9.8

CVE-2013-4521

RichFaces implementation in Nuxeo Platform 5.6.0 before HF27 and 5.8.0 before HF-01 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data. NOTE: this vulnerability may overlap CVE-2013-2165.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NuxeoNuxeo Version5.6.0 Update-
NuxeoNuxeo Version5.6.0 Updatehotfix01
NuxeoNuxeo Version5.6.0 Updatehotfix02
NuxeoNuxeo Version5.6.0 Updatehotfix03
NuxeoNuxeo Version5.6.0 Updatehotfix04
NuxeoNuxeo Version5.6.0 Updatehotfix05
NuxeoNuxeo Version5.6.0 Updatehotfix06
NuxeoNuxeo Version5.6.0 Updatehotfix07
NuxeoNuxeo Version5.6.0 Updatehotfix08
NuxeoNuxeo Version5.6.0 Updatehotfix09
NuxeoNuxeo Version5.6.0 Updatehotfix10
NuxeoNuxeo Version5.6.0 Updatehotfix11
NuxeoNuxeo Version5.6.0 Updatehotfix12
NuxeoNuxeo Version5.6.0 Updatehotfix13
NuxeoNuxeo Version5.6.0 Updatehotfix14
NuxeoNuxeo Version5.6.0 Updatehotfix15
NuxeoNuxeo Version5.6.0 Updatehotfix16
NuxeoNuxeo Version5.6.0 Updatehotfix17
NuxeoNuxeo Version5.6.0 Updatehotfix18
NuxeoNuxeo Version5.6.0 Updatehotfix19
NuxeoNuxeo Version5.6.0 Updatehotfix20
NuxeoNuxeo Version5.6.0 Updatehotfix21
NuxeoNuxeo Version5.6.0 Updatehotfix22
NuxeoNuxeo Version5.6.0 Updatehotfix23
NuxeoNuxeo Version5.6.0 Updatehotfix24
NuxeoNuxeo Version5.6.0 Updatehotfix25
NuxeoNuxeo Version5.6.0 Updatehotfix26
NuxeoNuxeo Version5.8.0 Update-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.55% 0.841
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

https://bugzilla.redhat.com/show_bug.cgi?id=1027052
Patch
Third Party Advisory
Issue Tracking