2 matches found
Deserialization of untrusted data
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Qognify Ocularis 5.9.0.395. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of serialized objects provided to the EventCoordinator endpoint...
CVE-2020-27868
CVE-2020-27868 affects Qognify Ocularis 5.9.0.395. The root cause is insecure deserialization of untrusted data handled by the EventCoordinator’s connected-channel path, enabling remote code execution with SYSTEM privileges. Multiple connected sources (Red Hat, Checkpoint/PRION, NVD, ZDI, CVE lis...