Security Advisory

CVE-2022-35857

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-07-13 21:22:31

Last updated 2024-08-03 09:44:22

Assigner mitre

State PUBLISHED

Description

kvf-admin through 2022-02-12 allows remote attackers to execute arbitrary code because deserialization is mishandled. The rememberMe parameter is encrypted with a hardcoded key from the com.kalvin.kvf.common.shiro.ShiroConfig file.

← Browse all CVEs View on cve.org ↗