Vulnerabilities > Exadel

DATE	CVE	VULNERABILITY TITLE	RISK
2018-06-11	CVE-2017-3206	XXE vulnerability in Exadel Flamingo 2.2.0 The Java implementation of AMF3 deserializers used by Flamingo amf-serializer by Exadel, version 2.2.0, allows external entity references (XXEs) from XML documents embedded within AMF3 messages. network low complexity exadel CWE-611 critical	9.8
2018-06-11	CVE-2017-3202	Deserialization of Untrusted Data vulnerability in Exadel Flamingo 2.2.0 The Java implementation of AMF3 deserializers used in Flamingo amf-serializer by Exadel, version 2.2.0, may allow instantiation of arbitrary classes via their public parameter-less constructor and subsequently call arbitrary Java Beans setter methods. network low complexity exadel CWE-502 critical	9.8
2018-06-11	CVE-2017-3201	Deserialization of Untrusted Data vulnerability in Exadel Flamingo Amf-Serializer 2.2.0 The Java implementation of AMF3 deserializers used in Flamingo amf-serializer by Exadel, version 2.2.0 derives class instances from java.io.Externalizable rather than the AMF3 specification's recommendation of flash.utils.IExternalizable. network high complexity exadel CWE-502	8.1

Vulnerabilities > Exadel {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Exadel"}]}