JSCAPE MFT Server <2023.1.9 Unsafe Deserialization on Mgmt Interface
CVE-2023-4528 Published on September 7, 2023
JSCAPE MFT Server Unsafe Deserialization on Management Port
Unsafe deserialization in JSCAPE MFT Server versions prior to 2023.1.9 (Windows, Linux, and MacOS) permits an attacker to run arbitrary Java code (including OS commands) via its management interface
Vulnerability Analysis
CVE-2023-4528 is exploitable with network access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
What is a Marshaling, Unmarshaling Vulnerability?
The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.
CVE-2023-4528 has been classified to as a Marshaling, Unmarshaling vulnerability or weakness.
Products Associated with CVE-2023-4528
Want to know whenever a new CVE is published for Redwood Jscape Mft? stack.watch will email you.
Affected Versions
Redwood Software JSCAPE MFT Server:- Before 2023.1.9 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.