Vulnerability Description
Unsafe deserialization in JSCAPE MFT Server versions prior to 2023.1.9 (Windows, Linux, and MacOS) permits an attacker to run arbitrary Java code (including OS commands) via its management interface
CVSS Score
7.2
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redwood | Jscape Mft | < 2023.1.9 |
Related Weaknesses (CWE)
References
- https://www.jscape.com/blog/binary-management-service-patch-cve-2023-4528Vendor Advisory
- https://www.rapid7.com/blog/post/2023/09/07/cve-2023-4528-java-deserialization-vMitigationThird Party Advisory
- https://www.jscape.com/blog/binary-management-service-patch-cve-2023-4528Vendor Advisory
- https://www.rapid7.com/blog/post/2023/09/07/cve-2023-4528-java-deserialization-vMitigationThird Party Advisory
FAQ
What is CVE-2023-4528?
CVE-2023-4528 is a vulnerability with a CVSS score of 7.2 (HIGH). Unsafe deserialization in JSCAPE MFT Server versions prior to 2023.1.9 (Windows, Linux, and MacOS) permits an attacker to run arbitrary Java code (including OS commands) via its management interface
How severe is CVE-2023-4528?
CVE-2023-4528 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-4528?
Check the references section above for vendor advisories and patch information. Affected products include: Redwood Jscape Mft.