Security Bulletin: Vulnerability in IBM TRIRIGA Application Platform (CVE-2015-7450)

Summary IBM TRIRIGA Platform is vulnerable to Java Object De-Serialization Vulnerability. Vulnerability Details CVEID: CVE-2015-7450 CVSS Base Score: 9.80 CVSS Temporal Score: See X-Force for the current score CVSS Environmental Score: Undefined CVSS Vector:...

GHSA-6R7C-6W96-8PVW Remote Code Execution in AjaxNetProfessional

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to the possibility of deserialization of arbitrary .NET classes, which can be abused to gain remote code execution. Description Serialization is a process of converting an object into a sequence of...

CVE-2021-33728

A vulnerability has been identified in SINEC NMS All versions V1.0 SP2 Update 1. The affected system allows to upload JSON objects that are deserialized to JAVA objects. Due to insecure deserialization of user-supplied content by the affected software, a privileged attacker could exploit this...

CVE-2021-33728

A vulnerability has been identified in SINEC NMS All versions V1.0 SP2 Update 1. The affected system allows to upload JSON objects that are deserialized to JAVA objects. Due to insecure deserialization of user-supplied content by the affected software, a privileged attacker could exploit this...

CVE-2021-34371

Neo4j through 3.4.18 with the shell server enabled exposes an RMI service that arbitrarily deserializes Java objects, e.g., through setSessionVariable. An attacker can abuse this for remote code execution because there are dependencies with exploitable gadget chains...

CVE-2021-34371

Summary of the issue (CVE-2021-34371): Neo4j up to version 3.4.18 (with the shell server enabled) exposes an RMI service that arbitrarily deserializes Java objects, such as via setSessionVariable. This can enable remote code execution because gadget chains exist in the affected environment. In pr...

CVE-2021-23894

Deserialization of untrusted data vulnerability in McAfee Database Security DBSec prior to 4.8.2 allows a remote unauthenticated attacker to create a reverse shell with administrator privileges on the DBSec server via carefully constructed Java serialized object sent to the DBSec server...

Exploit for Deserialization of Untrusted Data in Apache Ofbiz

CVE-2020-9496 - RCE Because the 2 xmlrpc related requets in we...

Deserialization of untrusted data

Deserialization of untrusted data in the login page of ASSUWEB 359.3 build 1 subcomponent of ACA ASSUREX RENTES product allows a remote attacker to inject unsecure serialized Java object using a specially crafted HTTP request, resulting in an unauthenticated remote code execution on the server...

Smartbear Collaborator Server Operating System Command Injection Vulnerability

Smartbear Collaborator Server is a software for code auditing and document review from Smartbear USA. A security vulnerability exists in SmartBear Collaborator Server through 13.3.13302, which can be exploited by an authenticated attacker to submit a serialized Java object to the server in order ...

Smartbear Collaborator Server 操作系统命令注入漏洞

Smartbear Collaborator Server is a software for code auditing and document review from Smartbear USA. A security vulnerability exists in SmartBear Collaborator Server through 13.3.13302, which can be exploited by an authenticated attacker to submit a serialized Java object to the server in order ...

CVE-2020-27131

Multiple vulnerabilities in the Java deserialization function that is used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. These vulnerabilities are due to insecure deserialization of user-supplied content by the...

Deserialization of untrusted data

Multiple vulnerabilities in the Java deserialization function that is used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. These vulnerabilities are due to insecure deserialization of user-supplied content by the...

CVE-2020-27131 Cisco Security Manager Java Deserialization Vulnerabilities

Multiple vulnerabilities in the Java deserialization function that is used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. These vulnerabilities are due to insecure deserialization of user-supplied content by the...

Jenkins 2.56 CLI Deserialization / Code Execution Exploit

An unauthenticated Java object deserialization vulnerability exists in the CLI component for Jenkins versions 2.56 and below. The readFrom method within the Command class in the Jenkins CLI remoting component deserializes objects received from clients without first checking / sanitizing the data...

CVE-2020-5604

Android App 'Mercari' Japan version prior to version 3.52.0 allows arbitrary method execution of a Java object by a remote attacker via a Man-In-The-Middle attack by using Java Reflection API of JavaScript code on WebView...

JVN#93167107: Android App "Mercari" (Japan version) vulnerable to arbitrary method execution of Java object

Android App "Mercari" Japan version provided by Mercari, Inc. contains vulnerability which may allow arbitrary Java method execution CWE-749 due to inadequate restrictions on addJavascriptInterface of WebView class. Impact An arbitrary method of a Java object may be executed by a remote attacker...

Oracle WebLogic Server Java Object Deserialization RCE (CVE-2020-2883)

Binary data oracleweblogicservercve20202883.nbin...

WebLogic Server Deserialization RCE BadAttributeValueExpException ExtComp

There exists a Java object deserialization vulnerability in multiple versions of WebLogic. Unauthenticated remote code execution can be achieved by sending a serialized BadAttributeValueExpException object over the T3 protocol to vulnerable versions of WebLogic. Leveraging an ExtractorComparator...

Tyler Technologies TylerTech Eagle Code Issue Vulnerability

Tyler Technologies TylerTech Eagle is a suite of land and official records management solutions from Tyler Technologies, USA. The product supports features such as land records management, public records self-service access, and property records management. A security vulnerability exists in Tyle...