Описание
In Hazelcast before 3.11, the cluster join procedure is vulnerable to remote code execution via Java deserialization. If an attacker can reach a listening Hazelcast instance with a crafted JoinRequest, and vulnerable classes exist in the classpath, the attacker can run arbitrary code.
Ссылки
- Issue TrackingThird Party Advisory
- Issue TrackingThird Party Advisory
- Issue TrackingThird Party Advisory
- Issue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.11 (исключая)
cpe:2.3:a:hazelcast:hazelcast:*:*:*:*:*:*:*:*
EPSS
Процентиль: 85%
0.02445
Низкий
8.1 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-502
Связанные уязвимости
CVSS3: 8.1
redhat
почти 10 лет назад
In Hazelcast before 3.11, the cluster join procedure is vulnerable to remote code execution via Java deserialization. If an attacker can reach a listening Hazelcast instance with a crafted JoinRequest, and vulnerable classes exist in the classpath, the attacker can run arbitrary code.
CVSS3: 8.1
debian
больше 6 лет назад
In Hazelcast before 3.11, the cluster join procedure is vulnerable to ...
EPSS
Процентиль: 85%
0.02445
Низкий
8.1 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-502