Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

CVE-2017-3202

🗓️ 11 Jun 2018 17:00:29Reported by [email protected]Type 
nvd
 nvd🔗 web.nvd.nist.gov👁 13 Views

The Flamingo amf-serializer in Exadel Java implementation version 2.2.0 allows arbitrary class instantiation and Java Beans setter method calls, leading to potential remote code execution

Related
Detection
Refs
ReporterTitlePublishedViews
Family
OSV		Deserialization of Untrusted Data in Flamingo amf-serializer
13 May 202201:36
osv
CVE		CVE-2017-3202
11 Jun 201817:29
cve
Veracode		Remote Code Execution (RCE)
6 Apr 201707:17
veracode
Prion		Deserialization of untrusted data
11 Jun 201817:29
prion
Github Security Blog		Deserialization of Untrusted Data in Flamingo amf-serializer
13 May 202201:36
github
Cvelist		CVE-2017-3202 The implementation of Action Message Format (AMF3) deserializers in Flamingo amf-serializer by Exadel, version 2.2.0, may allow instantiation of arbitrary classes due to improper code control
11 Jun 201817:00
cvelist
seebug.org		AMF3 Java implementations Improper Control of Dynamically-Managed Code Resources
6 Apr 201700:00
seebug
myhack58		Java AMF3 exposure remote code execution vulnerability-vulnerability warning-the black bar safety net
7 Apr 201700:00
myhack58
CERT		Action Message Format (AMF3) Java implementations are vulnerable to insecure deserialization and XML external entities references
4 Apr 201700:00
cert
Nvd
Node
exadelflamingoMatch2.2.0

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
11 Jun 2018 17:29Current
9.5High risk
Vulners AI Score9.5
CVSS27.5
CVSS39.8
EPSS0.11459
CWE-913CWE-502
flamingo amf-serializerexadeljava implementationarbitrary class instantiationjava beans setter methodsremote code execution
13
.json
Report