PT-2020-13059 · Furukawa+1 · Furukawa Provisioning Systems+1

Published

2020-04-26

Updated

2020-10-23

CVE-2020-12133

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Apros Evolution versions through 2.8.1 ConsciusMap versions through 2.8.1 Furukawa provisioning systems versions through 2.8.1

Description The issue allows remote code execution due to Java deserialization in javax.faces.ViewState.

Recommendations For Apros Evolution versions through 2.8.1, consider disabling the javax.faces.ViewState Java deserialization until a patch is available. For ConsciusMap versions through 2.8.1, restrict access to the affected systems to minimize the risk of exploitation. For Furukawa provisioning systems versions through 2.8.1, avoid using the vulnerable Java deserialization in javax.faces.ViewState until the issue is resolved.

Exploit

Fix

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502

Related Identifiers

CVE-2020-12133

Affected Products

Furukawa Provisioning Systems

Java

PT-2020-13059 · Furukawa+1 · Furukawa Provisioning Systems+1

CVE-2020-12133

Weakness Enumeration

Related Identifiers

Affected Products

References · 7