|
|
|||
| Rule General Information |
|---|
| Release Date: | 2024-08-06 | |
| Rule Name: | Yonyou NC and U8cloud LoggingConfigServlet Deserialization Vulnerability | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Yonyou Network Technology Co., Ltd. is a leading provider of enterprise management software, ERP solutions, and cloud services in China, focusing on providing comprehensive information management services such as finance, human resources, and supply chain for enterprises in various industries. The Logging Config Servlet of UFIDA NC and U8cloud has a deserialization vulnerability, which can be exploited by attackers to execute arbitrary commands on the server. | |
| Impact: | An attacker can carefully construct malicious serialized data and pass it to the application, and execute the malicious code constructed by the attacker when the application deserializes the object. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | ||
| Solutions |
|---|
| Please contact the software vendor to update the software patch. |