Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Authenticated RCE due to unsafe JSON deserialization
Vulnerability Description
Unsafe deserialization of untrusted JSON allows execution of arbitrary code on affected releases of the Illumio PCE. Authentication to the API is required to exploit this vulnerability. The flaw exists within the network_traffic API endpoint. An attacker can leverage this vulnerability to execute code in the context of the PCE’s operating system user.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
可信数据的反序列化
Vulnerability Title
Illumio PCE 代码问题漏洞
Vulnerability Description
Illumio PCE是Illumio公司的一个计算引擎。 Illumio PCE 存在安全漏洞,该漏洞源于 network_traffic API 端点中存在不受信任的 JSON 的不安全反序列化,攻击者可以利用此漏洞在 PCE 操作系统用户的上下文中执行代码。
CVSS Information
N/A
Vulnerability Type
N/A