Exploit Intelligence Platform – 370K+ CVEs, Ranked Exploits & EPSS Scores

CVE-2020-4449 7.5 HIGH EPSS 0.01

IBM Websphere Application Server < 7.0.0.45 - Insecure Deserialization

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to obtain sensitive information with a specially-crafted sequence of serialized objects. IBM X-Force ID: 181230.

CWE-502 Jun 05, 2020

CVE-2020-4448 9.8 CRITICAL EPSS 0.16

IBM Websphere Application Server < 8.5.5.18 - Insecure Deserialization

IBM WebSphere Application Server Network Deployment 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 181228.

CWE-502 Jun 05, 2020

CVE-2020-7660 8.1 HIGH 1 Writeup EPSS 0.03

Verizon Serialize-javascript < 3.1.0 - Insecure Deserialization

serialize-javascript prior to 3.1.0 allows remote attackers to inject arbitrary code via the function "deleteFunctions" within "index.js".

CWE-502 Jun 01, 2020

CVE-2020-12390 9.8 CRITICAL EPSS 0.01

Firefox <76 - SSRF

Incorrect origin serialization of URLs with IPv6 addresses could lead to incorrect security checks. This vulnerability affects Firefox < 76.

CWE-502 May 26, 2020

CVE-2020-3280 9.8 CRITICAL EPSS 0.06

Cisco Unified CCX - Code Injection

A vulnerability in the Java Remote Management Interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a malicious serialized Java object to a specific listener on an affected system. A successful exploit could allow the attacker to execute arbitrary code as the root user on an affected device.

CWE-502 May 22, 2020

CVE-2018-21234 9.8 CRITICAL 1 Writeup EPSS 0.25

Jodd < 5.0.4 - Insecure Deserialization

Jodd before 5.0.4 performs Deserialization of Untrusted JSON Data when setClassMetadataName is set.

CWE-502 May 21, 2020

CVE-2020-9484 7.0 HIGH 20 PoCs Analysis NUCLEI EPSS 0.93

Apache Tomcat < 7.0.108 - Insecure Deserialization

When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed.

CWE-502 May 20, 2020

CVE-2020-12835 9.8 CRITICAL EPSS 0.14

SmartBear ReadyAPI SoapUI Pro 3.2.5 - Code Injection

An issue was discovered in SmartBear ReadyAPI SoapUI Pro 3.2.5. Due to unsafe use of an Java RMI based protocol in an unsafe configuration, an attacker can inject malicious serialized objects into the communication, resulting in remote code execution in the context of a client-side Network Licensing Protocol component.

CWE-502 May 20, 2020

CVE-2020-13092 9.8 CRITICAL EPSS 0.01

scikit-learn <0.23.0 - Command Injection

scikit-learn (aka sklearn) through 0.23.0 can unserialize and execute commands from an untrusted file that is passed to the joblib.load() function, if __reduce__ makes an os.system call. NOTE: third parties dispute this issue because the joblib.load() function is documented as unsafe and it is the user's responsibility to use the function in a secure manner

CWE-502 May 15, 2020

CVE-2020-13091 9.8 CRITICAL EPSS 0.01

pandas <1.0.3 - Command Injection

pandas through 1.0.3 can unserialize and execute commands from an untrusted file that is passed to the read_pickle() function, if __reduce__ makes an os.system call. NOTE: third parties dispute this issue because the read_pickle() function is documented as unsafe and it is the user's responsibility to use the function in a secure manner

CWE-502 May 15, 2020

CVE-2020-11973 9.8 CRITICAL EPSS 0.08

Apache Camel < 2.25.0 - Insecure Deserialization

Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.

CWE-502 May 14, 2020

CVE-2020-11972 9.8 CRITICAL EPSS 0.08

Apache Camel < 2.25.0 - Insecure Deserialization

Apache Camel RabbitMQ enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.

CWE-502 May 14, 2020

CVE-2020-11067 8.8 HIGH EPSS 0.01

TYPO3 CMS <9.5.16, <10.4.1 - Code Injection

In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has been discovered that backend user settings (in $BE_USER->uc) are vulnerable to insecure deserialization. In combination with vulnerabilities of third party components, this can lead to remote code execution. A valid backend user account is needed to exploit this vulnerability. This has been fixed in 9.5.17 and 10.4.2.

CWE-502 May 14, 2020

CVE-2019-16112 8.8 HIGH 1 PoC Analysis EPSS 0.02

TylerTech Eagle <2018.3.11 - RCE

TylerTech Eagle 2018.3.11 deserializes untrusted user input, resulting in remote code execution via a crafted Java object to the recorder/ServiceManager?service=tyler.empire.settings.SettingManager URI.

CWE-502 May 13, 2020

CVE-2020-12760 8.8 HIGH EPSS 0.02

OpenNMS Horizon <26.0.1, Meridian <2018.1.19 & 2019 <2019.1.7 - Rem...

An issue was discovered in OpenNMS Horizon before 26.0.1, and Meridian before 2018.1.19 and 2019 before 2019.1.7. The ActiveMQ channel configuration allowed for arbitrary deserialization of Java objects (aka ActiveMQ Minion payload deserialization), leading to remote code execution for any authenticated channel user regardless of its assigned permissions.

CWE-502 May 11, 2020

CVE-2020-5741 7.2 HIGH KEV 1 PoC Analysis EPSS 0.38

Plex Media Server - Code Injection

Deserialization of Untrusted Data in Plex Media Server on Windows allows a remote, authenticated attacker to execute arbitrary Python code.

CWE-502 May 08, 2020

CVE-2020-2189 8.8 HIGH EPSS 0.01

Jenkins Source Code Management Filter... - Insecure Deserialization

Jenkins SCM Filter Jervis Plugin 0.2.1 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.

CWE-502 May 06, 2020

CVE-2020-12471 9.8 CRITICAL EPSS 0.03

MonoX <5.1.40.5152 - RCE

MonoX through 5.1.40.5152 allows remote code execution via HTML5Upload.ashx or Pages/SocialNetworking/lng/en-US/PhotoGallery.aspx because of deserialization in ModuleGallery.HTML5Upload, ModuleGallery.SilverLightUploadModule, HTML5Upload, and SilverLightUploadHandler.

CWE-502 Apr 29, 2020

CVE-2020-12469 6.5 MEDIUM EPSS 0.00

Subrion CMS <4.2.1 - Code Injection

admin/blocks.php in Subrion CMS through 4.2.1 allows PHP Object Injection (with resultant file deletion) via serialized data in the subpages value within a block to blocks/edit.

CWE-502 Apr 29, 2020

CVE-2020-12133 9.8 CRITICAL EPSS 0.08

Farukawa Electric Consciousmap < 2.8.1 - Insecure Deserialization

The Apros Evolution, ConsciusMap, and Furukawa provisioning systems through 2.8.1 allow remote code execution because of javax.faces.ViewState Java deserialization.

CWE-502 Apr 27, 2020

CVE & Exploit Intelligence Database

Investigate

Ecosystems

Reference Indexes

Recent Blog Posts

CVEForge Labs

KEV Gaps