CVE-2017-8045

CRITICAL

Pivotal Software Spring Advanced Mess... - Insecure Deserialization

Title source: rule

Description

In Pivotal Spring AMQP versions prior to 1.7.4, 1.6.11, and 1.5.7, an org.springframework.amqp.core.Message may be unsafely deserialized when being converted into a string. A malicious payload could be crafted to exploit this and enable a remote code execution attack.

References (2)

Scores

CVSS v3 9.8
EPSS 0.0283
EPSS Percentile 86.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE
CWE-502
Status draft

Affected Products (28)

pivotal_software/spring_advanced_message_queuing_protocol
pivotal_software/spring_advanced_message_queuing_protocol
pivotal_software/spring_advanced_message_queuing_protocol
pivotal_software/spring_advanced_message_queuing_protocol
pivotal_software/spring_advanced_message_queuing_protocol
pivotal_software/spring_advanced_message_queuing_protocol
pivotal_software/spring_advanced_message_queuing_protocol
pivotal_software/spring_advanced_message_queuing_protocol
pivotal_software/spring_advanced_message_queuing_protocol
pivotal_software/spring_advanced_message_queuing_protocol
pivotal_software/spring_advanced_message_queuing_protocol
pivotal_software/spring_advanced_message_queuing_protocol
pivotal_software/spring_advanced_message_queuing_protocol
pivotal_software/spring_advanced_message_queuing_protocol
pivotal_software/spring_advanced_message_queuing_protocol
... and 13 more

Timeline

Published Nov 27, 2017
Tracked Since Feb 18, 2026