CVE-2023-47174
CVSS 3.1 Score 9.8 of 10 (high)
Details
Summary
CVE-2023-47174 is a critical vulnerability in Thorn SFTP gateway version 3.4.x before 3.4.4, affecting products t0TPvv, t0TPvu, t0TPvx, and t0TPvw. The vulnerability involves the use of Pivotal Spring Framework for Java deserialization of untrusted data, which is not supported by Pivotal and can lead to remote code execution. The vulnerability has a base score of 9.8 and impacts both confidentiality and integrity with a high severity level. There is no user interaction or privileges required for exploitation, making it a risk over the network with low attack complexity. A patch or update to Thorn SFTP gateway version 3.4.4 is recommended to remediate this vulnerability and protect organizations from potential attacks exploiting this issue.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Advisories, Assessments, and Mitigations
Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future
- Gain complete coverage of your cyber, third party, and physical attack surface
- Proactively mitigate threats before they turn into costly attacks
- Make fast, effective, data-driven decisions