Vulnerabilities > CVE-2019-16112 - Deserialization of Untrusted Data vulnerability in Tylertech Eagle 2018.3.11

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

tylertech

CWE-502

NVD

Published: 2020-05-13

Updated: 2020-05-15

Summary

TylerTech Eagle 2018.3.11 deserializes untrusted user input, resulting in remote code execution via a crafted Java object to the recorder/ServiceManager?service=tyler.empire.settings.SettingManager URI.

Vulnerable Configurations

Part	Description	Count
Application	Tylertech Tylertech Eagle 2018.3.11	1

Common Weakness Enumeration (CWE)

CWE-502 - Deserialization of Untrusted Data

References

https://www.exploit-db.com/exploits/48462