Vulnerabilities > CVE-2020-12133 - Deserialization of Untrusted Data vulnerability in Farukawa Electric Consciousmap
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
The Apros Evolution, ConsciusMap, and Furukawa provisioning systems through 2.8.1 allow remote code execution because of javax.faces.ViewState Java deserialization.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Packetstorm
data source | https://packetstormsecurity.com/files/download/157383/ZSL-2020-5565.txt |
id | PACKETSTORM:157383 |
last seen | 2020-04-25 |
published | 2020-04-24 |
reporter | LiquidWorm |
source | https://packetstormsecurity.com/files/157383/Furukawa-Electric-ConsciusMAP-2.8.1-Java-Deserialization-Remote-Code-Execution.html |
title | Furukawa Electric ConsciusMAP 2.8.1 Java Deserialization Remote Code Execution |
Statements
contributor | Sergio Roberto Scarpin |
lastmodified | 2020-05-22 |
organization | Furukawa Electric |
statement | The vulnerability CVE-2020-12133 has been fixed at version 2.8.5.4 released May,18th 2020. Customers are advised to update to the latest version, or contact your integrator’s Technical Support if needed. |
References
- http://packetstormsecurity.com/files/157383/Furukawa-Electric-ConsciusMAP-2.8.1-Java-Deserialization-Remote-Code-Execution.html
- https://www.furukawa.co.jp
- https://www.tecnoredsa.com.ar
- http://packetstormsecurity.com/files/157383/Furukawa-Electric-ConsciusMAP-2.8.1-Java-Deserialization-Remote-Code-Execution.html
- https://www.tecnoredsa.com.ar
- https://www.furukawa.co.jp