How severe is CVE-2021-37181?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 10 out of 10.

What type of vulnerability is CVE-2021-37181?

This is classified as CWE-502, which is a common weakness in software security.

CVE-2021-37181

CRITICAL Year: 2021

CVSS v3 Score

10.0

Critical

CVSS v2 Score

7.5

High

Weakness Type

CWE-502

View all →

Vulnerability Description

A vulnerability has been identified in Cerberus DMS V4.0 (All versions), Cerberus DMS V4.1 (All versions), Cerberus DMS V4.2 (All versions), Cerberus DMS V5.0 (All versions < v5.0 QU1), Desigo CC Compact V4.0 (All versions), Desigo CC Compact V4.1 (All versions), Desigo CC Compact V4.2 (All versions), Desigo CC Compact V5.0 (All versions < V5.0 QU1), Desigo CC V4.0 (All versions), Desigo CC V4.1 (All versions), Desigo CC V4.2 (All versions), Desigo CC V5.0 (All versions < V5.0 QU1). The application deserialises untrusted data without sufficient validations, that could result in an arbitrary deserialization. This could allow an unauthenticated attacker to execute code in the affected system. The CCOM communication component used for Windows App / Click-Once and IE Web / XBAP client connectivity are affected by the vulnerability.

CVE-2018-19276

CRITICAL

CVSS:10.0(Critical)

OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated user to execute arbitrary commands on the targeted system via crafted XML data in a...

CWE-5022018

CVE-2018-3972

CRITICAL

CVSS:10.0(Critical)

An exploitable code execution vulnerability exists in the Levin deserialization functionality of the Epee library, as used in Monero 'Lithium Luna' (v0.12.2.0-master-ffab6700) and other cryptocurrenci...

CWE-5022018

CVE-2019-19810

CRITICAL

CVSS:10.0(Critical)

Zoom Call Recording 6.3.1 from Eleveo is vulnerable to Java Deserialization attacks targeting the inbuilt RMI service. A remote unauthenticated attacker can exploit this vulnerability by sending craft...

CWE-5022019

CVE-2020-15148

CRITICAL

CVSS:10.0(Critical)

Yii 2 (yiisoft/yii2) before version 2.0.38 is vulnerable to remote code execution if the application calls `unserialize()` on arbitrary user input. This is fixed in version 2.0.38. A possible workarou...

CWE-5022020

CVE-2022-38650

CRITICAL

CVSS:10.0(Critical)

A remote unauthenticated insecure deserialization vulnerability exists in VMware Hyperic Server 5.8.6. Exploitation of this vulnerability enables a malicious party to run arbitrary code or malware wit...

CWE-5022022

CVE-2023-45146

CRITICAL

CVSS:10.0(Critical)

XXL-RPC is a high performance, distributed RPC framework. With it, a TCP server can be set up using the Netty framework and the Hessian serialization mechanism. When such a configuration is used, atta...

CWE-5022023

CVE-2021-37181

Vulnerability Description

Related Vulnerabilities

CVE-2018-19276

CVE-2018-3972

CVE-2019-19810

CVE-2020-15148

CVE-2022-38650

CVE-2023-45146