CVE-2023-45146
Remote code execution in XXL-RPC
Vexday Risk Score
28Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 9.1EPSS 1.0%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
18 out 2023Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
XXL-RPC is a high performance, distributed RPC framework. With it, a TCP server can be set up using the Netty framework and the Hessian serialization mechanism. When such a configuration is used, attackers may be able to connect to the server and provide malicious serialized objects that, once deserialized, force it to execute arbitrary code. This can be abused to take control of the machine the server is running by way of remote code execution. This issue has not been fixed.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Produtos afetados
xuexueli · xxl-rpcQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →