Security Bulletin: Due to the Use Apache MINA Core, IBM App Connect Professional is vulnerable to Remote Code Execution

Summary Apache MINA Core is used by IBM App Connect Professional CVE-2024-52046 Vulnerability Details CVEID:CVE-2024-52046 DESCRIPTION: The ObjectSerializationDecoder in Apache MINA uses Java’s native deserialization protocol to process incoming serialized data but lacks the necessary security...

K000149722: Apache MINA vulnerability CVE-2024-52046

Security Advisory Description The ObjectSerializationDecoder in Apache MINA uses Java’s native deserialization protocol to process incoming serialized data but lacks the necessary security checks and defenses. This vulnerability allows attackers to exploit the deserialization process by sending...

Remote Code Execution (RCE)

Apache MINA is vulnerable to Remote code execution RCE. The vulnerability is due to lack of necessary security checks and defenses in the ObjectSerializationDecoder, which uses Java’s native deserialization protocol. It allows attackers to exploit the deserialization process by sending malicious...

UBUNTU-CVE-2024-52046

The ObjectSerializationDecoder in Apache MINA uses Java’s native deserialization protocol to process incoming serialized data but lacks the necessary security checks and defenses. This vulnerability allows attackers to exploit the deserialization process by sending specially crafted malicious...

CVE-2024-52046 Apache MINA: MINA applications using unbounded deserialization may allow RCE

The ObjectSerializationDecoder in Apache MINA uses Java’s native deserialization protocol to process incoming serialized data but lacks the necessary security checks and defenses. This vulnerability allows attackers to exploit the deserialization process by sending specially crafted malicious...

CVE-2024-52046 Apache MINA: MINA applications using unbounded deserialization may allow RCE

The ObjectSerializationDecoder in Apache MINA uses Java’s native deserialization protocol to process incoming serialized data but lacks the necessary security checks and defenses. This vulnerability allows attackers to exploit the deserialization process by sending specially crafted malicious...

CVE-2024-52046

CVE-2024-52046 affects Apache MINA ObjectSerializationDecoder deserializing data via Java’s native protocol. Affected MINA core versions: 2.0.x, 2.1.x, 2.2.x; fixed in MINA core releases 2.0.27, 2.1.10 and 2.2.4. The issue only matters if IoBuffer#getObject() is invoked (e.g., when a ProtocolCode...