Описание
The Java implementation of GraniteDS, version 3.1.1.GA, AMF3 deserializers derives class instances from java.io.Externalizable rather than the AMF3 specification's recommendation of flash.utils.IExternalizable. A remote attacker with the ability to spoof or control an RMI server connection may be able to send serialized Java objects that execute arbitrary code when deserialized.
Ссылки
- Third Party AdvisoryVDB Entry
- Third Party Advisory
- ExploitThird Party Advisory
- Third Party AdvisoryUS Government Resource
- Third Party AdvisoryVDB Entry
- Third Party Advisory
- ExploitThird Party Advisory
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:graniteds:graniteds:3.1.1:*:*:*:*:*:*:*
EPSS
Процентиль: 94%
0.13846
Средний
8.1 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-502
CWE-502
Связанные уязвимости
EPSS
Процентиль: 94%
0.13846
Средний
8.1 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-502
CWE-502