CVE-2023-47174

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Oct 31, 2023
Updated: Nov 8, 2023
CWE ID 502

Summary

CVE-2023-47174 is a critical vulnerability in Thorn SFTP gateway version 3.4.x before 3.4.4, affecting products t0TPvv, t0TPvu, t0TPvx, and t0TPvw. The vulnerability involves the use of Pivotal Spring Framework for Java deserialization of untrusted data, which is not supported by Pivotal and can lead to remote code execution. The vulnerability has a base score of 9.8 and impacts both confidentiality and integrity with a high severity level. There is no user interaction or privileges required for exploitation, making it a risk over the network with low attack complexity. A patch or update to Thorn SFTP gateway version 3.4.4 is recommended to remediate this vulnerability and protect organizations from potential attacks exploiting this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future

Note: This is just a basic overview providing quick insights into CVE-2023-47174 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future
  • Gain complete coverage of your cyber, third party, and physical attack surface
  • Proactively mitigate threats before they turn into costly attacks
  • Make fast, effective, data-driven decisions

Book your demo

Sign in

Back to Vulnerability Database