Vulnerability Description
IdeaBlade Breeze Breeze.Server.NET before 1.6.5 allows remote attackers to execute arbitrary code, related to use of TypeNameHandling in JSON deserialization.
CVSS Score
9.8
CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ideablade | Breeze.Server.Net | <= 1.6.0 |
Related Weaknesses (CWE)
References
- http://breeze.github.io/doc-net/release-notes.htmlRelease NotesVendor Advisory
- https://www.blackhat.com/us-17/briefings.html#friday-the-13th-json-attacksTechnical Description
- http://breeze.github.io/doc-net/release-notes.htmlRelease NotesVendor Advisory
- https://www.blackhat.com/us-17/briefings.html#friday-the-13th-json-attacksTechnical Description
FAQ
What is CVE-2017-9424?
CVE-2017-9424 is a vulnerability with a CVSS score of 9.8 (CRITICAL). IdeaBlade Breeze Breeze.Server.NET before 1.6.5 allows remote attackers to execute arbitrary code, related to use of TypeNameHandling in JSON deserialization.
How severe is CVE-2017-9424?
CVE-2017-9424 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2017-9424?
Check the references section above for vendor advisories and patch information. Affected products include: Ideablade Breeze.Server.Net.