Vulnerabilities in Exadel
3 resultsCVE-2017-3202—The implementation of Action Message Format (AMF3) deserializers in Flamingo amf-serializer by Exadel, version 2.2.0, may allow instantiation of arbitrary classes due to improper code controlEPSS 8.2%CVE-2017-3201—Flamingo amf-serializer by Exadel, version 2.2.0, Action Message Format (AMF3) Java implementation is vulnerable to insecure deserializationEPSS 5.4%CVE-2017-3206—The Action Message Format (AMF3) deserializers used by Flamingo amf-serializer by Exadel, version 2.2.0, allows external entity references (XXEs) from XML documents embedded within AMF3 messagesEPSS 3.7%