| Description: | | Fanruan Software Company is a company specializing in the research and development of report software products. The channel interface of FineReport before 11.0 and FineBI before 5.1 has a deserialization vulnerability, which accepts serialized data and deserializes it. Attackers can use the POST method to send malicious packets to the channel interface, triggering deserialization operations and enabling arbitrary code execution. The vulnerability exists in the version earlier than the previous version, and the rule may have false positives. You need to investigate and determine the rule based on the asset status and version information. |