Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-21762

Summary
Assigner-microsoft
Assigner Org ID-f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At-10 Jan, 2023 | 00:00
Updated At-28 Feb, 2025 | 21:14
Rejected At-
Credits

Microsoft Exchange Server Spoofing Vulnerability

Microsoft Exchange Server Spoofing Vulnerability

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:microsoft
Assigner Org ID:f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At:10 Jan, 2023 | 00:00
Updated At:28 Feb, 2025 | 21:14
Rejected At:
▼CVE Numbering Authority (CNA)
Microsoft Exchange Server Spoofing Vulnerability

Microsoft Exchange Server Spoofing Vulnerability

Affected Products
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft Exchange Server 2016 Cumulative Update 23
Platforms
  • x64-based Systems
Versions
Affected
  • From 15.01.0 before 15.01.2507.017 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft Exchange Server 2019 Cumulative Update 12
Platforms
  • x64-based Systems
Versions
Affected
  • From 15.02.0 before 15.02.1118.021 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft Exchange Server 2019 Cumulative Update 11
Platforms
  • x64-based Systems
Versions
Affected
  • From 15.02.0 before 15.02.0986.037 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft Exchange Server 2013 Cumulative Update 23
Platforms
  • x64-based Systems
Versions
Affected
  • From 15.00.0 before 15.00.1497.045 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-502CWE-502: Deserialization of Untrusted Data
Type: CWE
CWE ID: CWE-502
Description: CWE-502: Deserialization of Untrusted Data
Metrics
VersionBase scoreBase severityVector
3.18.0HIGH
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Version: 3.1
Base score: 8.0
Base severity: HIGH
Vector:
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21762
vendor-advisory
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21762
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21762
vendor-advisory
x_transferred
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21762
Resource:
vendor-advisory
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secure@microsoft.com
Published At:10 Jan, 2023 | 22:15
Updated At:29 May, 2024 | 03:15

Microsoft Exchange Server Spoofing Vulnerability

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.0HIGH
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 8.0
Base severity: HIGH
Vector:
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Microsoft Corporation
microsoft
>>exchange_server>>2013
cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>exchange_server>>2016
cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_23:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>exchange_server>>2019
cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_11:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>exchange_server>>2019
cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_12:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE-502Secondarysecure@microsoft.com
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-502
Type: Secondary
Source: secure@microsoft.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21762secure@microsoft.com
N/A
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21762
Source: secure@microsoft.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

105Records found
CVE-2018-20732
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-4.28% / 88.38%
||
7 Day CHG~0.00%
Published-17 Jan, 2019 | 01:00
Updated-05 Aug, 2024 | 12:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAS Web Infrastructure Platform before 9.4M6 allows remote attackers to execute arbitrary code via a Java deserialization variant.

Action-Not Available
Vendor-sasn/aHewlett Packard Enterprise (HPE)Oracle CorporationMicrosoft CorporationIBM CorporationLinux Kernel Organization, Inc
Product-hp-ux_ipfiltersolarislinux_kernelwindowsaixweb_infrastructure_platformn/a
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2023-21706
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.69% / 70.86%
||
7 Day CHG~0.00%
Published-14 Feb, 2023 | 19:32
Updated-01 Jan, 2025 | 00:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Exchange Server Remote Code Execution Vulnerability

Microsoft Exchange Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_serverMicrosoft Exchange Server 2019 Cumulative Update 12Microsoft Exchange Server 2016 Cumulative Update 23Microsoft Exchange Server 2013 Cumulative Update 23Microsoft Exchange Server 2019 Cumulative Update 11
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2023-21703
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.24% / 46.33%
||
7 Day CHG~0.00%
Published-14 Feb, 2023 | 19:33
Updated-01 Jan, 2025 | 00:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Data Box Gateway Remote Code Execution Vulnerability

Azure Data Box Gateway Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_stack_edgeazure_data_box_gatewayAzure Data Box GatewayAzure Stack Edge
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2023-21744
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-2.25% / 83.91%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 00:00
Updated-28 Feb, 2025 | 21:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft SharePoint Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_foundationMicrosoft SharePoint Server 2019Microsoft SharePoint Server Subscription EditionMicrosoft SharePoint Foundation 2013 Service Pack 1Microsoft SharePoint Enterprise Server 2013 Service Pack 1Microsoft SharePoint Enterprise Server 2016
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2019-1373
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-9.8||CRITICAL
EPSS-12.50% / 93.66%
||
7 Day CHG~0.00%
Published-12 Nov, 2019 | 18:52
Updated-04 Aug, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in Microsoft Exchange through the deserialization of metadata via PowerShell, aka 'Microsoft Exchange Remote Code Execution Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_serverMicrosoft Exchange Server 2016Microsoft Exchange Server 2019 Cumulative Update 3Microsoft Exchange Server 2019Microsoft Exchange Server 2013Microsoft Exchange Server 2016 Cumulative Update 14
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2023-21707
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-66.17% / 98.46%
||
7 Day CHG~0.00%
Published-14 Feb, 2023 | 19:32
Updated-28 Feb, 2025 | 21:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Exchange Server Remote Code Execution Vulnerability

Microsoft Exchange Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_serverMicrosoft Exchange Server 2016 Cumulative Update 23Microsoft Exchange Server 2013 Cumulative Update 23Microsoft Exchange Server 2019 Cumulative Update 11Microsoft Exchange Server 2019 Cumulative Update 12
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2023-21713
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.43% / 61.95%
||
7 Day CHG~0.00%
Published-14 Feb, 2023 | 19:33
Updated-01 Jan, 2025 | 00:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SQL Server Remote Code Execution Vulnerability

Microsoft SQL Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sql_serverMicrosoft SQL Server 2016 Service Pack 3 (GDR)Microsoft SQL Server 2019 (GDR)Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature PackMicrosoft SQL Server 2012 for x64-based Systems Service Pack 4 (QFE)Microsoft SQL Server 2012 Service Pack 4 (QFE)Microsoft SQL Server 2017 (GDR)Microsoft SQL Server 2014 Service Pack 3 (GDR)Microsoft SQL Server 2019 (CU 18)Microsoft SQL Server 2014 Service Pack 3 (CU 4)Microsoft SQL Server 2017 (CU 31)Microsoft SQL Server 2022 (GDR)
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2023-21779
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.27% / 50.15%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 00:00
Updated-01 Jan, 2025 | 00:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Visual Studio Code Remote Code Execution Vulnerability

Visual Studio Code Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-visual_studio_codeVisual Studio Code
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2023-21568
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.3||HIGH
EPSS-0.13% / 33.56%
||
7 Day CHG~0.00%
Published-14 Feb, 2023 | 19:32
Updated-01 Jan, 2025 | 00:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SQL Server Integration Service (VS extension) Remote Code Execution Vulnerability

Microsoft SQL Server Integration Service (VS extension) Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sql_server_2019_integration_servicessql_server_2022_integration_servicesSQL Server Integration Services for Visual Studio 2022SQL Server Integration Services for Visual Studio 2019
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2023-21538
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-0.65% / 69.99%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 00:00
Updated-01 Jan, 2025 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
.NET Denial of Service Vulnerability

.NET Denial of Service Vulnerability

Action-Not Available
Vendor-Fedora ProjectMicrosoft Corporation
Product-.netfedorapowershellPowerShell 7.2.NET 6.0
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2022-47986
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-9.8||CRITICAL
EPSS-94.34% / 99.95%
||
7 Day CHG~0.00%
Published-17 Feb, 2023 | 15:46
Updated-30 Jul, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-03-14||Apply updates per vendor instructions.
IBM Aspera Faspex code execution

IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. The obsolete API call was removed in Faspex 4.4.2 PL2. IBM X-Force ID: 243512.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-windowslinux_kernelaspera_faspexAspera FaspexAspera Faspex
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2023-0925
Matching Score-6
Assigner-CERT/CC
ShareView Details
Matching Score-6
Assigner-CERT/CC
CVSS Score-9.8||CRITICAL
EPSS-0.27% / 50.11%
||
7 Day CHG~0.00%
Published-06 Sep, 2023 | 17:27
Updated-26 Sep, 2024 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Software AG webMethods OneData Deserialization Vulnerability

Version 10.11 of webMethods OneData runs an embedded instance of Azul Zulu Java 11.0.15 which hosts a Java RMI registry (listening on TCP port 2099 by default) and two RMI interfaces (listening on a single, dynamically assigned TCP high port). Port 2099 serves as a Java Remote Method Invocation (RMI) registry which allows for remotely loading and processing data via RMI interfaces. An unauthenticated attacker with network connectivity to the RMI registry and RMI interface ports can abuse this functionality to instruct the webMethods OneData application to load a malicious serialized Java object as a parameter to one of the available Java methods presented by the RMI interface. Once deserialized on the vulnerable server, the malicious code runs as whichever operating system account is used to run the software, which in most cases is the local System account on Windows.

Action-Not Available
Vendor-softwareagSoftware AGazulsoftwareagMicrosoft Corporation
Product-windowswebmethodswebMethods OneDatazuluwebmethods
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-47732
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.7||HIGH
EPSS-0.26% / 49.29%
||
7 Day CHG~0.00%
Published-08 May, 2025 | 22:17
Updated-15 Jul, 2025 | 01:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Dataverse Remote Code Execution Vulnerability

Microsoft Dataverse Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-dataverseMicrosoft Dataverse
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-47994
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.15% / 36.28%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 16:57
Updated-23 Aug, 2025 | 00:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office Elevation of Privilege Vulnerability

Deserialization of untrusted data in Microsoft Office allows an unauthorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-365_appsofficesharepoint_enterprise_serveroffice_long_term_servicing_channelMicrosoft Office LTSC 2024Microsoft 365 Apps for EnterpriseMicrosoft Office 2019Microsoft Office LTSC 2021Microsoft Office 2016
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-47163
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-1.88% / 82.41%
||
7 Day CHG~0.00%
Published-10 Jun, 2025 | 17:02
Updated-11 Jul, 2025 | 16:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Remote Code Execution Vulnerability

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_enterprise_serverMicrosoft SharePoint Enterprise Server 2016Microsoft SharePoint Server 2019Microsoft SharePoint Server Subscription Edition
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-47166
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-3.47% / 87.09%
||
7 Day CHG~0.00%
Published-10 Jun, 2025 | 17:02
Updated-11 Jul, 2025 | 16:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Remote Code Execution Vulnerability

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_enterprise_serverMicrosoft SharePoint Enterprise Server 2016Microsoft SharePoint Server 2019Microsoft SharePoint Server Subscription Edition
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2018-10513
Matching Score-6
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-6
Assigner-Trend Micro, Inc.
CVSS Score-7.8||HIGH
EPSS-0.08% / 24.26%
||
7 Day CHG~0.00%
Published-30 Aug, 2018 | 19:00
Updated-05 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Deserialization of Untrusted Data Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability.

Action-Not Available
Vendor-Microsoft CorporationTrend Micro Incorporated
Product-premium_securityinternet_securityantivirus_\+_securitywindowsmaximum_securityTrend Micro Security (Consumer)
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2018-0824
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-85.45% / 99.32%
||
7 Day CHG~0.00%
Published-09 May, 2018 | 19:00
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2024-08-26||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka "Microsoft COM for Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_1803windows_server_2012windows_10_1803windows_10_1709windows_server_2008windows_rt_8.1windows_server_1709windows_server_2016windows_7windows_10_1607windows_8.1windows_10_1507windows_10_1703n/awindows_server_2012windows_10windows_rt_8.1windows_7windows_8.1windows_server_2016windows_server_2008Windows
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-36038
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-9||CRITICAL
EPSS-0.19% / 40.66%
||
7 Day CHG~0.00%
Published-25 Jun, 2025 | 20:38
Updated-26 Aug, 2025 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM WebSphere Application Server code execution

IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects.

Action-Not Available
Vendor-IBM CorporationHP Inc.Microsoft CorporationLinux Kernel Organization, IncOracle Corporation
Product-linux_kernelwindowswebsphere_application_serveraixsolarishp-uxiz\/osWebSphere Application Server
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2018-8349
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-13.15% / 93.86%
||
7 Day CHG~0.00%
Published-15 Aug, 2018 | 17:00
Updated-05 Aug, 2024 | 06:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka "Microsoft COM for Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2008Windows Server 2008 R2Windows 10 ServersWindows Server 2012 R2Windows Server 2016Windows 10Windows Server 2012Windows 8.1Windows 7Windows RT 8.1Windows Server 2008
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-30382
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.32% / 54.74%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 16:58
Updated-15 Jul, 2025 | 01:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Remote Code Execution Vulnerability

Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serverMicrosoft SharePoint Server 2019Microsoft SharePoint Server Subscription EditionMicrosoft SharePoint Enterprise Server 2016
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-30384
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.4||HIGH
EPSS-0.70% / 71.14%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 16:58
Updated-15 Jul, 2025 | 01:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Remote Code Execution Vulnerability

Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serverMicrosoft SharePoint Server 2019Microsoft SharePoint Server Subscription EditionMicrosoft SharePoint Enterprise Server 2016
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-29807
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.7||HIGH
EPSS-0.75% / 72.10%
||
7 Day CHG~0.00%
Published-21 Mar, 2025 | 00:29
Updated-03 Jul, 2025 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Dataverse Remote Code Execution Vulnerability

Deserialization of untrusted data in Microsoft Dataverse allows an authorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-dataverseMicrosoft Dataverse
CWE ID-CWE-502
Deserialization of Untrusted Data
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-30378
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.30% / 52.57%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 16:58
Updated-15 Jul, 2025 | 01:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Remote Code Execution Vulnerability

Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serverMicrosoft SharePoint Server 2019Microsoft SharePoint Server Subscription EditionMicrosoft SharePoint Enterprise Server 2016
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-29793
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.2||HIGH
EPSS-3.42% / 86.97%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 17:23
Updated-09 Jul, 2025 | 16:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Remote Code Execution Vulnerability

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_enterprise_serverMicrosoft SharePoint Server Subscription EditionMicrosoft SharePoint Enterprise Server 2016Microsoft SharePoint Server 2019
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-27203
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-9.6||CRITICAL
EPSS-4.70% / 88.93%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 21:25
Updated-18 Jul, 2025 | 14:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Connect | Deserialization of Untrusted Data (CWE-502)

Adobe Connect versions 24.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could lead to arbitrary code execution by an attacker. Exploitation of this issue does require user interaction and scope is changed.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.
Product-connectwindowsAdobe Connect
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2020-0618
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-94.25% / 99.92%
||
7 Day CHG~0.00%
Published-11 Feb, 2020 | 21:22
Updated-30 Jul, 2025 | 01:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2024-10-09||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests, aka 'Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-sql_serverMicrosoft SQL Server 2014 Service Pack 3 for 32-bit Systems (GDR)Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (CU)Microsoft SQL ServerMicrosoft SQL Server 2016 for x64-based Systems Service Pack 2 (GDR)Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (CU)Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (GDR)SQL Server
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2022-26503
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-3.75% / 87.56%
||
7 Day CHG+0.42%
Published-17 Mar, 2022 | 16:11
Updated-03 Aug, 2024 | 05:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Deserialization of untrusted data in Veeam Agent for Windows 2.0, 2.1, 2.2, 3.0.2, 4.x, and 5.x allows local users to run arbitrary code with local system privileges.

Action-Not Available
Vendor-n/aMicrosoft CorporationVeeam Software Group GmbH
Product-windowsveeamn/a
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2020-7811
Matching Score-6
Assigner-KrCERT/CC
ShareView Details
Matching Score-6
Assigner-KrCERT/CC
CVSS Score-6.2||MEDIUM
EPSS-0.04% / 12.13%
||
7 Day CHG~0.00%
Published-12 Oct, 2020 | 13:16
Updated-04 Aug, 2024 | 09:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Samsung Update Local Privilege Escalation Vulnerability

Samsung Update 3.0.2.0 ~ 3.0.32.0 has a vulnerability that allows privilege escalation as commands crafted by attacker are executed while the engine deserializes the data received during inter-process communication

Action-Not Available
Vendor-Samsung ElectronicsSamsungMicrosoft Corporation
Product-windowsupdate Samsung Update
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2020-17144
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.4||HIGH
EPSS-92.76% / 99.75%
||
7 Day CHG+0.04%
Published-09 Dec, 2020 | 23:36
Updated-30 Jul, 2025 | 01:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-03||Apply updates per vendor instructions.
Microsoft Exchange Remote Code Execution Vulnerability

Microsoft Exchange Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_serverMicrosoft Exchange Server 2010 Service Pack 3 Update Rollup 31Exchange Server
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2022-22005
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-8.25% / 91.87%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 16:36
Updated-02 Jan, 2025 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft SharePoint Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_foundationsharepoint_enterprise_serverMicrosoft SharePoint Server 2019Microsoft SharePoint Enterprise Server 2016Microsoft SharePoint Server Subscription EditionMicrosoft SharePoint Enterprise Server 2013 Service Pack 1
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2020-5741
Matching Score-6
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-6
Assigner-Tenable Network Security, Inc.
CVSS Score-7.2||HIGH
EPSS-45.57% / 97.52%
||
7 Day CHG~0.00%
Published-08 May, 2020 | 12:02
Updated-30 Jul, 2025 | 01:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-03-31||Apply updates per vendor instructions.

Deserialization of Untrusted Data in Plex Media Server on Windows allows a remote, authenticated attacker to execute arbitrary Python code.

Action-Not Available
Vendor-plexn/aPlexMicrosoft Corporation
Product-media_serverwindowsPlex Media Server (Windows)Media Server
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-21364
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.55% / 66.78%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:04
Updated-01 Jul, 2025 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Excel Security Feature Bypass Vulnerability

Microsoft Excel Security Feature Bypass Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-365_appsoffice_long_term_servicing_channelMicrosoft 365 Apps for EnterpriseMicrosoft Office LTSC 2024
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2020-1439
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-24.60% / 95.91%
||
7 Day CHG~0.00%
Published-14 Jul, 2020 | 22:54
Updated-04 Aug, 2024 | 06:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in PerformancePoint Services for SharePoint Server when the software fails to check the source markup of XML file input, aka 'PerformancePoint Services Remote Code Execution Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_foundationsharepoint_enterprise_serverMicrosoft SharePoint ServerMicrosoft SharePoint Enterprise ServerMicrosoft SharePoint Foundation
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2023-21710
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.2||HIGH
EPSS-0.77% / 72.48%
||
7 Day CHG+0.07%
Published-14 Feb, 2023 | 19:33
Updated-28 Feb, 2025 | 21:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Exchange Server Remote Code Execution Vulnerability

Microsoft Exchange Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_serverMicrosoft Exchange Server 2016 Cumulative Update 23Microsoft Exchange Server 2019 Cumulative Update 11Microsoft Exchange Server 2019 Cumulative Update 12
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2023-21529
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-14.58% / 94.20%
||
7 Day CHG~0.00%
Published-14 Feb, 2023 | 19:33
Updated-01 Jan, 2025 | 00:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Exchange Server Remote Code Execution Vulnerability

Microsoft Exchange Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_serverMicrosoft Exchange Server 2019 Cumulative Update 12Microsoft Exchange Server 2016 Cumulative Update 23Microsoft Exchange Server 2013 Cumulative Update 23Microsoft Exchange Server 2019 Cumulative Update 11
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2023-32336
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-0.19% / 41.39%
||
7 Day CHG~0.00%
Published-22 May, 2023 | 00:57
Updated-27 Jan, 2025 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM InfoSphere Information Server code execution

IBM InfoSphere Information Server 11.7 is affected by a remote code execution vulnerability due to insecure deserialization in an RMI service. IBM X-Force ID: 255285.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-aixwindowsinfosphere_information_serverlinux_kernelInfoSphere Information Server
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2023-38181
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-24.77% / 95.93%
||
7 Day CHG-34.71%
Published-08 Aug, 2023 | 17:08
Updated-27 Feb, 2025 | 21:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Exchange Server Spoofing Vulnerability

Microsoft Exchange Server Spoofing Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_serverMicrosoft Exchange Server 2016 Cumulative Update 23Microsoft Exchange Server 2019 Cumulative Update 13Microsoft Exchange Server 2019 Cumulative Update 12
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2023-36777
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-5.7||MEDIUM
EPSS-2.25% / 83.92%
||
7 Day CHG~0.00%
Published-12 Sep, 2023 | 16:58
Updated-27 Feb, 2025 | 20:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Exchange Server Information Disclosure Vulnerability

Microsoft Exchange Server Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_serverMicrosoft Exchange Server 2016 Cumulative Update 23Microsoft Exchange Server 2019 Cumulative Update 13Microsoft Exchange Server 2019 Cumulative Update 12
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2023-35317
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.10% / 28.44%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 17:02
Updated-01 Jan, 2025 | 01:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability

Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_server_2016windows_server_2019windows_server_2022Windows Server 2022Windows Server 2019 (Server Core installation)Windows Server 2012 R2Windows Server 2016 (Server Core installation)Windows Server 2012Windows Server 2012 (Server Core installation)Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows Server 2016
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2023-33160
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-7.12% / 91.17%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 17:03
Updated-28 Feb, 2025 | 21:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft SharePoint Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serverMicrosoft SharePoint Server 2019Microsoft SharePoint Enterprise Server 2016Microsoft SharePoint Server Subscription Edition
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2024-49147
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-9.3||CRITICAL
EPSS-1.14% / 77.49%
||
7 Day CHG~0.00%
Published-12 Dec, 2024 | 19:07
Updated-13 May, 2025 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Update Catalog Elevation of Privilege Vulnerability

Deserialization of untrusted data in Microsoft Update Catalog allows an unauthorized attacker to elevate privileges on the website’s webserver.

Action-Not Available
Vendor-Microsoft Corporation
Product-Microsoft Update Catalog
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2024-45733
Matching Score-6
Assigner-Splunk Inc.
ShareView Details
Matching Score-6
Assigner-Splunk Inc.
CVSS Score-8.8||HIGH
EPSS-0.83% / 73.53%
||
7 Day CHG~0.00%
Published-14 Oct, 2024 | 17:03
Updated-28 Feb, 2025 | 11:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Code Execution (RCE) due to insecure session storage configuration in Splunk Enterprise on Windows

In Splunk Enterprise for Windows versions below 9.2.3 and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could perform a Remote Code Execution (RCE) due to an insecure session storage configuration.

Action-Not Available
Vendor-Splunk LLC (Cisco Systems, Inc.)Microsoft Corporation
Product-windowssplunkSplunk Enterprisesplunk_enterprise
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2021-23338
Matching Score-6
Assigner-Snyk
ShareView Details
Matching Score-6
Assigner-Snyk
CVSS Score-6.6||MEDIUM
EPSS-5.10% / 89.43%
||
7 Day CHG~0.00%
Published-15 Feb, 2021 | 15:50
Updated-16 Sep, 2024 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Deserialization of Untrusted Data

