CVE-2024-46983

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Sep 19, 2024
Updated: Sep 20, 2024
CWE ID 74

Summary

CVE-2024-46983 is a critical vulnerability affecting the SOFA Hessian protocol, utilized in various products including yxDq8K, yxDq8L, and others. The flaw allows for a gadget chain to bypass the blacklist mechanism designed to prevent the deserialization of unsafe classes, posing significant risks to confidentiality, integrity, and availability. Organizations can remediate this issue by upgrading to version 3.5.5 of sofa-hessian or by manually maintaining a blacklist in the specified directory if an upgrade is not feasible. The vulnerability has a CVSS base score of 9.8, indicating a high level of severity with low attack complexity and no required user interaction. Without remediation, this vulnerability could lead to unauthorized access or manipulation of sensitive data within affected systems.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share