CVE-2023-4528

Name of the Vulnerable Software and Affected Versions JSCAPE MFT Server versions prior to 2023.1.9

Description The issue is related to unsafe deserialization in the JSCAPE MFT Server, which allows an attacker to execute arbitrary Java code, including OS commands, via its management interface. This can be achieved by sending a specially crafted Java object in XML encoding. The estimated number of potentially affected devices worldwide is around 1,129, according to ZoomEye.

Recommendations For versions prior to 2023.1.9, update to version 2023.1.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the management interface to minimize the risk of exploitation. Avoid using the vulnerable deserialization mechanism until the issue is resolved.