CVE-2016-8648 vulnerability in Red Hat Products
Published on August 1, 2018
It was found that the Karaf container used by Red Hat JBoss Fuse 6.x, and Red Hat JBoss A-MQ 6.x, deserializes objects passed to MBeans via JMX operations. An attacker could use this flaw to execute remote code on the server as the user running the Java Virtual Machine if the target MBean contain deserialization gadgets in its classpath.
Weakness Type
What is a Marshaling, Unmarshaling Vulnerability?
The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.
CVE-2016-8648 has been classified to as a Marshaling, Unmarshaling vulnerability or weakness.
Products Associated with CVE-2016-8648
stack.watch emails you whenever new vulnerabilities are published in Red Hat Jboss A Mq or Red Hat Jboss Fuse. Just hit a watch button to start following.
Affected Versions
Apache Software Foundation Karaf Version As shipped with Jboss Fuse 6.x is affected by CVE-2016-8648Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.