Security Advisory

CVE-2013-4521

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-02-06 15:43:41

Last updated 2024-08-06 16:45:14

Assigner redhat

State PUBLISHED

Description

RichFaces implementation in Nuxeo Platform 5.6.0 before HF27 and 5.8.0 before HF-01 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data. NOTE: this vulnerability may overlap CVE-2013-2165.

← Browse all CVEs View on cve.org ↗