CVE-2021-3855 Liman Central Management System CVE debrief

Who should care

Organizations running Liman Central Management System (Port MYS) versions 1.7.0 through 1.8.3-461, particularly those with exposed management interfaces or multi-tenant deployments where module access cannot be fully restricted.

Technical summary

CVE-2021-3855 is a command injection vulnerability (CWE-77) in Liman Central Management System's Port MYS product. The vulnerability affects HTTP/Controllers, CronMail, and Jobs modules in versions 1.7.0 through 1.8.3-462. An attacker with low privileges can exploit improper neutralization of special elements in commands to achieve high impact on confidentiality, integrity, and availability. The CVSS 3.1 vector AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H indicates network exploitable, low attack complexity, low privileges required, no user interaction, and high impacts across all three security dimensions.

Defensive priority

high

Recommended defensive actions

• Upgrade to Liman Port MYS version 1.8.3-462 or later to remediate this vulnerability.
• Review and restrict administrative access to HTTP/Controllers, CronMail, and Jobs modules as a defense-in-depth measure.
• Monitor system logs for anomalous command execution patterns in affected modules.
• Apply principle of least privilege to service accounts running Liman MYS components.

Evidence notes

CVE published 2023-03-01; modified 2026-05-18. Vendor advisory and Turkish government security advisories (USOM, siberguvenlik.gov.tr) confirm affected versions and provide mitigation guidance. CPE confirms version range 1.7.0 to before 1.8.3-462.

Official resources