Description
Remote Code Execution is possible in Code42 CrashPlan 5.4.x via the org.apache.commons.ssl.rmi.DateRMI Java class, because (upon instantiation) it creates an RMI server that listens on a TCP port and deserializes objects sent by TCP clients.
Exploits (1)
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://blog.radicallyopensecurity.com/CVE-2017-9830.html
Scores
CVSS v3
9.8
EPSS
0.0924
EPSS Percentile
92.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-502
Status
published
Products (1)
code42/crashplan
5.4
Published
Jun 27, 2017
Tracked Since
Feb 18, 2026