CVSS 3.1 Score 9.8 of 10 (high)


Published Oct 31, 2023
Updated: Nov 8, 2023
CWE ID 502


CVE-2023-47174 is a critical vulnerability in Thorn SFTP gateway version 3.4.x before 3.4.4, affecting products t0TPvv, t0TPvu, t0TPvx, and t0TPvw. The vulnerability involves the use of Pivotal Spring Framework for Java deserialization of untrusted data, which is not supported by Pivotal and can lead to remote code execution. The vulnerability has a base score of 9.8 and impacts both confidentiality and integrity with a high severity level. There is no user interaction or privileges required for exploitation, making it a risk over the network with low attack complexity. A patch or update to Thorn SFTP gateway version 3.4.4 is recommended to remediate this vulnerability and protect organizations from potential attacks exploiting this issue.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-47174 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options