Vulnerability Details CVE-2023-4528
Unsafe deserialization in JSCAPE MFT Server versions prior to 2023.1.9 (Windows, Linux, and MacOS) permits an attacker to run arbitrary Java code (including OS commands) via its management interface
Exploit prediction scoring system (EPSS) score
EPSS Score 0.271
EPSS Ranking 97.8%
CVSS Severity
CVSS v3 Score 7.2
References
- https://www.jscape.com/blog/binary-management-service-patch-cve-2023-4528
- https://www.rapid7.com/blog/post/2023/09/07/cve-2023-4528-java-deserialization-vulnerability-in-jscape-mft-fixed/
- https://www.jscape.com/blog/binary-management-service-patch-cve-2023-4528
- https://www.rapid7.com/blog/post/2023/09/07/cve-2023-4528-java-deserialization-vulnerability-in-jscape-mft-fixed/
Products affected by CVE-2023-4528
-
cpe:2.3:a:redwood:jscape_mft:*