CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-47174

Thorn SFTP gateway 3.4.x before 3.4.4 uses Pivotal Spring Framework for Java deserialization of untrusted data, which is not supported by Pivotal, a related issue to CVE-2016-1000027. Also, within the specific context of Thorn SFTP gateway, this leads to remote code execution.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.032

EPSS Ranking 86.6%

CVSS Severity

CVSS v3 Score 9.8

References

https://help.thorntech.com/docs/sftp-gateway-gcp-3.0/gcp-java-deserialization-rce/
https://help.thorntech.com/docs/sftp-gateway-gcp-3.0/gcp-java-deserialization-rce/

Products affected by CVE-2023-47174

Thorntech » Sftp Gateway » Version: N/A

cpe:2.3:h:thorntech:sftp_gateway:-
Thorntech » Sftp Gateway Firmware » Version: 3.4.0

cpe:2.3:o:thorntech:sftp_gateway_firmware:3.4.0
Thorntech » Sftp Gateway Firmware » Version: 3.4.1

cpe:2.3:o:thorntech:sftp_gateway_firmware:3.4.1
Thorntech » Sftp Gateway Firmware » Version: 3.4.2

cpe:2.3:o:thorntech:sftp_gateway_firmware:3.4.2
Thorntech » Sftp Gateway Firmware » Version: 3.4.3

cpe:2.3:o:thorntech:sftp_gateway_firmware:3.4.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-47174

Products

Pricing

Contact Us