{"id":"CVE-2021-36981","details":"In the server in SerNet verinice before 1.22.2, insecure Java deserialization allows remote authenticated attackers to execute arbitrary code.","modified":"2026-04-10T04:45:22.819739Z","published":"2021-08-31T04:15:10.580Z","references":[{"type":"REPORT","url":"https://github.com/0xBrAinsTorM/CVE-2021-36981"},{"type":"FIX","url":"https://github.com/SerNet/verinice/compare/1.22.1...1.22.2"},{"type":"FIX","url":"https://verinice.com/en/support/security-advisory"},{"type":"EVIDENCE","url":"https://www.secianus.de/worum-geht-es/aktuelle-meldung/cve-2021-36981-verinicepro-unsafe-java-deserialization"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/sernet/verinice","events":[{"introduced":"0"},{"fixed":"22bc904591fec815c2ccc6d3505b45c4088c6f69"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.22.2"}]}}],"versions":["1.21.0","1.22.0","1.22.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-36981.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}