CVE-2019-18283

Name of the Vulnerable Software and Affected Versions SPPA-T3000 Application Server versions prior to Service Pack R8.2 SP2

Description A vulnerability has been identified that allows for remote code execution by sending specifically crafted objects to one of the functions of the AdminService, which is available without authentication on the Application Server. An attacker needs to have access to the Application Highway to exploit this vulnerability. At the time of advisory publication, no public exploitation of this security issue was known. The vulnerability is related to deficiencies in the deserialization mechanism, which can be exploited by a remote attacker to execute arbitrary code.

Recommendations For versions prior to Service Pack R8.2 SP2, update to Service Pack R8.2 SP2 or later to resolve the issue. As a temporary workaround, consider restricting access to the AdminService or the Application Highway to minimize the risk of exploitation.