CVE-2023-46604

NVD Published Date: October 27, 2023 at 03:15 PM
NVD Last Modified: June 27, 2024 at 06:30 PM
Download Patch
Vulnerability ID
CVE-2023-46604
Severity
CRITICAL
Severity Score
9.8
Summary
The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause either the client or the broker (respectively) to instantiate any class on the classpath. Users are recommended to upgrade both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 which fixes this issue.
Metasploit Payload
-
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE ID
CWE-502

Recent Publish

CVE-2023-22518

CVE-2023-47246

CVE-2023-6448

CVE-2023-22527

CVE-2024-21762

CVE-2024-21410

See SecOps Solution
in action

Schedule Demo