CWE-502
AllowedDeserialization of Untrusted Data
Abstraction: Base · Status: Draft
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
4801 vulnerabilities reference this CWE, most recent first.
CVE-2023-6654 (GCVE-0-2023-6654)
Vulnerability from cvelistv5 – Published: 2023-12-10 15:00 – Updated: 2024-08-28 15:18- CWE-502 - Deserialization
| URL | Tags |
|---|---|
| https://vuldb.com/?id.247357 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.247357 | signaturepermissions-required |
| https://note.zhaoj.in/share/jw4Hp9cq7T69 | broken-linkexploit |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:35:14.822Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.247357"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.247357"
},
{
"tags": [
"broken-link",
"exploit",
"x_transferred"
],
"url": "https://note.zhaoj.in/share/jw4Hp9cq7T69"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:phpems:phpems:8.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "phpems",
"vendor": "phpems",
"versions": [
{
"status": "affected",
"version": "8.0"
},
{
"status": "affected",
"version": "9.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6654",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-28T15:16:17.964371Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T15:18:27.567Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Session Data Handler"
],
"product": "PHPEMS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "6.x"
},
{
"status": "affected",
"version": "7.x"
},
{
"status": "affected",
"version": "8.x"
},
{
"status": "affected",
"version": "9.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "glzjin (VulDB User)"
},
{
"lang": "en",
"type": "analyst",
"value": "glzjin (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in PHPEMS 6.x/7.x/8.x/9.0. Affected by this vulnerability is an unknown functionality in the library lib/session.cls.php of the component Session Data Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247357 was assigned to this vulnerability."
},
{
"lang": "de",
"value": "In PHPEMS 6.x/7.x/8.x/9.0 wurde eine kritische Schwachstelle entdeckt. Betroffen ist eine unbekannte Verarbeitung in der Bibliothek lib/session.cls.php der Komponente Session Data Handler. Dank der Manipulation mit unbekannten Daten kann eine deserialization-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-13T07:26:05.925Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.247357"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.247357"
},
{
"tags": [
"broken-link",
"exploit"
],
"url": "https://note.zhaoj.in/share/jw4Hp9cq7T69"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-12-09T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-12-09T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-12-09T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-01-11T16:41:44.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPEMS Session Data session.cls.php deserialization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-6654",
"datePublished": "2023-12-10T15:00:05.030Z",
"dateReserved": "2023-12-09T20:39:55.056Z",
"dateUpdated": "2024-08-28T15:18:27.567Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6580 (GCVE-0-2023-6580)
Vulnerability from cvelistv5 – Published: 2023-12-07 21:31 – Updated: 2024-08-02 08:35- CWE-502 - Deserialization
| URL | Tags |
|---|---|
| https://vuldb.com/?id.247161 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.247161 | signaturepermissions-required |
| https://github.com/c2dc/cve-reported/blob/main/CV… | exploit |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:35:14.765Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.247161"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.247161"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/c2dc/cve-reported/blob/main/CVE-2023-6580/CVE-2023-6580.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"QoS POST Handler"
],
"product": "DIR-846",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "FW100A53DBR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Fran\u00e7oa Taffarel"
},
{
"lang": "en",
"type": "analyst",
"value": "francoa.taffarel (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in D-Link DIR-846 FW100A53DBR. This affects an unknown part of the file /HNAP1/ of the component QoS POST Handler. The manipulation of the argument smartqos_express_devices/smartqos_normal_devices leads to deserialization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247161 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine kritische Schwachstelle in D-Link DIR-846 FW100A53DBR gefunden. Hiervon betroffen ist ein unbekannter Codeblock der Datei /HNAP1/ der Komponente QoS POST Handler. Mit der Manipulation des Arguments smartqos_express_devices/smartqos_normal_devices mit unbekannten Daten kann eine deserialization-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-07T21:31:05.210Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.247161"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.247161"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/c2dc/cve-reported/blob/main/CVE-2023-6580/CVE-2023-6580.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-07-12T00:00:00.000Z",
"value": "Exploit disclosed"
},
{
