CVE-2016-4437 — Apache Shiro Code Execution Vulnerability
2021-11-03 • CISA Known Exploited Vulnerability
[event] Apache Shiro contains a vulnerability which may allow remote attackers to execute code or bypass intended access restrictions via an unspecified request parameter when a cipher key has not been configured for the "remember me" feature.
> AFFECTED SOFTWARE
| Field | Value |
|---|---|
| Vendor | Apache |
| Product | Shiro |
| CWE | CWE-284 |
| CVE ID | CVE-2016-4437 |
| Date Added | 2021-11-03 |
| Due Date | 2022-05-03 |
| Ransomware Campaign | Unknown |
> MITIGATION
Apply updates per vendor instructions.
Due Date: 2022-05-03