Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CVE-2017-3202 The implementation of Action Message Format (AMF3) deserializers in Flamingo amf-serializer by Exadel, version 2.2.0, may allow instantiation of arbitrary classes due to improper code control

🗓️ 11 Jun 2018 17:00:00Reported by certccType 
cvelist
 cvelist🔗 www.cve.org👁 18 Views

CVE-2017-3202 Flamingo amf-serializer by Exadel, version 2.2.0, allows arbitrary class instantiation via AMF3 deserializer

Related
Affected
Refs
ReporterTitlePublishedViews
Family
CNVD		Exadel Flamingo Remote Code Execution Vulnerability (CNVD-2017-10732)
24 May 201700:00
cnvd
CVE		CVE-2017-3202
11 Jun 201817:00
cve
Github Security Blog		Deserialization of Untrusted Data in Flamingo amf-serializer
13 May 202201:36
github
myhack58		Java AMF3 exposure remote code execution vulnerability-vulnerability warning-the black bar safety net
7 Apr 201700:00
myhack58
NVD		CVE-2017-3202
11 Jun 201817:29
nvd
OSV		GHSA-J88V-Q3VW-P9VR Deserialization of Untrusted Data in Flamingo amf-serializer
13 May 202201:36
osv
Prion		Deserialization of untrusted data
11 Jun 201817:29
prion
seebug.org		AMF3 Java implementations Improper Control of Dynamically-Managed Code Resources
6 Apr 201700:00
seebug
Veracode		Remote Code Execution (RCE)
6 Apr 201707:17
veracode
CERT		Action Message Format (AMF3) Java implementations are vulnerable to insecure deserialization and XML external entities references
4 Apr 201700:00
cert
Rows per page
[
  {
    "product": "Flamingo amf-serializer",
    "vendor": "Exadel",
    "versions": [
      {
        "status": "affected",
        "version": "2.2.0"
      }
    ]
  }
]

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
12 Jun 2018 09:57Current
9.6High risk
Vulners AI Score9.6
EPSS0.10592
CWE-913
cve-2017-3202flamingo amf-serializerexadelamf3 deserializersarbitrary class instantiationcode executionjava beans
18