9.8
CVE-2017-8045
- EPSS 2.83%
- Veröffentlicht 27.11.2017 10:29:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
- Quelle security_alert@emc.com
- Teams Watchlist Login
- Unerledigt Login
In Pivotal Spring AMQP versions prior to 1.7.4, 1.6.11, and 1.5.7, an org.springframework.amqp.core.Message may be unsafely deserialized when being converted into a string. A malicious payload could be crafted to exploit this and enable a remote code execution attack.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Pivotal Software ≫ Spring Advanced Message Queuing Protocol Version1.5.0
Pivotal Software ≫ Spring Advanced Message Queuing Protocol Version1.5.0 Updatem1
Pivotal Software ≫ Spring Advanced Message Queuing Protocol Version1.5.0 Updaterc1
Pivotal Software ≫ Spring Advanced Message Queuing Protocol Version1.5.1
Pivotal Software ≫ Spring Advanced Message Queuing Protocol Version1.5.2
Pivotal Software ≫ Spring Advanced Message Queuing Protocol Version1.5.3
Pivotal Software ≫ Spring Advanced Message Queuing Protocol Version1.5.4
Pivotal Software ≫ Spring Advanced Message Queuing Protocol Version1.5.5
Pivotal Software ≫ Spring Advanced Message Queuing Protocol Version1.5.6
Pivotal Software ≫ Spring Advanced Message Queuing Protocol Version1.6.0
Pivotal Software ≫ Spring Advanced Message Queuing Protocol Version1.6.0 Updatem1
Pivotal Software ≫ Spring Advanced Message Queuing Protocol Version1.6.0 Updatem2
Pivotal Software ≫ Spring Advanced Message Queuing Protocol Version1.6.0 Updaterc1
Pivotal Software ≫ Spring Advanced Message Queuing Protocol Version1.6.1
Pivotal Software ≫ Spring Advanced Message Queuing Protocol Version1.6.2
Pivotal Software ≫ Spring Advanced Message Queuing Protocol Version1.6.3
Pivotal Software ≫ Spring Advanced Message Queuing Protocol Version1.6.4
Pivotal Software ≫ Spring Advanced Message Queuing Protocol Version1.6.5
Pivotal Software ≫ Spring Advanced Message Queuing Protocol Version1.6.6
Pivotal Software ≫ Spring Advanced Message Queuing Protocol Version1.6.7
Pivotal Software ≫ Spring Advanced Message Queuing Protocol Version1.6.8
Pivotal Software ≫ Spring Advanced Message Queuing Protocol Version1.6.9
Pivotal Software ≫ Spring Advanced Message Queuing Protocol Version1.6.10
Pivotal Software ≫ Spring Advanced Message Queuing Protocol Version1.7.0
Pivotal Software ≫ Spring Advanced Message Queuing Protocol Version1.7.1
Pivotal Software ≫ Spring Advanced Message Queuing Protocol Version1.7.2
Pivotal Software ≫ Spring Advanced Message Queuing Protocol Version1.7.3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.83% | 0.856 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-502 Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.