CVE-2024-46983
CVSS 3.1 Score 9.8 of 10 (high)
Details
Summary
CVE-2024-46983 is a critical vulnerability affecting the SOFA Hessian protocol, utilized in various products including yxDq8K, yxDq8L, and others. The flaw allows for a gadget chain to bypass the blacklist mechanism designed to prevent the deserialization of unsafe classes, posing significant risks to confidentiality, integrity, and availability. Organizations can remediate this issue by upgrading to version 3.5.5 of sofa-hessian or by manually maintaining a blacklist in the specified directory if an upgrade is not feasible. The vulnerability has a CVSS base score of 9.8, indicating a high level of severity with low attack complexity and no required user interaction. Without remediation, this vulnerability could lead to unauthorized access or manipulation of sensitive data within affected systems.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.