CVE-2017-3199 in GraniteDSinfo

Summary

The Java implementation of GraniteDS, version 3.1.1.GA, AMF3 deserializers derives class instances from java.io.Externalizable rather than the AMF3 specification's recommendation of flash.utils.IExternalizable. A remote attacker with the ability to spoof or control an RMI server connection may be able to send serialized Java objects that execute arbitrary code when deserialized.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Reservation

12/05/2016

Disclosure

06/11/2018

Moderation

VulDB entry created

Entries

CPE

ready

CWE

CWE-502 (Confirmed)

CVSS

6.8

EPSS

0.13846

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2017-3199
NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-3199
CVE Details	https://www.cvedetails.com/cve/CVE-2017-3199/

◂ Previous Overview Next ▸

Interested in the pricing of exploits?

See the underground prices here!