"lang": "en",
"time": "2023-12-07T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-12-07T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-12-07T16:17:26.000Z",
"value": "VulDB entry last update"
}
],
"title": "D-Link DIR-846 QoS POST deserialization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-6580",
"datePublished": "2023-12-07T21:31:05.210Z",
"dateReserved": "2023-12-07T13:14:19.386Z",
"dateUpdated": "2024-08-02T08:35:14.765Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5583 (GCVE-0-2023-5583)
Vulnerability from cvelistv5 – Published: 2023-10-30 13:48 – Updated: 2026-04-08 16:35- CWE-502 - Deserialization of Untrusted Data
| Vendor | Product | Version | |
|---|---|---|---|
| maca134 | WP Simple Galleries |
Affected:
0 , ≤ 1.34
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:07:31.171Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0dc8f7cf-d8be-4229-b823-3bd9bc9f6eda?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/wp-simple-galleries/tags/1.34/wp-simple-gallery.php#L250"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5583",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T18:34:33.906895Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T18:56:31.855Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WP Simple Galleries",
"vendor": "maca134",
"versions": [
{
"lessThanOrEqual": "1.34",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Istv\u00e1n M\u00e1rton"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP Simple Galleries plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.34 via deserialization of untrusted input from the \u0027wpsimplegallery_gallery\u0027 post meta via \u0027wpsgallery\u0027 shortcode. This allows authenticated attackers, with contributor-level permissions and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:35:20.142Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0dc8f7cf-d8be-4229-b823-3bd9bc9f6eda?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-simple-galleries/tags/1.34/wp-simple-gallery.php#L250"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-10-13T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2023-10-13T00:00:00.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2023-10-29T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "WP Simple Galleries \u003c= 1.34 - Authenticated (Contributor+) PHP Object Injection"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-5583",
"datePublished": "2023-10-30T13:48:45.699Z",
"dateReserved": "2023-10-13T22:35:07.689Z",
"dateUpdated": "2026-04-08T16:35:20.142Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-5391 (GCVE-0-2023-5391)
Vulnerability from cvelistv5 – Published: 2023-10-04 18:13 – Updated: 2025-02-27 20:46- CWE-502 - Deserialization of Untrusted Data
| Vendor | Product | Version | |
|---|---|---|---|
| Schneider Electric | EcoStruxure Power Monitoring Expert |
Affected:
All versions – prior to application of Hotfix-145271
|
|
| Schneider Electric | EcoStruxure Power Operation (EPO) with Advanced Reports |
Affected:
All versions – prior to application of Hotfix-145271
|
|
| Schneider Electric | EcoStruxure Power SCADA Operation with Advanced Reports |
Affected:
All versions – prior to application of Hotfix-145271
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:59:44.528Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-283-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-283-02.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5391",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T21:50:43.582116Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T20:46:31.823Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EcoStruxure Power Monitoring Expert",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "All versions \u2013 prior to application of Hotfix-145271"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EcoStruxure Power Operation (EPO) with Advanced Reports",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "All versions \u2013 prior to application of Hotfix-145271"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EcoStruxure Power SCADA Operation with Advanced Reports",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "All versions \u2013 prior to application of Hotfix-145271"
}
]
}
],
"datePublic": "2023-10-10T17:55:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\n\nA CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker to\nexecute arbitrary code on the targeted system by sending a specifically crafted packet to the\napplication.\n\n\n\n\u003cbr\u003e"
}
],
"value": "\n\n\nA CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker to\nexecute arbitrary code on the targeted system by sending a specifically crafted packet to the\napplication.\n\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-11T08:25:11.967Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-283-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-283-02.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2023-5391",
"datePublished": "2023-10-04T18:13:00.746Z",
"dateReserved": "2023-10-04T17:50:08.965Z",
"dateUpdated": "2025-02-27T20:46:31.823Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5183 (GCVE-0-2023-5183)
