Thorn SFTP Gateway 3.4.x RCE via Spring Deserialization
CVE-2023-47174 Published on October 31, 2023

Thorn SFTP gateway 3.4.x before 3.4.4 uses Pivotal Spring Framework for Java deserialization of untrusted data, which is not supported by Pivotal, a related issue to CVE-2016-1000027. Also, within the specific context of Thorn SFTP gateway, this leads to remote code execution.

NVD

Exploit Probability

EPSS

3.23%

Percentile

87.24%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Thorn SFTP Gateway 3.4.x RCE via Spring DeserializationCVE-2023-47174 Published on October 31, 2023

Exploit Probability

Thorn SFTP Gateway 3.4.x RCE via Spring Deserialization
CVE-2023-47174 Published on October 31, 2023