|
|
|||
| Rule General Information |
|---|
| Release Date: | 2024-09-24 | |
| Rule Name: | Yonyou NC-Cloud blobRefClassSearch Deserialization Vulnerability | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Yonyou NC-Cloud is an Enterprise Resource Planning (ERP) system developed by Yonyou. Its blobRefClassSearch endpoint has an deserialization vulnerability. Unauthorized attacker could execute arbitrary code on the remote server by exploiting the vulnerability. | |
| Impact: | An attacker can carefully construct malicious serialized data and pass it to the application, and execute the malicious code constructed by the attacker when the application deserializes the object. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | ||
| Solutions |
|---|
| Please contact the software vendor to update the software patch. |