Vulnerabilities > CVE-2017-14702 - Deserialization of Untrusted Data vulnerability in Branaghgroup ERS Data System 1.8.1.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
ERS Data System 1.8.1.0 allows remote attackers to execute arbitrary code, related to "com.branaghgroup.ecers.update.UpdateRequest" object deserialization.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
Exploit-Db
description | ERS Data System 1.8.1 - Java Deserialization. CVE-2017-14702. Remote exploit for Windows platform |
file | exploits/windows/remote/42952.py |
id | EDB-ID:42952 |
last seen | 2017-10-04 |
modified | 2017-09-21 |
platform | windows |
port | |
published | 2017-09-21 |
reporter | Exploit-DB |
source | https://www.exploit-db.com/download/42952/ |
title | ERS Data System 1.8.1 - Java Deserialization |
type | remote |
Packetstorm
data source | https://packetstormsecurity.com/files/download/144500/ersdatasystem-deserialize.txt |
id | PACKETSTORM:144500 |
last seen | 2017-10-06 |
published | 2017-10-03 |
reporter | West Shepherd |
source | https://packetstormsecurity.com/files/144500/ERS-Data-System-1.8.1-Java-Deserialization.html |
title | ERS Data System 1.8.1 Java Deserialization |