exploitDog

GHSA-q565-26vc-vpx8

Опубликовано: 25 дек. 2023

Источник: github

Github: Не прошло ревью

CVSS3: 9.8

Описание

An issue was discovered in RWS WorldServer before 11.7.3. /clientLogin deserializes Java objects without authentication, leading to command execution on the host.

An issue was discovered in RWS WorldServer before 11.7.3. /clientLogin deserializes Java objects without authentication, leading to command execution on the host.

Ссылки

EPSS

Процентиль: 37%

0.0016

Низкий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-502

Связанные уязвимости

CVE-2022-34268

CVSS3: 9.8

nvd

около 2 лет назад

An issue was discovered in RWS WorldServer before 11.7.3. /clientLogin deserializes Java objects without authentication, leading to command execution on the host.

EPSS

Процентиль: 37%

0.0016

Низкий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-502