This affects all versions of package qlib. The workflow function in cli part of qlib was using an unsafe YAML load function.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-qlibqlib
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2024-38024
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.2||HIGH
EPSS-14.44% / 94.17%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 17:02
Updated-05 May, 2025 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft SharePoint Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serverMicrosoft SharePoint Server 2019Microsoft SharePoint Enterprise Server 2016Microsoft SharePoint Server Subscription Edition
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2024-30044
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.2||HIGH
EPSS-47.34% / 97.61%
||
7 Day CHG~0.00%
Published-14 May, 2024 | 16:57
Updated-03 May, 2025 | 00:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft SharePoint Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serverMicrosoft SharePoint Enterprise Server 2016Microsoft SharePoint Server Subscription EditionMicrosoft SharePoint Server 2019
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2024-45772
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-5.1||MEDIUM
EPSS-0.06% / 18.85%
||
7 Day CHG~0.00%
Published-30 Sep, 2024 | 08:51
Updated-15 May, 2025 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Lucene Replicator: Security Vulnerability in Lucene Replicator - Deserialization Issue

Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator. This issue affects Apache Lucene's replicator module: from 4.4.0 before 9.12.0. The deprecated org.apache.lucene.replicator.http package is affected. The org.apache.lucene.replicator.nrt package is not affected. Users are recommended to upgrade to version 9.12.0, which fixes the issue. The deserialization can only be triggered if users actively deploy an network-accessible implementation and a corresponding client using a HTTP library that uses the API (e.g., a custom servlet and HTTPClient). Java serialization filters (such as -Djdk.serialFilter='!*' on the commandline) can mitigate the issue on vulnerable versions without impacting functionality.

Action-Not Available
Vendor-The Apache Software Foundation
Product-lucene_replicatorApache Lucene Replicator
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2024-43383
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-8||HIGH
EPSS-1.94% / 82.65%
||
7 Day CHG+0.10%
Published-31 Oct, 2024 | 09:57
Updated-11 Feb, 2025 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Lucene.Net.Replicator: Remote Code Execution in Lucene.Net.Replicator

Deserialization of Untrusted Data vulnerability in Apache Lucene.Net.Replicator. This issue affects Apache Lucene.NET's Replicator library: from 4.8.0-beta00005 through 4.8.0-beta00016. An attacker that can intercept traffic between a replication client and server, or control the target replication node URL, can provide a specially-crafted JSON response that is deserialized as an attacker-provided exception type. This can result in remote code execution or other potential unauthorized access. Users are recommended to upgrade to version 4.8.0-beta00017, which fixes the issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-lucene.netApache Lucene.Net.Replicatorlucene
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2021-23895
Matching Score-4
Assigner-Trellix
ShareView Details
Matching Score-4
Assigner-Trellix
CVSS Score-9||CRITICAL
EPSS-1.41% / 79.68%
||
7 Day CHG~0.00%
Published-02 Jun, 2021 | 13:05
Updated-03 Aug, 2024 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authorized deserialization of untrusted data in McAfee DBSec

Deserialization of untrusted data vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote authenticated attacker to create a reverse shell with administrator privileges on the DBSec server via carefully constructed Java serialized object sent to the DBSec server.

Action-Not Available
Vendor-McAfee, LLC
Product-database_securityMcAfee Database Security (DBSec)
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2023-35180
Matching Score-4
Assigner-SolarWinds
ShareView Details
Matching Score-4
Assigner-SolarWinds
CVSS Score-8||HIGH
EPSS-49.13% / 97.70%
||
7 Day CHG~0.00%
Published-19 Oct, 2023 | 14:23
Updated-12 Sep, 2024 | 20:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SolarWinds Access Rights Manager Deserialization of Untrusted Data Remote Code Execution Vulnerability

The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows authenticated users to abuse SolarWinds ARM API.

Action-Not Available
Vendor-SolarWinds Worldwide, LLC.
Product-access_rights_managerAccess Rights Manageraccess_rights_manager
CWE ID-CWE-502
Deserialization of Untrusted Data
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found