CVE-2023-46604
| CVE Published | 2023-10-27 |
|---|---|
| Related CWE(s) | CWE-502: Deserialization of Untrusted Data |
| Related Vendor(s) | netapp, debian, apache |
| Related Product(s) | e-series_santricity_web_services_proxy, santricity_storage_plugin, e-series_santricity_unified_manager, debian_linux, activemq, activemq_legacy_openwire_module |
| Exploitation Reported (CISA KEV) | 2023-11-02 |
| CVSS 3 Base Score | 10.0 (CRITICAL) |
| CVSS 3 Attack Complexity | LOW |
| CVSS 3 Attack Vector | NETWORK |
The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause either the client or the broker (respectively) to instantiate any class on the classpath.
Users are recommended to upgrade both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 which fixes this issue.
Cyber Threat Graph Context
Explore how this CVE relates to the wider threat graph
Threat Reports Related to CVE-2023-46604
Report
North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs
This cybersecurity advisory from the U.S. Federal Bureau of Investigation (FBI) and its partners, highlights the cyber espionage activities of the ...