zmops ArgusDBM AviatorScript CalculateAlarm.java getDefaultClassLoader deserialization

A vulnerability was found in zmops ArgusDBM up to 0.1.0. It has been classified as critical. Affected is the function getDefaultClassLoader of the file CalculateAlarm.java of the component AviatorScript Handler. The manipulation leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-271050 is the identifier assigned to this vulnerability.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

可信数据的反序列化

ArgusDBM 代码问题漏洞

ArgusDBM是纵目科技（Zmops）开源的一个 Argus 开源数据库一体化监控平台。 ArgusDBM 0.1.0之前版本存在代码问题漏洞，该漏洞源于文件CalculateAlarm.java的getDefaultClassLoader函数会导致反序列化。

N/A

N/A