Vulnerability from cvelistv5 – Published: 2023-09-26 21:29 – Updated: 2024-09-24 13:43- CWE-502 - Deserialization of Untrusted Data
| Vendor | Product | Version | |
|---|---|---|---|
| Illumio | Core PCE |
Affected:
19.3.0 , ≤ 19.3.6
(release train)
Affected: 21.2.0 , ≤ 21.2.7 (release train) Affected: 21.5.0 , ≤ 21.5.35 (release train) Affected: 22.2.0 , ≤ 22.2.41 (release train) Affected: 22.5.0 , ≤ 22.5.30 (release train) Affected: 23.2.0 , ≤ 23.2.10 (release train) |
|
| illumio | core_policy_compute_engine |
Affected:
19.3.0 , ≤ 19.3.6
(custom)
Affected: 21.2.0 , ≤ 21.2.7 (custom) Affected: 21.5.0 , ≤ 21.5.35 (custom) Affected: 22.2.0 , ≤ 22.2.41 (custom) Affected: 22.5.0 , ≤ 22.5.30 (custom) Affected: 23.2.0 , ≤ 23.2.10 (custom) cpe:2.3:a:illumio:core_policy_compute_engine:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:52:07.639Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.illumio.com/Guides/security-advisories/september-2023/cve-2023-5183.htm"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:illumio:core_policy_compute_engine:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "core_policy_compute_engine",
"vendor": "illumio",
"versions": [
{
"lessThanOrEqual": "19.3.6",
"status": "affected",
"version": "19.3.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "21.2.7",
"status": "affected",
"version": "21.2.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "21.5.35",
"status": "affected",
"version": "21.5.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "22.2.41",
"status": "affected",
"version": "22.2.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "22.5.30",
"status": "affected",
"version": "22.5.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "23.2.10",
"status": "affected",
"version": "23.2.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5183",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T13:35:49.225388Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T13:43:17.802Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"modules": [
"PCE"
],
"platforms": [
"Linux"
],
"product": "Core PCE",
"vendor": "Illumio",
"versions": [
{
"lessThanOrEqual": "19.3.6",
"status": "affected",
"version": "19.3.0",
"versionType": "release train"
},
{
"lessThanOrEqual": "21.2.7",
"status": "affected",
"version": "21.2.0",
"versionType": "release train"
},
{
"lessThanOrEqual": "21.5.35",
"status": "affected",
"version": "21.5.0",
"versionType": "release train"
},
{
"lessThanOrEqual": "22.2.41",
"status": "affected",
"version": "22.2.0",
"versionType": "release train"
},
{
"lessThanOrEqual": "22.5.30",
"status": "affected",
"version": "22.5.0",
"versionType": "release train"
},
{
"lessThanOrEqual": "23.2.10",
"status": "affected",
"version": "23.2.0",
"versionType": "release train"
}
]
}
],
"datePublic": "2023-09-26T21:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eUnsafe deserialization of untrusted JSON allows execution of arbitrary code on affected releases of the Illumio PCE. Authentication to the API is required to exploit this vulnerability. The flaw exists within the network_traffic API endpoint. An attacker can leverage this vulnerability to execute code in the context of the PCE\u2019s operating system user. \u0026nbsp;\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003cbr\u003e"
}
],
"value": "Unsafe deserialization of untrusted JSON allows execution of arbitrary code on affected releases of the Illumio PCE. Authentication to the API is required to exploit this vulnerability. The flaw exists within the network_traffic API endpoint. An attacker can leverage this vulnerability to execute code in the context of the PCE\u2019s operating system user. \u00a0\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-586",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-586 Object Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-26T23:41:08.564Z",
"orgId": "ea070963-4842-4451-bceb-906a17f8dc69",
"shortName": "Illumio"
},
"references": [
{
"url": "https://docs.illumio.com/Guides/security-advisories/september-2023/cve-2023-5183.htm"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eUpgrade to the latest release for a given major version. \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "Upgrade to the latest release for a given major version. \n\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Authenticated RCE due to unsafe JSON deserialization",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "ea070963-4842-4451-bceb-906a17f8dc69",
"assignerShortName": "Illumio",
"cveId": "CVE-2023-5183",
"datePublished": "2023-09-26T21:29:36.575Z",
"dateReserved": "2023-09-25T18:22:12.952Z",
"dateUpdated": "2024-09-24T13:43:17.802Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5016 (GCVE-0-2023-5016)
Vulnerability from cvelistv5 – Published: 2023-09-17 02:00 – Updated: 2024-08-02 07:44- CWE-502 - Deserialization
| URL | Tags |
|---|---|
| https://vuldb.com/?id.239857 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.239857 | signaturepermissions-required |
| https://github.com/bayuncao/vul-cve | broken-link |
| https://github.com/bayuncao/vul-cve/blob/main/spi… | broken-linkexploit |
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | spider-flow |
Affected:
0.1
