{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T04:36:42.941","vulnerabilities":[{"cve":{"id":"CVE-2021-37578","sourceIdentifier":"security@apache.org","published":"2021-07-29T07:15:06.693","lastModified":"2024-11-21T06:15:27.670","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Apache jUDDI uses several classes related to Java's Remote Method Invocation (RMI) which (as an extension to UDDI) provides an alternate transport for accessing UDDI services. RMI uses the default Java serialization mechanism to pass parameters in RMI invocations. A remote attacker can send a malicious serialized object to the above RMI entries. The objects get deserialized without any check on the incoming data. In the worst case, it may let the attacker run arbitrary code remotely. For both jUDDI web service applications and jUDDI clients, the usage of RMI is disabled by default. Since this is an optional feature and an extension to the UDDI protocol, the likelihood of impact is low. Starting with 3.3.10, all RMI related code was removed."},{"lang":"es","value":"Apache jUDDI utiliza varias clases relacionadas con la Invocación Remota de Métodos (RMI) de Java que (como una extensión de UDDI) proporciona un transporte alternativo para acceder a los servicios UDDI. RMI utiliza el mecanismo de serialización de Java por defecto para pasar parámetros en las invocaciones RMI. Un atacante remoto puede enviar un objeto serializado malicioso a las entradas RMI mencionadas. Los objetos se deserializan sin ninguna comprobación de los datos entrantes. En el peor de los casos, puede permitir al atacante ejecutar código arbitrario de forma remota. Tanto para las aplicaciones de servicios web jUDDI como para los clientes jUDDI, el uso de RMI está deshabilitado por defecto. Dado que se trata de una característica opcional y una extensión del protocolo UDDI, la probabilidad de impacto es baja. A partir de la versión 3.3.10, se ha eliminado todo el código relacionado con RMI"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:juddi:*:*:*:*:*:*:*:*","versionEndExcluding":"3.3.10","matchCriteriaId":"4C7936C1-5F3F-4399-8076-12D4E2E21D15"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2021/07/29/1","source":"security@apache.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.apache.org/thread.html/r82047b3ba774cf870ea8e1e9ec51c6107f6cd056d4e36608148c6e71%40%3Cprivate.juddi.apache.org%3E","source":"security@apache.org","tags":["Broken Link","Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2021/07/29/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.apache.org/thread.html/r82047b3ba774cf870ea8e1e9ec51c6107f6cd056d4e36608148c6e71%40%3Cprivate.juddi.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Mailing List","Third Party Advisory"]}]}}]}