PT-2022-3483 · Unknown · Data Center Expert
Published
2022-06-14
·
Updated
2023-04-03
·
CVE-2022-32521
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Data Center Expert versions prior to V7.9.0
Description
The issue is related to the deserialization of untrusted data, which could allow a remote attacker to execute arbitrary code on the server by posting specially crafted data to the web server. This is a result of unsafely deserialized data being processed.
Recommendations
For versions prior to V7.9.0, update to version V7.9.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the web server to minimize the risk of exploitation. Avoid posting unsafely deserialized data to the web server until the issue is resolved.
Fix
Deserialization of Untrusted Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Data Center Expert