Описание
A vulnerability was found in Wildfly in versions before 20.0.0.Final, where a remote deserialization attack is possible in the Enterprise Application Beans(EJB) due to lack of validation/filtering capabilities in wildfly.
Ссылки
- Issue TrackingVendor Advisory
- Issue TrackingVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 20.0.0 (исключая)
cpe:2.3:a:redhat:wildfly:*:*:*:*:*:*:*:*
EPSS
Процентиль: 58%
0.00373
Низкий
6.6 Medium
CVSS3
7.5 High
CVSS3
6 Medium
CVSS2
Дефекты
CWE-502
CWE-502
Связанные уязвимости
CVSS3: 7.5
redhat
больше 5 лет назад
A vulnerability was found in Wildfly in versions before 20.0.0.Final, where a remote deserialization attack is possible in the Enterprise Application Beans(EJB) due to lack of validation/filtering capabilities in wildfly.
CVSS3: 6.6
debian
больше 5 лет назад
A vulnerability was found in Wildfly in versions before 20.0.0.Final, ...
EPSS
Процентиль: 58%
0.00373
Низкий
6.6 Medium
CVSS3
7.5 High
CVSS3
6 Medium
CVSS2
Дефекты
CWE-502
CWE-502