What is CVE-2021-34371?

CVE-2021-34371 is a vulnerability in N/a. Published 2021-08-05.

Is CVE-2021-34371 known to be exploited?

15 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2021-34371

Neo4j through 3.4.18 (with the shell server enabled) exposes an RMI service that arbitrarily deserializes Java objects, e.g., through setSessionVariable. An attacker can abuse this for remote code execution because there are dependencies w…

EPSS: 0.681 (98.6th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

zwjjustdoit/CVE-2021-34371.jar
tavgar/CVE-2021-34371
ARPSyndicate/cvemon
AdeliaNitzsche/Java-Deserialization-Cheat-Sheet
BrittanyKuhn/javascript-tutorial
GrrrDog/Java-Deserialization-Cheat-Sheet
Threekiii/Awesome-Exploit
Threekiii/Awesome-POC
Threekiii/Vulhub-Reproduce
XiaomingX/awesome-poc-for-red-team

References

www.exploit-db.com/exploits/50170 (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-34371?: CVE-2021-34371 is a vulnerability in N/a. Published 2021-08-05.
Is CVE-2021-34371 known to be exploited?: 15 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.