Remote Code Execution (RCE)

🗓️ 08 Jan 2025 05:50:15Reported by Veracode Vulnerability DatabaseType

veracode🔗 sca.analysiscenter.veracode.com👁 15 Views

Apache MINA is vulnerable to Remote Code Execution due to insecure ObjectSerializationDecoder checks.

Reporter	Title	Published	Views	Family All 63
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities affect IBM Data Virtualization on Cloud Pak for Data (March 2025)	27 Mar 202516:18	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in org.apache.mina_mina-core affects IBM Db2 Data Management Console(CVE-2024-52046)	23 Jul 202520:49	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Operational Decision Manager for April 2025 - Multiple CVEs addressed	7 May 202520:48	–	ibm
IBM Security Bulletins	Security Bulletin: Due to use of mina-core IBM My webMethods Server is vulnerable to Insecure Java Deserilization	23 Jun 202511:51	–	ibm
IBM Security Bulletins	Security Bulletin: Due to the Use Apache MINA Core, IBM App Connect Professional is vulnerable to Remote Code Execution	15 Apr 202504:00	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in XStream and Apache MINA might affect IBM Storage Defender Copy Data Management.	16 May 202519:22	–	ibm
ATTACKERKB	CVE-2026-42778	1 May 202610:01	–	attackerkb
ATTACKERKB	CVE-2026-41409	27 Apr 202609:20	–	attackerkb
Chainguard	CVE-2024-52046 vulnerabilities	25 Dec 202410:15	–	cgr
Circl	CVE-2024-52046	25 Dec 202404:11	–	circl

Vulners

Node

apache mina-coreRange2.2.0–2.2.3java

apache mina-coreRange2.1.0–2.1.9java

apache mina-coreRange2.0.0-M1–2.0.26java

apache mina-coreMatch2.2.0java

apache mina-coreMatch2.2.1java

apache mina-coreMatch2.2.2java

apache mina-coreMatch2.1.0java

apache mina-coreMatch2.1.1java

apache mina-coreMatch2.1.2java

apache mina-coreMatch2.1.3java

apache mina-coreMatch2.1.4java

apache mina-coreMatch2.1.5java

apache mina-coreMatch2.1.6java

apache mina-coreMatch2.1.7java

apache mina-coreMatch2.1.8java

apache mina-coreMatch2.0.0java

apache mina-coreMatch2.0.0-m1java

apache mina-coreMatch2.0.0-m2java

apache mina-coreMatch2.0.0-m3java

apache mina-coreMatch2.0.0-m4java

apache mina-coreMatch2.0.0-m5java

apache mina-coreMatch2.0.0-m6java

apache mina-coreMatch2.0.0-rc1java

apache mina-coreMatch2.0.1java

apache mina-coreMatch2.0.10java

apache mina-coreMatch2.0.11java

apache mina-coreMatch2.0.12java

apache mina-coreMatch2.0.13java

apache mina-coreMatch2.0.14java

apache mina-coreMatch2.0.15java

apache mina-coreMatch2.0.16java

apache mina-coreMatch2.0.17java

apache mina-coreMatch2.0.18java

apache mina-coreMatch2.0.19java

apache mina-coreMatch2.0.2java

apache mina-coreMatch2.0.20java

apache mina-coreMatch2.0.21java

apache mina-coreMatch2.0.22java

apache mina-coreMatch2.0.23java

apache mina-coreMatch2.0.24java

apache mina-coreMatch2.0.25java

apache mina-coreMatch2.0.3java

apache mina-coreMatch2.0.4java

apache mina-coreMatch2.0.5java

apache mina-coreMatch2.0.6java

apache mina-coreMatch2.0.7java

apache mina-coreMatch2.0.8java

apache mina-coreMatch2.0.9java

Source	Link
openwall	www.openwall.com/lists/oss-security/2024/12/25/1
security	www.security.netapp.com/advisory/ntap-20250103-0001
lists	www.lists.apache.org/thread/4wxktgjpggdbto15d515wdctohb0qmv8
nvd	www.nvd.nist.gov/vuln/detail/CVE-2024-52046
github	www.github.com/apache/mina

13 Dec 2025 04:32Current

7.8High risk

Vulners AI Score7.8

CVSS 3.19.8

CVSS 410

EPSS0.55384

SSVC