PT-2017-13635 · Branagh · Ers Data System

West Shepherd

Published

2017-09-29

Updated

2020-07-29

CVE-2017-14702

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ERS Data System version 1.8.1.0

Description The issue allows remote attackers to execute arbitrary code. It is related to the deserialization of the com.branaghgroup.ecers.update.UpdateRequest object.

Recommendations For ERS Data System version 1.8.1.0, consider restricting the deserialization of the com.branaghgroup.ecers.update.UpdateRequest object to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Fix

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502

Related Identifiers

CVE-2017-14702

Affected Products

Ers Data System

PT-2017-13635 · Branagh · Ers Data System

CVE-2017-14702

Weakness Enumeration

Related Identifiers

Affected Products

References · 4