RULE(RULE ID:337935)

Rule General Information
Release Date: 2024-04-16
Rule Name: Yonyou Chanjet T+ Ufida.T.DI.UIP.RRA.RRATableController Deserialization Vulnerability
Severity:
CVE ID:
Rule Protection Details
Description: Yonyou Chanjet T+is a comprehensive enterprise management software that covers multiple fields such as finance, supply chain, production and manufacturing, helping enterprises achieve information management and business process optimization. Chanjet T+'s /tplus/ajaxpro/Ufida.T.DI.UIP.RRA.RRATableController,Ufida.T.DI.UIP.ashx interface has a deserialization vulnerability, allowing unauthorized attackers to execute arbitrary commands on the target server by constructing malicious deserialization requests.
Impact: An attacker can carefully construct malicious serialized data and pass it to the application, and execute the malicious code constructed by the attacker when the application deserializes the object.
Affected OS: Windows, Linux, Others
Reference:
Solutions
Please contact the software vendor to update the software patch.