Описание
An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. In several sections of code, the verification of serialized objects sent between nodes (connected via the Peers protocol) allows insecure objects to be deserialized.
Уязвимые конфигурации
Конфигурация 1Версия до 6.15.2.6 (исключая)Версия от 7.0.0 (включая) до 7.3.1.2 (исключая)
Одно из
cpe:2.3:a:primekey:ejbca:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:primekey:ejbca:*:*:*:*:enterprise:*:*:*
EPSS
Процентиль: 75%
0.00899
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-502
Связанные уязвимости
github
больше 3 лет назад
An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. In several sections of code, the verification of serialized objects sent between nodes (connected via the Peers protocol) allows insecure objects to be deserialized.
EPSS
Процентиль: 75%
0.00899
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-502