PT-2023-17438 · Datagear · Datagear
Yangyanglo
·
Published
2023-04-14
·
Updated
2024-09-16
·
CVE-2023-2042
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
DataGear versions up to 4.7.0/5.1.0
Description
A problematic issue has been found in the JDBC Server Handler component of DataGear, allowing for deserialization through manipulation. This issue can be exploited remotely. The vendor was contacted about the disclosure but did not respond.
Recommendations
For versions up to 4.7.0/5.1.0, consider disabling the JDBC Server Handler component until a patch is available. Restrict access to the component to minimize the risk of exploitation. Avoid using the affected functionality of the JDBC Server Handler until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.
Exploit
Fix
Deserialization of Untrusted Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Datagear