PT-2023-30342 · Pivotal · Spring Framework
Published
2023-10-31
·
Updated
2023-11-08
·
CVE-2023-47174
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Thorn SFTP gateway versions 3.4.x through 3.4.3
Description
The issue arises from the use of Pivotal Spring Framework for Java deserialization of untrusted data, which is not supported by Pivotal. This leads to remote code execution within the context of Thorn SFTP gateway.
Recommendations
For Thorn SFTP gateway versions 3.4.x through 3.4.3, update to version 3.4.4 or later to resolve the issue.
Fix
Deserialization of Untrusted Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Spring Framework