CVE-2021-3855 - Vulnerability Details - OpenCVE

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Liman Central Management System Liman MYS (HTTP/Controllers, CronMail, Jobs modules) allows Command Injection.This issue affects Liman Central Management System: from 1.7.0 before 1.8.3-462.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Liman	Port Mys

Configuration 1 [-]

cpe:2.3:a:liman:port_mys:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://docs.liman.dev/baslangic/guvenlik
https://www.usom.gov.tr/bildirim/tr-23-0109

History

Tue, 11 Mar 2025 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: TR-CERT

Published: 2023-02-24T13:02:08.734Z

Updated: 2025-03-11T15:43:13.116Z

Reserved: 2021-10-04T08:29:56.908Z

Link: CVE-2021-3855

Vulnrichment

Updated: 2024-08-03T17:09:09.556Z

NVD

Status : Modified

Published: 2023-03-01T08:15:10.030

Modified: 2024-11-21T06:22:39.827

Link: CVE-2021-3855

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-3855", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "state": "PUBLISHED", "assignerShortName": "TR-CERT", "dateReserved": "2021-10-04T08:29:56.908Z", "datePublished": "2023-02-24T13:02:08.734Z", "dateUpdated": "2025-03-11T15:43:13.116Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://github.com/limanmys", "defaultStatus": "unaffected", "modules": ["HTTP/Controllers", "CronMail", "Jobs"], "packageName": "Liman MYS", "product": "Liman Central Management System", "repo": "https://github.com/limanmys", "vendor": "Liman Central Management System", "versions": [{"lessThan": "1.8.3-462", "status": "affected", "version": "1.7.0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Mehmet INCE from PRODAFT"}], "datePublic": "2023-02-24T12:55:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Liman Central Management System Liman MYS (HTTP/Controllers, CronMail, Jobs modules) allows Command Injection.<p>This issue affects Liman Central Management System: from 1.7.0 before 1.8.3-462.</p>"}], "value": "Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Liman Central Management System Liman MYS (HTTP/Controllers, CronMail, Jobs modules) allows Command Injection.This issue affects Liman Central Management System: from 1.7.0 before 1.8.3-462.\n\n"}], "impacts": [{"capecId": "CAPEC-248", "descriptions": [{"lang": "en", "value": "CAPEC-248 Command Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-77", "description": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2023-03-26T19:26:20.625Z"}, "references": [{"tags": ["release-notes"], "url": "https://docs.liman.dev/baslangic/guvenlik"}, {"tags": ["government-resource"], "url": "https://www.usom.gov.tr/bildirim/tr-23-0109"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update the Liman Central Management System version to >= 1.8.2-462"}], "value": "Update the Liman Central Management System version to >= 1.8.2-462"}], "source": {"advisory": "TR-23-0109", "defect": ["TR-23-0109"], "discovery": "UNKNOWN"}, "title": "Command Injection in Liman Central Management System", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T17:09:09.556Z"}, "title": "CVE Program Container", "references": [{"tags": ["release-notes", "x_transferred"], "url": "https://docs.liman.dev/baslangic/guvenlik"}, {"tags": ["government-resource", "x_transferred"], "url": "https://www.usom.gov.tr/bildirim/tr-23-0109"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-11T15:43:08.148235Z", "id": "CVE-2021-3855", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-11T15:43:13.116Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://docs.liman.dev/baslangic/guvenlik", "tags": ["release-notes", "x_transferred"]}, {"url": "https://www.usom.gov.tr/bildirim/tr-23-0109", "tags": ["government-resource", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T17:09:09.556Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-3855", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-03-11T15:43:08.148235Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-11T15:42:56.186Z"}}], "cna": {"title": "Command Injection in Liman Central Management System", "source": {"defect": ["TR-23-0109"], "advisory": "TR-23-0109", "discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Mehmet INCE from PRODAFT"}], "impacts": [{"capecId": "CAPEC-248", "descriptions": [{"lang": "en", "value": "CAPEC-248 Command Injection"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/limanmys", "vendor": "Liman Central Management System", "modules": ["HTTP/Controllers", "CronMail", "Jobs"], "product": "Liman Central Management System", "versions": [{"status": "affected", "version": "1.7.0", "lessThan": "1.8.3-462", "versionType": "custom"}], "packageName": "Liman MYS", "collectionURL": "https://github.com/limanmys", "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update the Liman Central Management System version to >= 1.8.2-462", "supportingMedia": [{"type": "text/html", "value": "Update the Liman Central Management System version to >= 1.8.2-462", "base64": false}]}], "datePublic": "2023-02-24T12:55:00.000Z", "references": [{"url": "https://docs.liman.dev/baslangic/guvenlik", "tags": ["release-notes"]}, {"url": "https://www.usom.gov.tr/bildirim/tr-23-0109", "tags": ["government-resource"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Liman Central Management System Liman MYS (HTTP/Controllers, CronMail, Jobs modules) allows Command Injection.This issue affects Liman Central Management System: from 1.7.0 before 1.8.3-462.\n\n", "supportingMedia": [{"type": "text/html", "value": "Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Liman Central Management System Liman MYS (HTTP/Controllers, CronMail, Jobs modules) allows Command Injection.<p>This issue affects Liman Central Management System: from 1.7.0 before 1.8.3-462.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-77", "description": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')"}]}], "providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2023-03-26T19:26:20.625Z"}}}, "cveMetadata": {"cveId": "CVE-2021-3855", "state": "PUBLISHED", "dateUpdated": "2025-03-11T15:43:13.116Z", "dateReserved": "2021-10-04T08:29:56.908Z", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "datePublished": "2023-02-24T13:02:08.734Z", "assignerShortName": "TR-CERT"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:liman:port_mys:*:*:*:*:*:*:*:*", "matchCriteriaId": "6EE085AC-E373-4597-BC34-0BC608DC593A", "versionEndExcluding": "1.8.3-462", "versionStartIncluding": "1.7.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Liman Central Management System Liman MYS (HTTP/Controllers, CronMail, Jobs modules) allows Command Injection.This issue affects Liman Central Management System: from 1.7.0 before 1.8.3-462.\n\n"}], "id": "CVE-2021-3855", "lastModified": "2024-11-21T06:22:39.827", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "iletisim@usom.gov.tr", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-03-01T08:15:10.030", "references": [{"source": "iletisim@usom.gov.tr", "tags": ["Vendor Advisory"], "url": "https://docs.liman.dev/baslangic/guvenlik"}, {"source": "iletisim@usom.gov.tr", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.usom.gov.tr/bildirim/tr-23-0109"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://docs.liman.dev/baslangic/guvenlik"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.usom.gov.tr/bildirim/tr-23-0109"}], "sourceIdentifier": "iletisim@usom.gov.tr", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}], "source": "iletisim@usom.gov.tr", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-77"}], "source": "nvd@nist.gov", "type": "Primary"}]}