Security Bulletin: Due to the Use Apache MINA Core, IBM App Connect Professional is vulnerable to Remote Code Execution

Summary Apache MINA Core is used by IBM App Connect Professional CVE-2024-52046 Vulnerability Details CVEID:CVE-2024-52046 DESCRIPTION: The ObjectSerializationDecoder in Apache MINA uses Java’s native deserialization protocol to process incoming serialized data but lacks the necessary security...

K000149722: Apache MINA vulnerability CVE-2024-52046

Security Advisory Description The ObjectSerializationDecoder in Apache MINA uses Java’s native deserialization protocol to process incoming serialized data but lacks the necessary security checks and defenses. This vulnerability allows attackers to exploit the deserialization process by sending...

The vulnerability of the ObjectSerializationDecoder decoder in the Apache MINA Java networking framework allows a attacker to execute arbitrary code.

The vulnerability of the ObjectSerializationDecoder decoder in the Apache MINA Java networking framework is related to the restoration of unreliable data due to improper code generation. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...

Remote Code Execution (RCE)

Apache MINA is vulnerable to Remote code execution RCE. The vulnerability is due to lack of necessary security checks and defenses in the ObjectSerializationDecoder, which uses Java’s native deserialization protocol. It allows attackers to exploit the deserialization process by sending malicious...

UBUNTU-CVE-2024-52046

The ObjectSerializationDecoder in Apache MINA uses Java’s native deserialization protocol to process incoming serialized data but lacks the necessary security checks and defenses. This vulnerability allows attackers to exploit the deserialization process by sending specially crafted malicious...

CVE-2024-52046 Apache MINA: MINA applications using unbounded deserialization may allow RCE

The ObjectSerializationDecoder in Apache MINA uses Java’s native deserialization protocol to process incoming serialized data but lacks the necessary security checks and defenses. This vulnerability allows attackers to exploit the deserialization process by sending specially crafted malicious...

CVE-2024-52046

CVE-2024-52046 affects Apache MINA ObjectSerializationDecoder deserializing data via Java’s native protocol. Affected MINA core versions: 2.0.x, 2.1.x, 2.2.x; fixed in MINA core releases 2.0.27, 2.1.10 and 2.2.4. The issue only matters if IoBuffer#getObject() is invoked (e.g., when a ProtocolCode...

CVE-2024-52046 Apache MINA: MINA applications using unbounded deserialization may allow RCE

The ObjectSerializationDecoder in Apache MINA uses Java’s native deserialization protocol to process incoming serialized data but lacks the necessary security checks and defenses. This vulnerability allows attackers to exploit the deserialization process by sending specially crafted malicious...