Vulnerabilities > CVE-2017-15703 - Deserialization of Untrusted Data vulnerability in Apache Nifi
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
SINGLE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Any authenticated user (valid client certificate but without ACL permissions) could upload a template which contained malicious code and caused a denial of service via Java deserialization attack. The fix to properly handle Java deserialization was applied on the Apache NiFi 1.4.0 release. Users running a prior 1.x release should upgrade to the appropriate release.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 25 |