CVE-2021-46384
Remote code execution in net.mingsoft:ms-mcms
9.8
CRITICAL
CVSS 3.1
EPSS 12.3%
Description
net.mingsoft:ms-mcms <=5.2.5 is affected by: RCE. The impact is: execute arbitrary code (remote). The attack vector is: ${"freemarker.template.utility.Execute"?new()("calc")}. ¶¶ MCMS has a pre-auth RCE vulnerability through which allows unauthenticated attacker with network access via http to compromise MCMS. Successful attacks of this vulnerability can result in takeover of MCMS.
How to fix CVE-2021-46384
To remediate CVE-2021-46384, upgrade the affected package to a fixed version below.
- —upgrade to 5.2.6 or later
Is CVE-2021-46384 being exploited?
Moderate — EPSS is 12.3%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- from 0, < 5.2.6
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |