Verinice.Pro 1.22.1 Unsafe Java deserialization of untrusted data, leading to Remote Code Execution using C3P0 gadget (authenticated)
PoC code to exploit the deserialization vulnerability.
See https://www.secianus.de/worum-geht-es/aktuelle-meldung/cve-2021-36981-verinicepro-unsafe-java-deserialization and https://verinice.com/en/support/security-advisory