CVE-2023-36381

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Dec 28, 2023
Updated: Jan 4, 2024
CWE ID 502

Summary

CVE-2023-36381 is a Deserialization of Untrusted Data vulnerability impacting Gesundheit Bewegt GmbH's Zippy software. This weakness, which affects versions from n/a to 1.6.5, can allow an attacker to execute arbitrary code by supplying malicious data to be deserialzed. Successful exploitation could result in unauthorized system access or data theft. Users are strongly advised to update to the latest version of Zippy to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share