← voltar
CVE-2023-45146

Remote code execution in XXL-RPC

CVSS 9.1 CRITICALEPSS 1.0%CWE-502
Vexday Risk Score
28Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 9.1EPSS 1.0%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
18 out 2023Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
XXL-RPC is a high performance, distributed RPC framework. With it, a TCP server can be set up using the Netty framework and the Hessian serialization mechanism. When such a configuration is used, attackers may be able to connect to the server and provide malicious serialized objects that, once deserialized, force it to execute arbitrary code. This can be abused to take control of the machine the server is running by way of remote code execution. This issue has not been fixed.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Produtos afetados
xuexueli · xxl-rpc

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →