Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-21568

Summary
Assigner-microsoft
Assigner Org ID-f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At-14 Feb, 2023 | 19:32
Updated At-01 Jan, 2025 | 00:40
Rejected At-
Credits

Microsoft SQL Server Integration Service (VS extension) Remote Code Execution Vulnerability

Microsoft SQL Server Integration Service (VS extension) Remote Code Execution Vulnerability

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:microsoft
Assigner Org ID:f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At:14 Feb, 2023 | 19:32
Updated At:01 Jan, 2025 | 00:40
Rejected At:
▼CVE Numbering Authority (CNA)
Microsoft SQL Server Integration Service (VS extension) Remote Code Execution Vulnerability

Microsoft SQL Server Integration Service (VS extension) Remote Code Execution Vulnerability

Affected Products
Vendor
Microsoft CorporationMicrosoft
Product
SQL Server Integration Services for Visual Studio 2019
Platforms
  • Unknown
Versions
Affected
  • From 16.0.0 before 16.0.5035.3 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
SQL Server Integration Services for Visual Studio 2022
Platforms
  • Unknown
Versions
Affected
  • From 16.0.0 before 16.0.5035.3 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-502CWE-502: Deserialization of Untrusted Data
Type: CWE
CWE ID: CWE-502
Description: CWE-502: Deserialization of Untrusted Data
Metrics
VersionBase scoreBase severityVector
3.17.3HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Version: 3.1
Base score: 7.3
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21568
vendor-advisory
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21568
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21568
vendor-advisory
x_transferred
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21568
Resource:
vendor-advisory
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secure@microsoft.com
Published At:14 Feb, 2023 | 20:15
Updated At:29 May, 2024 | 03:15

Microsoft SQL Server Integration Service (VS extension) Remote Code Execution Vulnerability

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.3HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 7.3
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CPE Matches
Microsoft Corporation
microsoft
>>sql_server_2019_integration_services>>-
cpe:2.3:a:microsoft:sql_server_2019_integration_services:-:*:*:*:*:visual_studio:*:*
Microsoft Corporation
microsoft
>>sql_server_2022_integration_services>>-
cpe:2.3:a:microsoft:sql_server_2022_integration_services:-:*:*:*:*:visual_studio:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE-502Secondarysecure@microsoft.com
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-502
Type: Secondary
Source: secure@microsoft.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21568secure@microsoft.com
Patch
Vendor Advisory
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21568
Source: secure@microsoft.com
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

229Records found
CVE-2023-35388
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8||HIGH
EPSS-0.45% / 62.55%
||
7 Day CHG-1.03%
Published-08 Aug, 2023 | 17:08
Updated-27 Feb, 2025 | 21:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Exchange Server Remote Code Execution Vulnerability

Microsoft Exchange Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_serverMicrosoft Exchange Server 2016 Cumulative Update 23Microsoft Exchange Server 2019 Cumulative Update 13Microsoft Exchange Server 2019 Cumulative Update 12
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2023-33160
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-7.12% / 91.17%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 17:03
Updated-28 Feb, 2025 | 21:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft SharePoint Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serverMicrosoft SharePoint Server 2019Microsoft SharePoint Enterprise Server 2016Microsoft SharePoint Server Subscription Edition
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2023-33134
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.60% / 68.64%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 17:03
Updated-28 Feb, 2025 | 21:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft SharePoint Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serverMicrosoft SharePoint Server 2019Microsoft SharePoint Enterprise Server 2016Microsoft SharePoint Server Subscription Edition
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2019-1373
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-9.8||CRITICAL
EPSS-12.50% / 93.67%
||
7 Day CHG~0.00%
Published-12 Nov, 2019 | 18:52
Updated-04 Aug, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in Microsoft Exchange through the deserialization of metadata via PowerShell, aka 'Microsoft Exchange Remote Code Execution Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_serverMicrosoft Exchange Server 2016Microsoft Exchange Server 2019 Cumulative Update 3Microsoft Exchange Server 2019Microsoft Exchange Server 2013Microsoft Exchange Server 2016 Cumulative Update 14
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2023-32031
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-49.02% / 97.69%
||
7 Day CHG~0.00%
Published-14 Jun, 2023 | 14:52
Updated-28 Feb, 2025 | 21:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Exchange Server Remote Code Execution Vulnerability

Microsoft Exchange Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_serverMicrosoft Exchange Server 2016 Cumulative Update 23Microsoft Exchange Server 2019 Cumulative Update 13Microsoft Exchange Server 2019 Cumulative Update 12
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2024-49070
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.4||HIGH
EPSS-0.17% / 38.02%
||
7 Day CHG+0.02%
Published-10 Dec, 2024 | 17:49
Updated-13 May, 2025 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Remote Code Execution Vulnerability

Microsoft SharePoint Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serverMicrosoft SharePoint Enterprise Server 2016Microsoft SharePoint Server 2019Microsoft SharePoint Server Subscription Edition
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2018-8349
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-13.15% / 93.86%
||
7 Day CHG~0.00%
Published-15 Aug, 2018 | 17:00
Updated-05 Aug, 2024 | 06:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka "Microsoft COM for Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2008Windows Server 2008 R2Windows 10 ServersWindows Server 2012 R2Windows Server 2016Windows 10Windows Server 2012Windows 8.1Windows 7Windows RT 8.1Windows Server 2008
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2022-26503
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-3.75% / 87.56%
||
7 Day CHG+0.42%
Published-17 Mar, 2022 | 16:11
Updated-03 Aug, 2024 | 05:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Deserialization of untrusted data in Veeam Agent for Windows 2.0, 2.1, 2.2, 3.0.2, 4.x, and 5.x allows local users to run arbitrary code with local system privileges.

Action-Not Available
Vendor-n/aMicrosoft CorporationVeeam Software Group GmbH
Product-windowsveeamn/a
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2024-45733
Matching Score-6
Assigner-Splunk Inc.
ShareView Details
Matching Score-6
Assigner-Splunk Inc.
CVSS Score-8.8||HIGH
EPSS-0.83% / 73.53%
||
7 Day CHG~0.00%
Published-14 Oct, 2024 | 17:03
Updated-28 Feb, 2025 | 11:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Code Execution (RCE) due to insecure session storage configuration in Splunk Enterprise on Windows

In Splunk Enterprise for Windows versions below 9.2.3 and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could perform a Remote Code Execution (RCE) due to an insecure session storage configuration.

Action-Not Available
Vendor-Splunk LLC (Cisco Systems, Inc.)Microsoft Corporation
Product-windowssplunkSplunk Enterprisesplunk_enterprise
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2022-41082
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8||HIGH
EPSS-92.19% / 99.70%
||
7 Day CHG+0.52%
Published-03 Oct, 2022 | 00:00
Updated-30 Jul, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-10-21||Apply updates per vendor instructions.
Microsoft Exchange Server Remote Code Execution Vulnerability

Microsoft Exchange Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_serverMicrosoft Exchange Server 2019 Cumulative Update 11Microsoft Exchange Server 2013 Cumulative Update 23Microsoft Exchange Server 2016 Cumulative Update 22Microsoft Exchange Server 2016 Cumulative Update 23Microsoft Exchange Server 2019 Cumulative Update 12Exchange Server
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2024-43466
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-12.38% / 93.63%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 16:54
Updated-31 Dec, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Denial of Service Vulnerability

Microsoft SharePoint Server Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serverMicrosoft SharePoint Server 2019Microsoft SharePoint Enterprise Server 2016Microsoft SharePoint Server Subscription Edition
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2024-43464
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.2||HIGH
EPSS-66.60% / 98.47%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 16:53
Updated-31 Dec, 2024 | 23:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft SharePoint Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serverMicrosoft SharePoint Server 2019Microsoft SharePoint Enterprise Server 2016Microsoft SharePoint Server Subscription Edition
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2018-20732
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-4.28% / 88.39%
||
7 Day CHG~0.00%
Published-17 Jan, 2019 | 01:00
Updated-05 Aug, 2024 | 12:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAS Web Infrastructure Platform before 9.4M6 allows remote attackers to execute arbitrary code via a Java deserialization variant.

Action-Not Available
Vendor-sasn/aHewlett Packard Enterprise (HPE)Oracle CorporationMicrosoft CorporationIBM CorporationLinux Kernel Organization, Inc
Product-hp-ux_ipfiltersolarislinux_kernelwindowsaixweb_infrastructure_platformn/a
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2023-32336
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-0.19% / 41.39%
||
7 Day CHG~0.00%
Published-22 May, 2023 | 00:57
Updated-27 Jan, 2025 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM InfoSphere Information Server code execution

IBM InfoSphere Information Server 11.7 is affected by a remote code execution vulnerability due to insecure deserialization in an RMI service. IBM X-Force ID: 255285.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-aixwindowsinfosphere_information_serverlinux_kernelInfoSphere Information Server
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2018-10513
Matching Score-6
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-6
Assigner-Trend Micro, Inc.
CVSS Score-7.8||HIGH
EPSS-0.08% / 24.26%
||
7 Day CHG~0.00%
Published-30 Aug, 2018 | 19:00
Updated-05 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Deserialization of Untrusted Data Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability.

Action-Not Available
Vendor-Microsoft CorporationTrend Micro Incorporated
Product-premium_securityinternet_securityantivirus_\+_securitywindowsmaximum_securityTrend Micro Security (Consumer)
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2018-0824
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-85.45% / 99.32%
||
7 Day CHG~0.00%
Published-09 May, 2018 | 19:00
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2024-08-26||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka "Microsoft COM for Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_1803windows_server_2012windows_10_1803windows_10_1709windows_server_2008windows_rt_8.1windows_server_1709windows_server_2016windows_7windows_10_1607windows_8.1windows_10_1507windows_10_1703n/awindows_server_2012windows_10windows_rt_8.1windows_7windows_8.1windows_server_2016windows_server_2008Windows
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2021-34520
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-3.75% / 87.56%
||
7 Day CHG~0.00%
Published-14 Jul, 2021 | 17:54
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft SharePoint Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_foundationMicrosoft SharePoint Server 2019Microsoft SharePoint Enterprise Server 2016Microsoft SharePoint Foundation 2013 Service Pack 1
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2017-1677
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.4||HIGH
EPSS-0.17% / 38.28%
||
7 Day CHG~0.00%
Published-22 Mar, 2018 | 12:00
Updated-17 Sep, 2024 | 01:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Data Server Driver for JDBC and SQLJ (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) deserializes the contents of /tmp/connlicj.bin which leads to object injection and potentially arbitrary code execution depending on the classpath. IBM X-Force ID: 133999.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-windowsdb2linux_kernelDB2 for Linux, UNIX and Windows
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2021-26857
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-9.64% / 92.58%
||
7 Day CHG~0.00%
Published-02 Mar, 2021 | 23:55
Updated-30 Jul, 2025 | 01:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2021-04-16||Apply updates per vendor instructions.
Microsoft Exchange Server Remote Code Execution Vulnerability

Microsoft Exchange Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_serverMicrosoft Exchange Server 2019 Cumulative Update 7Microsoft Exchange Server 2013 Cumulative Update 22Microsoft Exchange Server 2019 Cumulative Update 5Microsoft Exchange Server 2013 Cumulative Update 23Microsoft Exchange Server 2016 Cumulative Update 15Microsoft Exchange Server 2019 Cumulative Update 8Microsoft Exchange Server 2019 Cumulative Update 1Microsoft Exchange Server 2019 Cumulative Update 4Microsoft Exchange Server 2016 Cumulative Update 14Microsoft Exchange Server 2019 Cumulative Update 3Microsoft Exchange Server 2019 Cumulative Update 2Microsoft Exchange Server 2019 Cumulative Update 6Microsoft Exchange Server 2016 Cumulative Update 8Microsoft Exchange Server 2016 Cumulative Update 11Microsoft Exchange Server 2016 Cumulative Update 10Microsoft Exchange Server 2013 Service Pack 1Microsoft Exchange Server 2016 Cumulative Update 17Microsoft Exchange Server 2016 Cumulative Update 12Microsoft Exchange Server 2016 Cumulative Update 16Microsoft Exchange Server 2010 Service Pack 3Microsoft Exchange Server 2013 Cumulative Update 21Microsoft Exchange Server 2019Microsoft Exchange Server 2016 Cumulative Update 9Microsoft Exchange Server 2016 Cumulative Update 19Microsoft Exchange Server 2016 Cumulative Update 18Microsoft Exchange Server 2016 Cumulative Update 13Exchange Server
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2021-24066
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-1.63% / 81.13%
||
7 Day CHG~0.00%
Published-25 Feb, 2021 | 23:01
Updated-03 Aug, 2024 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Remote Code Execution Vulnerability

