Published: 20/07/2018 Updated: 07/11/2023

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

In Apache Ignite prior to 2.4.8 and 2.5.x prior to 2.5.3, the serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present in Ignite classpath. The vulnerability can be exploited if the one sends a specially prepared form of a serialized object to GridClientJdkMarshaller deserialization endpoint.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache ignite

Synopsis Important: Red Hat Fuse 72 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat FuseRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a de ...

In Apache Ignite before 248 and 25x before 253, the serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present in Ignite classpath The vulnerability can be exploited if the one sends a specially prepared f ...

CWE-502 http://www.securityfocus.com/bid/104911 https://access.redhat.com/errata/RHSA-2018:3768 https://lists.apache.org/thread.html/e0fdf53114a321142ecfa5cfa17658090f0b4e1677de431e329b37ab%40%3Cdev.ignite.apache.org%3E https://access.redhat.com/errata/RHSA-2018:3768 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2018-8018

CVE-2018-8018

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect