Описание
General Bytes Crypto Application Server (CAS) 20230120, as distributed with General Bytes BATM devices, allows remote attackers to execute arbitrary Java code by uploading a Java application to the /batm/app/admin/standalone/deployments directory, aka BATM-4780, as exploited in the wild in March 2023. This is fixed in 20221118.48 and 20230120.44.
Ссылки
- Press/Media Coverage
- ExploitVendor Advisory
- Mitigation
- Issue Tracking
- Third Party Advisory
- Press/Media Coverage
- Release Notes
- Press/Media Coverage
- ExploitVendor Advisory
- Mitigation
- Issue Tracking
- Third Party Advisory
- Press/Media Coverage
- Release Notes
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:generalbytes:crypto_application_server:20230120:*:*:*:*:*:*:*
EPSS
Процентиль: 92%
0.09179
Низкий
9.1 Critical
CVSS3
Дефекты
CWE-434
CWE-434
Связанные уязвимости
CVSS3: 9.1
github
почти 3 года назад
General Bytes Crypto Application Server (CAS) 20230120, as distributed with General Bytes BATM devices, allows remote attackers to execute arbitrary Java code by uploading a Java application to the /batm/app/admin/standalone/deployments directory, aka BATM-4780, as exploited in the wild in March 2023. This is fixed in 20221118.48 and 20230120.44.
EPSS
Процентиль: 92%
0.09179
Низкий
9.1 Critical
CVSS3
Дефекты
CWE-434
CWE-434