7.2
CVE-2023-4528
- EPSS 25.84%
- Veröffentlicht 07.09.2023 18:15:07
- Zuletzt bearbeitet 23.04.2025 17:16:45
- Quelle cve@rapid7.com
- CVE-Watchlists
- Unerledigt
LoginUnsafe deserialization in JSCAPE MFT Server versions prior to 2023.1.9 (Windows, Linux, and MacOS) permits an attacker to run arbitrary Java code (including OS commands) via its management interface
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Redwood ≫ Jscape Mft Version < 2023.1.9
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 25.84% | 0.962 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-502 Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.