CVE-2023-4528

HIGH

JSCAPE MFT Server <2023.1.9 - Code Injection

Title source: llm

Description

Unsafe deserialization in JSCAPE MFT Server versions prior to 2023.1.9 (Windows, Linux, and MacOS) permits an attacker to run arbitrary Java code (including OS commands) via its management interface

References (2)

[Vendor Advisory] https://www.jscape.com/blog/binary-management-service-patch-cve-2023-4528

[Mitigation, Third Party Advisory] https://www.rapid7.com/blog/post/2023/09/07/cve-2023-4528-java-deserialization-vulnerability-in-jscape-mft-fixed/

Scores

CVSS v3 7.2

EPSS 0.2584

EPSS Percentile 96.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-502

Status published

Affected Products (1)

redwood/jscape_mft < 2023.1.9

Timeline

Published Sep 07, 2023

Tracked Since Feb 18, 2026