CVE-2021-22911 Scanner
Detects 'SQL Injection' vulnerability in Rocket.Chat server affects v. 3.11, 3.12 & 3.13.
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 sec
Scan only one
Domain, Ipv4
Toolbox
-
Rocket.Chat server is a popular communication platform used by organizations and individuals alike. This open-source server allows users to create their own private chat rooms or join public ones, share files, and collaborate on projects in real-time. It is known for its flexibility and customizability, making it a preferred choice for many businesses looking for an intuitive communication tool.
However, recently, a vulnerability in Rocket.Chat server dubbed as CVE-2021-22911 has been detected. This vulnerability is caused by an improper input sanitization issue present in versions 3.11, 3.12 and 3.13. If exploited, the flaw could lead to unauthenticated NoSQL injection, potentially resulting in remote code execution (RCE). This could be exploited by attackers to gain unauthorized access to sensitive data, allowing them to execute malicious code on the affected server.
The impact of this vulnerability can be severe as attackers can use it as an entry point to launch further attacks, such as planting malicious files or stealing sensitive information. An attacker may use this vulnerability to steal user credentials, execute arbitrary code or even take control of the targeted server, which would be disastrous for businesses and organizations.
Securityforeveryone.com is an excellent platform that provides in-depth information on vulnerabilities present in digital assets, including Rocket.Chat server. It offers an easy and quick way to detect, manage, and remediate vulnerabilities in real-time with the pro features. By leveraging the site's services, businesses and organizations can easily and quickly learn about vulnerabilities present in their digital assets and address them before they are exploited.
REFERENCES
control security posture