Vulnerability Details CVE-2023-4528
Unsafe deserialization in JSCAPE MFT Server versions prior to 2023.1.9 (Windows, Linux, and MacOS) permits an attacker to run arbitrary Java code (including OS commands) via its management interface
Exploit prediction scoring system (EPSS) score
EPSS Score 0.258
EPSS Ranking 96.0%
CVSS Severity
CVSS v3 Score 7.2
References
- https://www.jscape.com/blog/binary-management-service-patch-cve-2023-4528
- https://www.rapid7.com/blog/post/2023/09/07/cve-2023-4528-java-deserialization-vulnerability-in-jscape-mft-fixed/
- https://www.jscape.com/blog/binary-management-service-patch-cve-2023-4528
- https://www.rapid7.com/blog/post/2023/09/07/cve-2023-4528-java-deserialization-vulnerability-in-jscape-mft-fixed/
Products affected by CVE-2023-4528
-
cpe:2.3:a:redwood:jscape_mft:*