Описание
Thorn SFTP gateway 3.4.x before 3.4.4 uses Pivotal Spring Framework for Java deserialization of untrusted data, which is not supported by Pivotal, a related issue to CVE-2016-1000027. Also, within the specific context of Thorn SFTP gateway, this leads to remote code execution.
Уязвимые конфигурации
Конфигурация 1Версия от 3.4.0 (включая) до 3.4.4 (исключая)
Одновременно
cpe:2.3:o:thorntech:sftp_gateway_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:thorntech:sftp_gateway:-:*:*:*:*:*:*:*
EPSS
Процентиль: 87%
0.03232
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-502
Связанные уязвимости
CVSS3: 9.8
github
больше 2 лет назад
Thorn SFTP gateway 3.4.x before 3.4.4 uses Pivotal Spring Framework for Java deserialization of untrusted data, which is not supported by Pivotal, a related issue to CVE-2016-1000027. Also, within the specific context of Thorn SFTP gateway, this leads to remote code execution.
EPSS
Процентиль: 87%
0.03232
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-502