Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
veracodeVeracode Vulnerability DatabaseVERACODE:43276
HistorySep 14, 2023 - 8:35 a.m.

Remote Code Execution

2023-09-1408:35:17
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
11
remote code execution
openrefine
rdbms
jdbc
mysql
deserialization

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.005

Percentile

75.5%

JSON

org.openrefine, database is vulnerable to Remote Code Execution (RCE). The vulnerability is caused by not validating or sanitizing/escaping the JDBC connection url used while importing data from RDBMS. This can cause an unauthenticated attacker to run arbritrary code on the openfire server by using existing JDBC connection url attacks like MySQL JDBC Deserialization attack using autoDeserialize and queryInterceptors parameters in the JDBC connection string.

Related

osv 3
prion 1
vulnrichment 1
ubuntucve 1
cve 1
github 2
cvelist 1
debiancve 1
nvd 1
osv
osv
OpenRefine Remote Code execution in project import with mysql jdbc url attack
2023-09-12 13:52:54
CVE-2023-41887
2023-09-15 21:15:11
OpenRefine JDBC Attack Vulnerability
2024-02-12 15:08:48
prion
prion
Remote code execution
2023-09-15 21:15:00
vulnrichment
vulnrichment
CVE-2023-41887 Remote Code exec in project import with mysql jdbc url attack
2023-09-15 20:06:55
ubuntucve
ubuntucve
CVE-2023-41887
2023-09-15 00:00:00
cve
cve
CVE-2023-41887
2023-09-15 21:15:11
github
github
OpenRefine Remote Code execution in project import with mysql jdbc url attack
2023-09-12 13:52:54
OpenRefine JDBC Attack Vulnerability
2024-02-12 15:08:48
cvelist
cvelist
CVE-2023-41887 Remote Code exec in project import with mysql jdbc url attack
2023-09-15 20:06:55
debiancve
debiancve
CVE-2023-41887
2023-09-15 21:15:11
nvd
nvd
CVE-2023-41887
2023-09-15 21:15:11

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.005

Percentile

75.5%

JSON
Related for VERACODE:43276
osv3prion1vulnrichment1ubuntucve1cve1github2cvelist1debiancve1nvd1