RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.4.9 Security update (Important) (RHSA-2023:0552)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0552 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release o...

RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.4.9 Security update (Important) (RHSA-2023:0553)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0553 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release o...

VMware vCenter Server Platform Services Controller Unsafe Deserialization vulnerability

Talos Vulnerability Report TALOS-2022-1587 VMware vCenter Server Platform Services Controller Unsafe Deserialization vulnerability October 10, 2022 CVE Number CVE-2022-31680 SUMMARY An unsafe deserialization vulnerability exists in the Platform Services Controller functionality of VMware vCenter...

CVE-2022-36944

Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file. On its own, it cannot be exploited. There is only a risk in conjunction with Java object deserialization within an application. In such situations, it allows attackers to erase contents of arbitrary files, make network...

Zoho Password Manager Pro XML-RPC Java Deserialization

This module exploits a Java deserialization vulnerability in Zoho ManageEngine Pro before 12101 and PAM360 before 5510. Unauthenticated attackers can send a crafted XML-RPC request containing malicious serialized data to /xmlrpc to gain RCE as the SYSTEM user. Module Options msf use...

CVE-2020-19229

Jeesite 1.2.7 uses the apache shiro version 1.2.3 affected by CVE-2016-4437. Because of this version of the java deserialization vulnerability, an attacker could exploit the vulnerability to execute arbitrary commands via the rememberMe parameter...

CVE-2020-19229

CVE-2020-19229 affects Jeesite 1.2.7 which bundles Apache Shiro 1.2.3. The issue arises from a Java deserialization vulnerability via the rememberMe parameter when a cipher key is not configured, enabling remote code execution. Public details indicate the root cause is CVE-2016-4437 (Apache Shiro...

CVE-2020-19229

Jeesite 1.2.7 uses the apache shiro version 1.2.3 affected by CVE-2016-4437. Because of this version of the java deserialization vulnerability, an attacker could exploit the vulnerability to execute arbitrary commands via the rememberMe parameter. Recent assessments: Assessed Attacker Value: 0...

CVE-2021-35464

CVE-2021-35464 affects ForgeRock OpenAM/Access Management: Java deserialization in the JATO framework allows pre-auth remote code execution on ForgeRock AM Core Server when running versions prior to 7.0. An attacker can trigger RCE by sending a crafted HTTP request to endpoints like /ccversion/Ve...

CVE-2021-35464

ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. The exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted /ccversion/ request to the server. The vulnerabilit...

Pre-auth RCE in ForgeRock Access Manager (CVE-2021-35464)

ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. The exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted /ccversion/ request to the server. The vulnerabilit...

PT-2021-5345

Name of the Vulnerable Software and Affected Versions ForgeRock Access Management AM Core Server versions prior to 7.0 ForgeRock OpenAM version 14.6.3 and earlier Description The issue is related to a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. This...

Apache OFBiz XML-RPC Java Deserialization

This module exploits a Java deserialization vulnerability in Apache OFBiz's unauthenticated XML-RPC endpoint /webtools/control/xmlrpc for versions prior to 17.12.01 using the ROME gadget chain. Versions up to 18.12.11 are exploitable utilizing an auth bypass CVE-2023-51467 and use the...

Liferay Portal <= 7.1.3, 7.2.x <= 7.2.1 Multiple Vulnerabilities

Liferay Portal is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:liferay:liferayportal"; if...

Inductive Automation Ignition - Remote Code Execution

This Metasploit module exploits a Java deserialization vulnerability in the Inductive Automation Ignition SCADA... This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Inductive Automation Ignition...

The original Java deserialization remote execution vulnerabilities so simple-vulnerability warning-the black bar safety net

Here we for Java deserialization issue caused remote code execution vulnerability principles are introduced. In order to simplify the description,without introducing a 3rd party library under the premise of the Operation, HOPE can serve to initiate the effect. There are 3 main parts: The Java...

CVE-2017-10934

All versions prior to V5.09.02.02T4 of the ZTE ZXIPTV-EPG product use the Java RMI service in which the servers use the Apache Commons Collections ACC library that may result in Java deserialization vulnerabilities. An unauthenticated remote attacker can exploit the vulnerabilities by sending a...

CVE-2017-10934

This CVE (CVE-2017-10934) affects ZTE ZXIPTV-EPG prior to version 5.09.02.02T4. The issue stems from the Java RMI service using the Apache Commons Collections library, leading to Java deserialization vulnerabilities. An unauthenticated remote attacker could trigger code execution on the target ho...

Security Bulletin: Vulnerability in Apache Commons affects IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware and IBM Tivoli Storage FlashCopy Manager for VMware (CVE-2015-7450)

Summary An Apache Commons Collections vulnerability for handling Java object deserialization was addressed by IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware IBM Spectrum Protect for Virtual Environments and the IBM Tivoli Storage FlashCopy Manager for VMware IBM...

Security Bulletin: Vulnerability in Apache Commons affects IBM Tivoli Composite Application Manager for Application Diagnostics (CVE-2015-7450)

Summary An Apache Commons Collections vulnerability for handling Java object deserialization was addressed by IBM Tivoli Composite Application Manager Agent for Application Diagnostics Vulnerability Details CVEID: CVE-2015-7450 DESCRIPTION: Apache Commons Collections could allow a remote attacker...