CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2013-4521

RichFaces implementation in Nuxeo Platform 5.6.0 before HF27 and 5.8.0 before HF-01 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data. NOTE: this vulnerability may overlap CVE-2013-2165.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.025

EPSS Ranking 84.8%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

http://doc.nuxeo.com/display/public/ADMINDOC58/Nuxeo+Security+Hotfixes
https://bugzilla.redhat.com/show_bug.cgi?id=1027052
https://github.com/nuxeo/richfaces/commit/6cbad2a6dcb70d3e33a6ce5879b1a3ad79eb1aec
http://doc.nuxeo.com/display/public/ADMINDOC58/Nuxeo+Security+Hotfixes
https://bugzilla.redhat.com/show_bug.cgi?id=1027052
https://github.com/nuxeo/richfaces/commit/6cbad2a6dcb70d3e33a6ce5879b1a3ad79eb1aec

Products affected by CVE-2013-4521

Nuxeo » Nuxeo » Version: 5.6.0

cpe:2.3:a:nuxeo:nuxeo:5.6.0
Nuxeo » Nuxeo » Version: 5.8.0

cpe:2.3:a:nuxeo:nuxeo:5.8.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2013-4521

Products

Pricing

Contact Us