CVE-2021-42559

Name of the Vulnerable Software and Affected Versions CALDERA version 2.8.1

Description An issue was discovered in CALDERA where multiple startup "requirements" execute commands when starting the server. Because these commands can be changed via the REST API, an authenticated user can insert arbitrary commands that will execute when the server is restarted.

Recommendations For CALDERA version 2.8.1, consider restricting access to the REST API to prevent authenticated users from inserting arbitrary commands. As a temporary workaround, consider disabling the startup "requirements" that execute commands when starting the server until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.