Affected: 0.2 Affected: 0.3 Affected: 0.4 Affected: 0.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:44:53.706Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.239857"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.239857"
},
{
"tags": [
"broken-link",
"x_transferred"
],
"url": "https://github.com/bayuncao/vul-cve"
},
{
"tags": [
"broken-link",
"exploit",
"x_transferred"
],
"url": "https://github.com/bayuncao/vul-cve/blob/main/spider-flow%20fastjson%20jdbc%20deserialization"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"API"
],
"product": "spider-flow",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "0.1"
},
{
"status": "affected",
"version": "0.2"
},
{
"status": "affected",
"version": "0.3"
},
{
"status": "affected",
"version": "0.4"
},
{
"status": "affected",
"version": "0.5"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "bayuncao (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in spider-flow up to 0.5.0. It has been declared as critical. Affected by this vulnerability is the function DriverManager.getConnection of the file src/main/java/org/spiderflow/controller/DataSourceController.java of the component API. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239857 was assigned to this vulnerability."
},
{
"lang": "de",
"value": "In spider-flow bis 0.5.0 wurde eine kritische Schwachstelle ausgemacht. Betroffen ist die Funktion DriverManager.getConnection der Datei src/main/java/org/spiderflow/controller/DataSourceController.java der Komponente API. Mit der Manipulation mit unbekannten Daten kann eine deserialization-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-13T08:02:34.960Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.239857"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.239857"
},
{
"tags": [
"broken-link"
],
"url": "https://github.com/bayuncao/vul-cve"
},
{
"tags": [
"broken-link",
"exploit"
],
"url": "https://github.com/bayuncao/vul-cve/blob/main/spider-flow%20fastjson%20jdbc%20deserialization"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-09-16T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-09-16T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-09-16T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-10-12T14:07:37.000Z",
"value": "VulDB entry last update"
}
],
"title": "spider-flow API DataSourceController.java DriverManager.getConnection deserialization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-5016",
"datePublished": "2023-09-17T02:00:06.688Z",
"dateReserved": "2023-09-16T06:43:13.210Z",
"dateUpdated": "2024-08-02T07:44:53.706Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4528 (GCVE-0-2023-4528)
Vulnerability from cvelistv5 – Published: 2023-09-07 17:39 – Updated: 2025-04-23 16:17- CWE-502 - Deserialization of Untrusted Data
| Vendor | Product | Version | |
|---|---|---|---|
| Redwood Software | JSCAPE MFT Server |
Affected:
0 , < 2023.1.9
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:31:06.559Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.jscape.com/blog/binary-management-service-patch-cve-2023-4528"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.rapid7.com/blog/post/2023/09/07/cve-2023-4528-java-deserialization-vulnerability-in-jscape-mft-fixed/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-4528",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:27:08.244906Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T16:17:27.633Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux"
],
"product": "JSCAPE MFT Server",
"vendor": "Redwood Software",
"versions": [
{
"lessThan": "2023.1.9",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2023-09-07T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unsafe deserialization in JSCAPE MFT Server versions prior to\u0026nbsp;2023.1.9 (Windows, Linux, and MacOS) permits an attacker to run arbitrary Java code (including OS commands) via its management interface\u003cbr\u003e"
}
],
"value": "Unsafe deserialization in JSCAPE MFT Server versions prior to\u00a02023.1.9 (Windows, Linux, and MacOS) permits an attacker to run arbitrary Java code (including OS commands) via its management interface\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-07T17:39:42.355Z",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"url": "https://www.jscape.com/blog/binary-management-service-patch-cve-2023-4528"
},
{
"url": "https://www.rapid7.com/blog/post/2023/09/07/cve-2023-4528-java-deserialization-vulnerability-in-jscape-mft-fixed/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "JSCAPE MFT Server Unsafe Deserialization on Management Port",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2023-4528",
"datePublished": "2023-09-07T17:39:42.355Z",
"dateReserved": "2023-08-24T20:16:59.319Z",
"dateUpdated": "2025-04-23T16:17:27.633Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4402 (GCVE-0-2023-4402)
Vulnerability from cvelistv5 – Published: 2023-10-20 06:35 – Updated: 2026-04-08 16:40- CWE-502 - Deserialization of Untrusted Data
| Vendor | Product | Version | |
|---|---|---|---|
| wpdevteam | Essential Blocks Pro |
Affected:
0 , ≤ 1.1.0
(semver)
|
|
| wpdevteam | Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns |
Affected:
0 , ≤ 4.2.0
