CVE-2023-40571

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 25, 2023
Updated: Sep 1, 2023
CWE ID 502

Summary

CVE-2023-40571 is a deserialization vulnerability affecting weblogic-framework versions 0.2.3 and below. The tool, used for detecting Weblogic vulnerabilities, fails to verify the integrity of data packets returned from servers. Malicious serialized data, when received in response to the 'echo' command, can lead to remote code execution. This is due to the classloader's handling of numerous deserialization calls. Version 0.2.4 has been released with the necessary patch to mitigate this issue.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share