Microsoft SharePoint Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_foundationsharepoint_enterprise_serverMicrosoft SharePoint Server 2019Microsoft SharePoint Enterprise Server 2016Microsoft SharePoint Foundation 2013 Service Pack 1Microsoft SharePoint Foundation 2010 Service Pack 2
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2024-49063
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.4||HIGH
EPSS-0.52% / 65.83%
||
7 Day CHG-0.09%
Published-10 Dec, 2024 | 17:49
Updated-13 May, 2025 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft/Muzic Remote Code Execution Vulnerability

Microsoft/Muzic Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-muzicMuzic
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2024-49147
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-9.3||CRITICAL
EPSS-1.31% / 78.96%
||
7 Day CHG+0.17%
Published-12 Dec, 2024 | 19:07
Updated-13 May, 2025 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Update Catalog Elevation of Privilege Vulnerability

Deserialization of untrusted data in Microsoft Update Catalog allows an unauthorized attacker to elevate privileges on the website’s webserver.

Action-Not Available
Vendor-Microsoft Corporation
Product-Microsoft Update Catalog
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2024-38024
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.2||HIGH
EPSS-14.44% / 94.17%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 17:02
Updated-05 May, 2025 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft SharePoint Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serverMicrosoft SharePoint Server 2019Microsoft SharePoint Enterprise Server 2016Microsoft SharePoint Server Subscription Edition
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2024-30044
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.2||HIGH
EPSS-47.34% / 97.61%
||
7 Day CHG~0.00%
Published-14 May, 2024 | 16:57
Updated-03 May, 2025 | 00:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft SharePoint Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serverMicrosoft SharePoint Enterprise Server 2016Microsoft SharePoint Server Subscription EditionMicrosoft SharePoint Server 2019
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2022-41958
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.3||HIGH
EPSS-0.21% / 44.05%
||
7 Day CHG~0.00%
Published-25 Nov, 2022 | 00:00
Updated-22 Apr, 2025 | 15:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Deserialization Vulnerability by yaml config input in super-xray

super-xray is a web vulnerability scanning tool. Versions prior to 0.7 assumed trusted input for the program config which is stored in a yaml file. An attacker with local access to the file could exploit this and compromise the program. This issue has been addressed in commit `4d0d5966` and will be included in future releases. Users are advised to upgrade. There are no known workarounds for this issue.

Action-Not Available
Vendor-super_xray_project4ra1n
Product-super_xraysuper-xray
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2020-12525
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-7.3||HIGH
EPSS-0.11% / 29.29%
||
7 Day CHG~0.00%
Published-22 Jan, 2021 | 19:01
Updated-16 Sep, 2024 | 23:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WAGO/M&M Software Deserialization of untrusted data in fdtCONTAINER component

M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage.

Action-Not Available
Vendor-weidmuellerwagoemersonpepperl-fuchsWeidmüllerM&M SoftwarePepperl+Fuchs/PACTware
Product-fdtcontainer_componentwi_managerfdtcontainer_applicationio-link_master_dr-8-pnio-tio-link_master_dr-8-eipio-link_master_dr-8-eip-tio-link_master_4-pnioio-link_master_firmwarepactwareio-link_master_4-eipio-link_master_8-eip-lrosemount_transmitter_interface_softwareio-link_master_dr-8-pnio-pio-link_master_dr-8-eip-pio-link_master_8-pnioio-link_master_8-eipdtminspector_3io-link_master_8-pnio-lio-link_master_dr-8-pnioWI ManagerPACTwarefdtCONTAINER ComponentfdtCONTAINER ApplicationdtmlINSPECTOR
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2019-6834
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-7.3||HIGH
EPSS-0.28% / 51.32%
||
7 Day CHG~0.00%
Published-28 Mar, 2022 | 16:25
Updated-04 Aug, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-502: Deserialization of Untrusted Data vulnerability exists which could allow an attacker to execute arbitrary code on the targeted system with SYSTEM privileges when placing a malicious user to be authenticated for this vulnerability to be successfully exploited. Affected Product: Schneider Electric Software Update (SESU) SUT Service component (V2.1.1 to V2.3.0)

