Published: 23/05/2018 Updated: 25/06/2018
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2
VMScore: 606
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

There is a Hazelcast Library Java Deserialization Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.

Vulnerability Trend

Affected Products

Vendor Product Versions
CitrixXenmobile Server10.7, 10.8

Vendor Advisories

A number of security vulnerabilities have been identified in Citrix XenMobile Server  The vulnerabilities have been assigned the following CVE numbers   Affecting XenMobile Server 107 and 108: CVE-2018-10653 (High): XML External Entity (XXE) Processing Vulnerability in Citr ...

Github Repositories

Java-Deserialization-Cheat-Sheet A cheat sheet for pentesters and researchers about deserialization vulnerabilities in various Java (JVM) serialization libraries Please, use #javadeser hash tag for tweets Table of content Java Native Serialization (binary) Overview Main talks & presentations & docs Payload generators Exploits Detect Vulnerable apps (without