← back
CVE-2023-4528

JSCAPE MFT Server Unsafe Deserialization on Management Port

CVSS 7.2 HIGHEPSS 27.1%CWE-502
Vexday Risk Score
26Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.2EPSS 27.1%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
07 Sep 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Unsafe deserialization in JSCAPE MFT Server versions prior to 2023.1.9 (Windows, Linux, and MacOS) permits an attacker to run arbitrary Java code (including OS commands) via its management interface
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected products
Redwood Software · JSCAPE MFT Server

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.jscape.com/blog/binary-management-service-patch-cve-2023-4528https://www.rapid7.com/blog/post/2023/09/07/cve-2023-4528-java-deserialization-vulnerability-in-jscape-mft-fixed/