CVE-2023-4528

JSCAPE MFT Server Unsafe Deserialization on Management Port

CVSS 7.2 HIGHEPSS 27.1%CWE-502

Unsafe deserialization in JSCAPE MFT Server versions prior to 2023.1.9 (Windows, Linux, and MacOS) permits an attacker to run arbitrary Java code (including OS commands) via its management interface

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Productos afectados

Redwood Software · JSCAPE MFT Server

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://www.jscape.com/blog/binary-management-service-patch-cve-2023-4528 https://www.rapid7.com/blog/post/2023/09/07/cve-2023-4528-java-deserialization-vulnerability-in-jscape-mft-fixed/