Thorn SFTP gateway 3.4.x before 3.4.4 uses Pivotal Spring Framework for Java deserialization of untrusted data, which is not supported by Pivotal, a related issue to CVE-2016-1000027. Also, within the specific context of Thorn SFTP gateway, this leads to remote code execution.
[
{
"cpes": [
"cpe:2.3:h:thorntech:sftp_gateway:-:*:*:*:*:*:*:*"
],
"vendor": "thorntech",
"product": "sftp_gateway",
"versions": [
{
"status": "affected",
"version": "3.4x",
"lessThan": "3.4.4",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
}
]