CVE-2021-22941

Vulnerability Profile Updated a month ago
Download STIX
Preview STIX
CVE-2021-22941 is a significant software vulnerability identified in Citrix ShareFile, which allows for remote code execution (RCE). This flaw was exploited by the threat actor group known as GOLD MELODY, also referred to as PROPHET SPIDER. The group has been linked to various attacks exploiting security flaws in multiple servers, including Oracle WebLogic, GitLab, Atlassian Confluence, and Citrix ShareFile among others. Their exploitation of this particular vulnerability was first observed in early 2022. Previously in mid-2021, GOLD MELODY had exploited two Oracle WebLogic directory traversal RCE vulnerabilities (CVE-2020-14882 and CVE-2020-14750) for initial access. These actions are part of the group's established pattern of exploiting known vulnerabilities in internet-exposed servers as initial access vectors. They have targeted a variety of systems, including Oracle E-Business, WebLogic, Sitecor, Apache Struts, Log4j, JBoss MQ Java Message Service, and Citrix ShareFile. The exploitation of CVE-2021-22941 by GOLD MELODY underscores the importance of timely patching and security updates to prevent unauthorized access and potential damage. Organizations must remain vigilant and proactive in managing and mitigating software vulnerabilities to thwart such threat actors. Regular monitoring and updating of systems, coupled with robust cybersecurity measures, can help prevent the exploitation of such vulnerabilities.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Vulnerability
netscaler
Log4j
Apache
Confluence
RCE (Remote ...
citrix
Apache Struts
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
CVE-2017-5638Unspecified
1
CVE-2017-5638 is a significant vulnerability found in Apache Struts, a widely used open-source framework for developing Java web applications. This flaw in software design or implementation allowed attackers to remotely execute commands on the server running the vulnerable application, leading to po
CVE-2016-0545Unspecified
1
CVE-2016-0545 is a software vulnerability that affects the Oracle E-Business Suite. It is a flaw in the software's design or implementation that potentially allows unauthorized access or manipulation of data. This vulnerability was one of several exploited by the group known as Gold Melody between J
CVE-2020-14882Unspecified
1
None
CVE-2020-14750Unspecified
1
None
CVE-2017-7504Unspecified
1
CVE-2017-7504 is a significant software vulnerability identified in the JBoss MQ Java Message Service (JMS). This flaw, rooted in software design and implementation, allows for deserialization attacks when exploited on an internet-exposed server. The vulnerability has been abused by malicious actors
CVE-2021-22205Unspecified
1
CVE-2021-22205 is a significant vulnerability in GitLab, a flaw in software design or implementation that allows for remote code execution. This vulnerability has been assigned the highest severity score (CVSS score: 10.0) due to its potential impact. The bug, which is now two years old, continues t
CVE-2021-4104Unspecified
1
CVE-2021-4104 is a software vulnerability identified in Flexera's FlexNet. This flaw in the software design or implementation can be exploited by attackers to gain unauthorized access to systems running the affected software. The vulnerability was one of several security flaws used by Gold Melody, a
CVE-2019-19781Unspecified
1
CVE-2019-19781, also known as the Citrix Directory Traversal Bug, is a software vulnerability that lies in the design or implementation of the software. This flaw allows an attacker to potentially gain unauthorized access to sensitive data or even execute arbitrary code on the compromised system. De
CVE-2021-44228Unspecified
1
CVE-2021-44228, also known as Log4Shell, is a critical vulnerability in the Apache Log4j software library that has been widely exploited since its discovery. This flaw in software design or implementation allows for remote code execution, making it a prime target for malicious actors. Despite multip
CVE-2021-42237Unspecified
1
CVE-2021-42237 is a software vulnerability discovered in Sitecore XP, a popular content management system. This flaw was one of several exploited by the cybercriminal group known as Gold Melody between July 2020 and July 2022. The group targeted internet-exposed servers, using these vulnerabilities
CVE-2021-26084Unspecified
1
CVE-2021-26084 is a critical vulnerability related to Atlassian's Confluence software. The flaw in the software design or implementation was first exploited as a zero-day, before its public disclosure in June 2022. It allowed remote attackers to execute code on a Confluence Server via injection atta
CVE-2021-35464Unspecified
1
None
Source Document References
Information about the CVE-2021-22941 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
9 months ago
Cyber Group 'Gold Melody' Selling Compromised Access to Ransomware Attackers
CERT-EU
9 months ago
GOLD MELODY: Profile of an Initial Access Broker
DARKReading
a year ago
Attackers Exploit Citrix Zero-Day Bug to Pwn NetScaler ADC, Gateway
CERT-EU
9 months ago
Gold Melody IAB exploits flaws in Oracle, Apache, Sitecore software to hack into corporate networks