CVE-2021-4104

CVE-2021-4104 is a software vulnerability identified in Flexera's FlexNet. This flaw in the software design or implementation can be exploited by attackers to gain unauthorized access to systems running the affected software. The vulnerability was one of several security flaws used by Gold Melody, a cyber threat group, during a series of intrusions that occurred from July 2020 to July 2022. Gold Melody leveraged this and other vulnerabilities, including those found in Oracle E-Business Suite (CVE-2016-0545), Apache Struts (CVE-2017-5638), Sitecore XP (CVE-2021-42237), and others, to obtain initial access to their targets' systems. These attacks were observed across five Secureworks Incident Response (IR) engagements. The vulnerabilities were exploited in internet-exposed servers, which served as initial access vectors for the attackers. The exploitation of known vulnerabilities like CVE-2021-4104 highlights the importance of regular patching and updating of software to prevent unauthorized access and potential data breaches. The activities of groups like Gold Melody underscore the need for robust cybersecurity measures, including threat intelligence and incident response capabilities, to identify and mitigate such threats.