Apache · Apache Commons · CVE-2017-9830
**Name of the Vulnerable Software and Affected Versions**
Code42 CrashPlan version 5.4.x
**Description**
The issue allows for Remote Code Execution in the affected software via the org.apache.commons.ssl.rmi.DateRMI Java class. Upon instantiation, this class creates an RMI server that listens on a TCP port and deserializes objects sent by TCP clients.
**Recommendations**
For Code42 CrashPlan version 5.4.x, consider disabling the use of the org.apache.commons.ssl.rmi.DateRMI Java class until a patch is available to prevent Remote Code Execution. Restrict access to the RMI server to minimize the risk of exploitation.