.4.8.Final-redhat-00001	*
Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8	RedHat	eap7-hornetq-0:2.4.8-1.Final_redhat_00001.1.el8eap	*
Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7	RedHat	eap7-hornetq-0:2.4.8-1.Final_redhat_00001.1.el7eap	*

Potential Mitigations

Make fields transient to protect them from deserialization.
An attempt to serialize and then deserialize a class containing transient fields will result in NULLs where the transient data should be. This is an excellent way to prevent time, environment-based, or sensitive variables from being carried over and used improperly.

https://cwe.mitre.org/data/definitions/586.html

NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-20318
CWE	https://cwe.mitre.org/data/definitions/502.html

Deserialization of Untrusted Data

Weakness

Affected Software

Potential Mitigations

References

CVE-2021-20318

Deserialization of Untrusted Data

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References