CVE-2021-34371

Name of the Vulnerable Software and Affected Versions: Neo4j versions prior to 3.4.18

Description: The issue allows for remote code execution due to the arbitrary deserialization of Java objects. This can be achieved through the setSessionVariable function, which is part of the RMI service exposed when the shell server is enabled. The presence of dependencies with exploitable gadget chains makes this possible.

Recommendations: For versions prior to 3.4.18, consider disabling the shell server to prevent exposure of the RMI service as a temporary workaround. Restrict access to the setSessionVariable function to minimize the risk of exploitation.