CVE-2021-3855 - Vulnerability Details - OpenCVE

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Liman Central Management System Liman MYS (HTTP/Controllers, CronMail, Jobs modules) allows Command Injection.This issue affects Liman Central Management System: from 1.7.0 before 1.8.3-462.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.01763.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Liman	Port Mys

Configuration 1 [-]

cpe:2.3:a:liman:port_mys:*:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2021-27095	Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Liman Central Management System Liman MYS (HTTP/Controllers, CronMail, Jobs modules) allows Command Injection.This issue affects Liman Central Management System: from 1.7.0 before 1.8.3-462.

Fixes

Solution

Update the Liman Central Management System version to >= 1.8.2-462

Workaround

No workaround given by the vendor.

References

Link	Providers
https://docs.liman.dev/baslangic/guvenlik
https://www.usom.gov.tr/bildirim/tr-23-0109

History

Tue, 11 Mar 2025 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: TR-CERT

Published: 2023-02-24T13:02:08.734Z

Updated: 2025-03-11T15:43:13.116Z

Reserved: 2021-10-04T08:29:56.908Z

Link: CVE-2021-3855

Vulnrichment

Updated: 2024-08-03T17:09:09.556Z

NVD

Status : Modified

Published: 2023-03-01T08:15:10.030

Modified: 2024-11-21T06:22:39.827

Link: CVE-2021-3855

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-3855", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "state": "PUBLISHED", "assignerShortName": "TR-CERT", "dateReserved": "2021-10-04T08:29:56.908Z", "datePublished": "2023-02-24T13:02:08.734Z", "dateUpdated": "2025-03-11T15:43:13.116Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://github.com/limanmys", "defaultStatus": "unaffected", "modules": ["HTTP/Controllers", "CronMail", "Jobs"], "packageName": "Liman MYS", "product": "Liman Central Management System", "repo": "https://github.com/limanmys", "vendor": "Liman Central Management System", "versions": [{"lessThan": "1.8.3-462", "status": "affected", "version": "1.7.0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Mehmet INCE from PRODAFT"}], "datePublic": "2023-02-24T12:55:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Liman Central Management System Liman MYS (HTTP/Controllers, CronMail, Jobs modules) allows Command Injection.<p>This issue affects Liman Central Management System: from 1.7.0 before 1.8.3-462.</p>"}], "value": "Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Liman Central Management System Liman MYS (HTTP/Controllers, CronMail, Jobs modules) allows Command Injection.This issue affects Liman Central Management System: from 1.7.0 before 1.8.3-462.\n\n"}], "impacts": [{"capecId": "CAPEC-248", "descriptions": [{"lang": "en", "value": "CAPEC-248 Command Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-77", "description": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2023-03-26T19:26:20.625Z"}, "references": [{"tags": ["release-notes"], "url": "https://docs.liman.dev/baslangic/guvenlik"}, {"tags": ["government-resource"], "url": "https://www.usom.gov.tr/bildirim/tr-23-0109"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update the Liman Central Management System version to >= 1.8.2-462"}], "value": "Update the Liman Central Management System version to >= 1.8.2-462"}], "source": {"advisory": "TR-23-0109", "defect": ["TR-23-0109"], "discovery": "UNKNOWN"}, "title": "Command Injection in Liman Central Management System", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T17:09:09.556Z"}, "title": "CVE Program Container", "references": [{"tags": ["release-notes", "x_transferred"], "url": "https://docs.liman.dev/baslangic/guvenlik"}, {"tags": ["government-resource", "x_transferred"], "url": "https://www.usom.gov.tr/bildirim/tr-23-0109"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-11T15:43:08.148235Z", "id": "CVE-2021-3855", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-11T15:43:13.116Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://docs.liman.dev/baslangic/guvenlik", "tags": ["release-notes", "x_transferred"]}, {"url": "https://www.usom.gov.tr/bildirim/tr-23-0109", "tags": ["government-resource", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T17:09:09.556Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-3855", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-03-11T15:43:08.148235Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-11T15:42:56.186Z"}}], "cna": {"title": "Command Injection in Liman Central Management System", "source": {"defect": ["TR-23-0109"], "advisory": "TR-23-0109", "discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Mehmet INCE from PRODAFT"}], "impacts": [{"capecId": "CAPEC-248", "descriptions": [{"lang": "en", "value": "CAPEC-248 Command Injection"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/limanmys", "vendor": "Liman Central Management System", "modules": ["HTTP/Controllers", "CronMail", "Jobs"], "product": "Liman Central Management System", "versions": [{"status": "affected", "version": "1.7.0", "lessThan": "1.8.3-462", "versionType": "custom"}], "packageName": "Liman MYS", "collectionURL": "https://github.com/limanmys", "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update the Liman Central Management System version to >= 1.8.2-462", "supportingMedia": [{"type": "text/html", "value": "Update the Liman Central Management System version to >= 1.8.2-462", "base64": false}]}], "datePublic": "2023-02-24T12:55:00.000Z", "references": [{"url": "https://docs.liman.dev/baslangic/guvenlik", "tags": ["release-notes"]}, {"url": "https://www.usom.gov.tr/bildirim/tr-23-0109", "tags": ["government-resource"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Liman Central Management System Liman MYS (HTTP/Controllers, CronMail, Jobs modules) allows Command Injection.This issue affects Liman Central Management System: from 1.7.0 before 1.8.3-462.\n\n", "supportingMedia": [{"type": "text/html", "value": "Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Liman Central Management System Liman MYS (HTTP/Controllers, CronMail, Jobs modules) allows Command Injection.<p>This issue affects Liman Central Management System: from 1.7.0 before 1.8.3-462.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-77", "description": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')"}]}], "providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2023-03-26T19:26:20.625Z"}}}, "cveMetadata": {"cveId": "CVE-2021-3855", "state": "PUBLISHED", "dateUpdated": "2025-03-11T15:43:13.116Z", "dateReserved": "2021-10-04T08:29:56.908Z", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "datePublished": "2023-02-24T13:02:08.734Z", "assignerShortName": "TR-CERT"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:liman:port_mys:*:*:*:*:*:*:*:*", "matchCriteriaId": "6EE085AC-E373-4597-BC34-0BC608DC593A", "versionEndExcluding": "1.8.3-462", "versionStartIncluding": "1.7.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Liman Central Management System Liman MYS (HTTP/Controllers, CronMail, Jobs modules) allows Command Injection.This issue affects Liman Central Management System: from 1.7.0 before 1.8.3-462.\n\n"}], "id": "CVE-2021-3855", "lastModified": "2024-11-21T06:22:39.827", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "iletisim@usom.gov.tr", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-03-01T08:15:10.030", "references": [{"source": "iletisim@usom.gov.tr", "tags": ["Vendor Advisory"], "url": "https://docs.liman.dev/baslangic/guvenlik"}, {"source": "iletisim@usom.gov.tr", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.usom.gov.tr/bildirim/tr-23-0109"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://docs.liman.dev/baslangic/guvenlik"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.usom.gov.tr/bildirim/tr-23-0109"}], "sourceIdentifier": "iletisim@usom.gov.tr", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}], "source": "iletisim@usom.gov.tr", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-77"}], "source": "nvd@nist.gov", "type": "Primary"}]}