Login Sign Up

CVE-2021-33207

9.8 CRITICAL
Remote Code Execution Deserialization

📋 TL;DR

CVE-2021-33207 is a critical deserialization vulnerability in MashZone NextGen's HTTP client that allows remote code execution when processing HTTP responses with status code 570. This affects all organizations running vulnerable versions of MashZone NextGen through network-accessible instances.

💻 Affected Systems

Products:
  • Software AG MashZone NextGen
Versions: All versions through 10.7 GA
Operating Systems: All supported platforms
Default Config Vulnerable: ⚠️ Yes
Notes: All installations are vulnerable by default when the HTTP client processes responses.

📦 What is this software?

Mashzone Nextgen by Softwareag

View all CVEs affecting Mashzone Nextgen →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise leading to complete data exfiltration, lateral movement within the network, and persistent backdoor installation.

🟠

Likely Case

Remote code execution allowing attackers to execute arbitrary commands, steal sensitive data, and disrupt business operations.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls, potentially only affecting isolated MashZone instances.

🌐 Internet-Facing: HIGH - Directly exploitable over HTTP without authentication, making internet-facing instances immediate targets.
🏢 Internal Only: HIGH - Even internal instances are vulnerable to internal attackers or compromised systems within the network.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires sending crafted HTTP responses with status code 570 to trigger deserialization.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 10.7 GA

Vendor Advisory: https://www.softwareag.com/corporate/products/az/mashzone_nextgen/default

Restart Required: Yes

Instructions:

1. Upgrade to MashZone NextGen version after 10.7 GA. 2. Apply all security patches from Software AG. 3. Restart the MashZone NextGen service.

🔧 Temporary Workarounds

Network Filtering

all

Block or filter HTTP responses with status code 570 at network perimeter or WAF

Access Control

all

Restrict network access to MashZone NextGen instances to trusted sources only

🧯 If You Can't Patch

  • Isolate MashZone NextGen instances in separate network segments with strict firewall rules
  • Implement application-level monitoring for unusual HTTP 570 responses and deserialization attempts

🔍 How to Verify

Check if Vulnerable:

Check MashZone NextGen version - if it's 10.7 GA or earlier, it's vulnerable.

Check Version:

Check MashZone NextGen administration console or installation documentation for version information.

Verify Fix Applied:

Verify version is after 10.7 GA and test with controlled HTTP 570 responses.

📡 Detection & Monitoring

Log Indicators:

  • HTTP responses with status code 570
  • Unusual deserialization errors in application logs
  • Unexpected process execution

Network Indicators:

  • HTTP traffic containing status code 570 responses
  • Unusual outbound connections from MashZone servers

SIEM Query:

source="mashzone_logs" AND (status=570 OR "deserialization" OR "java.io.ObjectInputStream")

📊 Metadata

CVE ID: CVE-2021-33207
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-502
Published: April 5, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-33207, you might also want to check these:

CVE-2023-46604 10.0

CVE-2023-46604 is a critical remote code execution vulnerability in Apache ActiveMQ's Java OpenWire ...

Same vulnerability type (CWE-502)
CVE-2023-49772 10.0

This vulnerability allows unauthenticated attackers to execute arbitrary PHP code through deserializ...

Same vulnerability type (CWE-502)
CVE-2024-25100 10.0

This vulnerability allows unauthenticated attackers to inject malicious PHP objects via deserializat...

Same vulnerability type (CWE-502)