CVE-2023-46604 in Oracle Enterprise Data Qualityinfo

Summary

The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause either the client or the broker (respectively) to instantiate any class on the classpath. Users are recommended to upgrade both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 which fixes this issue.

Responsible

Apache Software Foundation

Reservation

10/24/2023

Disclosure

10/27/2023

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
251161	Oracle Enterprise Data Quality General deserialization	502	Attacked	Official fix	CVE-2023-46604
251097	Oracle Financial Services Analytical Applications Infrastructure deserialization	502	Attacked	Official fix	CVE-2023-46604
251093	Oracle Banking Digital Experience UI General deserialization	502	Attacked	Official fix	CVE-2023-46604
251090	Oracle Banking APIs IDM - Authentication deserialization	502	Attacked	Official fix	CVE-2023-46604
251002	Oracle Communications Session Report Manager Security deserialization	502	Attacked	Official fix	CVE-2023-46604
251000	Oracle Communications Element Manager Security deserialization	502	Attacked	Official fix	CVE-2023-46604
243730	Apache ActiveMQ/ActiveMQ Legacy OpenWire Module OpenWire Protocol deserialization	502	Attacked	Official fix	CVE-2023-46604

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

◂ PreviousOverviewNext ▸

Want to know what is going to be exploited?

We predict KEV entries!