CVE-2023-4528 Information

Description

Unsafe deserialization in JSCAPE MFT Server versions prior to 2023.1.9 (Windows Linux and MacOS) permits an attacker to run arbitrary Java code (including OS commands) via its management interface

Reference

https://www.jscape.com/blog/binary-management-service-patch-cve-2023-4528 https://www.rapid7.com/blog/post/2023/09/07/cve-2023-4528-java-deserialization-vulnerability-in-jscape-mft-fixed/