Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In SmartBear Collaborator Server through 13.3.13302, use of the Google Web Toolkit (GWT) API introduces a post-authentication Java deserialization vulnerability. The application's UpdateMemento class accepts a serialized Java object directly from the user without properly sanitizing it. A malicious object can be submitted to the server via an authenticated attacker to execute commands on the underlying system.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
N/A
Vulnerability Title
Smartbear Collaborator Server 操作系统命令注入漏洞
Vulnerability Description
Smartbear Collaborator Server是美国Smartbear公司的一款用于代码审计和文档审查的软件。 SmartBear Collaborator Server through 13.3.13302 存在安全漏洞,经过身份验证的攻击者可利用该漏洞提交给服务器一个序列化的Java对象,以便在底层系统上执行命令。
CVSS Information
N/A
Vulnerability Type
N/A