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:24:04.668Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1ede7a25-9bb2-408e-b7fb-e5bd4f594351?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/essential-blocks/trunk/includes/API/Product.php?rev=2950425#L49"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4402",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T18:35:04.501670Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T19:11:12.696Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Essential Blocks Pro",
"vendor": "wpdevteam",
"versions": [
{
"lessThanOrEqual": "1.1.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Gutenberg Essential Blocks \u2013 Page Builder for Gutenberg Blocks \u0026 Patterns",
"vendor": "wpdevteam",
"versions": [
{
"lessThanOrEqual": "4.2.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marco Wotschka"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the get_products function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:40:54.661Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1ede7a25-9bb2-408e-b7fb-e5bd4f594351?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/essential-blocks/trunk/includes/API/Product.php?rev=2950425#L49"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-08-17T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2023-08-18T00:00:00.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2023-09-13T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Essential Blocks \u003c= 4.2.0 - Unauthenticated PHP Object Injection via products"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-4402",
"datePublished": "2023-10-20T06:35:10.640Z",
"dateReserved": "2023-08-17T15:45:30.445Z",
"dateUpdated": "2026-04-08T16:40:54.661Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-4386 (GCVE-0-2023-4386)
Vulnerability from cvelistv5 – Published: 2023-10-20 07:29 – Updated: 2026-04-08 17:15- CWE-502 - Deserialization of Untrusted Data
| Vendor | Product | Version | |
|---|---|---|---|
| wpdevteam | Essential Blocks Pro |
Affected:
0 , ≤ 1.1.0
(semver)
|
|
| wpdevteam | Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns |
Affected:
0 , ≤ 4.2.0
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:24:04.545Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/af468f83-d6ad-474c-bf7f-c4eeb6df1b54?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/essential-blocks/trunk/includes/API/PostBlock.php?rev=2950425#L30"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4386",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T18:34:54.889423Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T19:05:05.850Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Essential Blocks Pro",
"vendor": "wpdevteam",
"versions": [
{
"lessThanOrEqual": "1.1.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Gutenberg Essential Blocks \u2013 Page Builder for Gutenberg Blocks \u0026 Patterns",
"vendor": "wpdevteam",
"versions": [
{
"lessThanOrEqual": "4.2.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marco Wotschka"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the get_posts function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:15:32.371Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/af468f83-d6ad-474c-bf7f-c4eeb6df1b54?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/essential-blocks/trunk/includes/API/PostBlock.php?rev=2950425#L30"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-08-17T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2023-08-18T00:00:00.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2023-09-13T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Essential Blocks \u003c= 4.2.0 - Unauthenticated PHP Object Injection via queries"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-4386",
"datePublished": "2023-10-20T07:29:27.908Z",
"dateReserved": "2023-08-16T16:39:20.561Z",
"dateUpdated": "2026-04-08T17:15:32.371Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-3513 (GCVE-0-2023-3513)
Vulnerability from cvelistv5 – Published: 2023-07-14 04:49 – Updated: 2024-10-31 15:43| URL | Tags |
|---|---|
| https://starlabs.sg/advisories/23/23-3513/ | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Razer | Razer Central |
Affected:
0 , ≤ 7.11.0.558
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:55:03.767Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://starlabs.sg/advisories/23/23-3513/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3513",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-31T15:43:23.950643Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-31T15:43:30.777Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"RazerCentralSerivce"
],
"platforms": [
"Windows"
],
"product": "Razer Central",
"vendor": "Razer",
"versions": [
{
"lessThanOrEqual": "7.11.0.558",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Phan Thanh Duy (@PTDuy) of STAR Labs SG Pte. Ltd. (@starlabs_sg)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Privilege Control in RazerCentralSerivce Named Pipe in Razer RazerCentral \u0026lt;=7.11.0.558 on Windows allows a malicious actor with local access to\u0026nbsp;gain SYSTEM privilege via communicating with the named pipe as a low-privilege user and triggering an insecure .NET deserialization."