Action-Not Available
Vendor-
Product-software_updateSoftware Update (SESU) – SUT Service component
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2023-32736
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7||HIGH
EPSS-0.21% / 43.07%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 12:49
Updated-14 Jan, 2025 | 11:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC S7-PLCSIM V16 (All versions), SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 Safety V16 (All versions), SIMATIC STEP 7 Safety V17 (All versions < V17 Update 8), SIMATIC STEP 7 Safety V18 (All versions < V18 Update 5), SIMATIC STEP 7 V16 (All versions), SIMATIC STEP 7 V17 (All versions < V17 Update 8), SIMATIC STEP 7 V18 (All versions < V18 Update 5), SIMATIC WinCC Unified V16 (All versions), SIMATIC WinCC Unified V17 (All versions < V17 Update 8), SIMATIC WinCC Unified V18 (All versions < V18 SP5), SIMATIC WinCC V16 (All versions), SIMATIC WinCC V17 (All versions < V17 Update 8), SIMATIC WinCC V18 (All versions < V18 SP5), SIMOCODE ES V16 (All versions), SIMOCODE ES V17 (All versions < V17 Update 8), SIMOCODE ES V18 (All versions), SIMOTION SCOUT TIA V5.4 SP1 (All versions), SIMOTION SCOUT TIA V5.4 SP3 (All versions), SIMOTION SCOUT TIA V5.5 SP1 (All versions), SINAMICS Startdrive V16 (All versions), SINAMICS Startdrive V17 (All versions), SINAMICS Startdrive V18 (All versions), SIRIUS Safety ES V17 (TIA Portal) (All versions < V17 Update 8), SIRIUS Safety ES V18 (TIA Portal) (All versions), SIRIUS Soft Starter ES V17 (TIA Portal) (All versions < V17 Update 8), SIRIUS Soft Starter ES V18 (TIA Portal) (All versions), TIA Portal Cloud V16 (All versions), TIA Portal Cloud V17 (All versions < V4.6.0.1), TIA Portal Cloud V18 (All versions < V4.6.1.0). Affected products do not properly sanitize user-controllable input when parsing user settings. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application.

Action-Not Available
Vendor-Siemens AG
Product-SIMATIC S7-PLCSIM V16SIMATIC WinCC Unified V18SIMATIC WinCC V18TIA Portal Cloud V17SINAMICS Startdrive V16SIMOTION SCOUT TIA V5.4 SP1SINAMICS Startdrive V17SIRIUS Soft Starter ES V18 (TIA Portal)SIMOCODE ES V16SIMATIC WinCC Unified V16SIMATIC STEP 7 V16SIMOCODE ES V17SIMATIC S7-PLCSIM V17SIMATIC STEP 7 V17SIMOCODE ES V18SIMATIC STEP 7 V18SIRIUS Safety ES V18 (TIA Portal)SIMATIC STEP 7 Safety V16SIMATIC STEP 7 Safety V17SIMOTION SCOUT TIA V5.4 SP3SIMATIC WinCC V17SIMATIC STEP 7 Safety V18SIRIUS Safety ES V17 (TIA Portal)SIMATIC WinCC Unified V17SIRIUS Soft Starter ES V17 (TIA Portal)SINAMICS Startdrive V18SIMOTION SCOUT TIA V5.5 SP1TIA Portal Cloud V16SIMATIC WinCC V16TIA Portal Cloud V18simatic_winccsimatic_wincc_unifiedsinamics_startdrivesimotion_scout_tiasimatic_step_7tia_portal_cloudsimatic_s7-plcsimsirius_safety_essimocode_es
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2021-40843
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.3||HIGH
EPSS-0.03% / 7.07%
||
7 Day CHG~0.00%
Published-13 Oct, 2021 | 17:10
Updated-04 Aug, 2024 | 02:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Proofpoint Insider Threat Management Server contains an unsafe deserialization vulnerability in the Web Console. An attacker with write access to the local database could cause arbitrary code to execute with SYSTEM privileges on the underlying server when a Web Console user triggers retrieval of that data. When chained with a SQL injection vulnerability, the vulnerability could be exploited remotely if Web Console users click a series of maliciously crafted URLs. All versions prior to 7.11.2 are affected.

Action-Not Available
Vendor-proofpointn/a
Product-insider_threat_management_servern/a
CWE ID-CWE-502
Deserialization of Untrusted Data
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found