CVE-2023-4528

Sažetak

Unsafe deserialization in JSCAPE MFT Server versions prior to 2023.1.9 (Windows, Linux, and MacOS) permits an attacker to run arbitrary Java code (including OS commands) via its management interface

Reference

https://www.jscape.com/blog/binary-management-service-patch-cve-2023-4528
https://www.rapid7.com/blog/post/2023/09/07/cve-2023-4528-java-deserialization-vulnerability-in-jscape-mft-fixed/
https://www.jscape.com/blog/binary-management-service-patch-cve-2023-4528
https://www.rapid7.com/blog/post/2023/09/07/cve-2023-4528-java-deserialization-vulnerability-in-jscape-mft-fixed/

CVSS

Base:	7.2
Impact:	5.9
Exploitability:	1.2

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	HIGH

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

23-04-2025 - 17:16

Objavljeno

07-09-2023 - 18:15