Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
670
VMScore

CVE-2017-5641

Published: 28/12/2017 Updated: 07/11/2023
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 670
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Flex Blazeds

Vulnerability Summary

Previous versions of Apache Flex BlazeDS (4.7.2 and previous versions) did not restrict which types were allowed for AMF(X) object deserialization by default. During the deserialization process code is executed that for several known types has undesired side-effects. Other, unknown types may also exhibit such behaviors. One vector in the Java standard library exists that allows an malicious user to trigger possibly further exploitable Java deserialization of untrusted data. Other known vectors in third party libraries can be used to trigger remote code execution.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache flex blazeds

hp xp command view advanced edition

Exploits

Exploit DB: Cisco ISE 2.4.0 XSS / Remote Code Execution
Cisco Identity Services Engine (ISE) version 240 suffers from cross site scripting, java deserialization, and in conjunction can lead to remote code execution Full exploit provided ...

References

CWE-502https://www.kb.cert.org/vuls/id/307983https://issues.apache.org/jira/browse/FLEX-35290http://www.securitytracker.com/id/1038273http://www.securityfocus.com/bid/97383https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03823en_ushttps://www.zerodayinitiative.com/advisories/ZDI-22-507/https://www.zerodayinitiative.com/advisories/ZDI-22-506/http://mail-archives.apache.org/mod_mbox/flex-dev/201703.mbox/%3C6B86C8D0-6E36-48F5-AC81-4AB3978F6746%40c-ware.de%3Ehttps://nvd.nist.govhttps://packetstormsecurity.com/files/151535/Cisco-ISE-2.4.0-XSS-Remote-Code-Execution.htmlhttps://www.kb.cert.org/vuls/id/307983
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693CVE-2024-30851CVE-2024-34460CVE-2024-2887localCVE-2024-27956remote code executionCVE-2024-34475privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook