CVE Tracker

CVE ID	Severity	EPSS	Vendor	Description	Date	Status
CVE-2021-39144	High	94.3%	XStreamXStream	XStream contains a remote code execution vulnerability that allows an attacker to manipulate the processed input stream and replace or inject objects that result in the execution of a local command on the server. This vulnerability can affect multiple products, including but not limited to VMware Cloud Foundation.	Mar 10, 2023	KEV
CVE-2017-9805	High	94.3%	ApacheStruts	Apache Struts REST Plugin uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to remote code execution when deserializing XML payloads.	Nov 3, 2021	KEV

CVE-2021-39144KEV

High

XStream contains a remote code execution vulnerability that allows an attacker to manipulate the processed input stream and replace or inject objects that result in the execution of a local command on the server. This vulnerability can affect multiple products, including but not limited to VMware Cloud Foundation.

XStreamEPSS 94.3%

CVE-2017-9805KEV

High

Apache Struts REST Plugin uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to remote code execution when deserializing XML payloads.

ApacheEPSS 94.3%