}
],
"value": "Improper Privilege Control in RazerCentralSerivce Named Pipe in Razer RazerCentral \u003c=7.11.0.558 on Windows allows a malicious actor with local access to\u00a0gain SYSTEM privilege via communicating with the named pipe as a low-privilege user and triggering an insecure .NET deserialization."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
},
{
"capecId": "CAPEC-549",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-549 Local Execution of Code"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-14T04:49:59.445Z",
"orgId": "b1571b85-cbc9-431f-830b-0c8155323a69",
"shortName": "STAR_Labs"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://starlabs.sg/advisories/23/23-3513/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "RazerCentralService Unsafe Deserialization Escalation of Privilege",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b1571b85-cbc9-431f-830b-0c8155323a69",
"assignerShortName": "STAR_Labs",
"cveId": "CVE-2023-3513",
"datePublished": "2023-07-14T04:49:59.445Z",
"dateReserved": "2023-07-05T08:39:02.308Z",
"dateUpdated": "2024-10-31T15:43:30.777Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
If available, use the signing/sealing features of the programming language to assure that deserialized data has not been tainted. For example, a hash-based message authentication code (HMAC) could be used to ensure that data has not been modified.
Mitigation
When deserializing data, populate a new object rather than just deserializing. The result is that the data flows through safe input validation and that the functions are safe.
Mitigation
Explicitly define a final object() to prevent deserialization.
Mitigation
- Make fields transient to protect them from deserialization.
- An attempt to serialize and then deserialize a class containing transient fields will result in NULLs where the transient data should be. This is an excellent way to prevent time, environment-based, or sensitive variables from being carried over and used improperly.
Mitigation
Avoid having unnecessary types or gadgets (a sequence of instances and method invocations that can self-execute during the deserialization process, often found in libraries) available that can be leveraged for malicious ends. This limits the potential for unintended or unauthorized types and gadgets to be leveraged by the attacker. Add only acceptable classes to an allowlist. Note: new gadgets are constantly being discovered, so this alone is not a sufficient mitigation.
Mitigation
Employ cryptography of the data or code for protection. However, it's important to note that it would still be client-side security. This is risky because if the client is compromised then the security implemented on the client (the cryptography) can be bypassed.
Mitigation MIT-29
Strategy: Firewall
Use an application firewall that can detect attacks against this weakness. It can be beneficial in cases in which the code cannot be fixed (because it is controlled by a third party), as an emergency prevention measure while more comprehensive software assurance measures are applied, or to provide defense in depth [REF-1481].
CAPEC-586: Object Injection
An adversary attempts to exploit an application by injecting additional, malicious content during its processing of serialized objects. Developers leverage serialization in order to convert data or state into a static, binary format for saving to disk or transferring over a network. These objects are then deserialized when needed to recover the data/state. By injecting a malformed object into a vulnerable application, an adversary can potentially compromise the application by manipulating the deserialization process. This can result in a number of unwanted outcomes, including remote code execution.