Vulnerabilities > Exadel > Flamingo > 2.2.0

DATE CVE VULNERABILITY TITLE RISK
2018-06-11 CVE-2017-3206 XXE vulnerability in Exadel Flamingo 2.2.0
The Java implementation of AMF3 deserializers used by Flamingo amf-serializer by Exadel, version 2.2.0, allows external entity references (XXEs) from XML documents embedded within AMF3 messages.
network
low complexity
exadel CWE-611
critical
 9.8
9.8
2018-06-11 CVE-2017-3202 Deserialization of Untrusted Data vulnerability in Exadel Flamingo 2.2.0
The Java implementation of AMF3 deserializers used in Flamingo amf-serializer by Exadel, version 2.2.0, may allow instantiation of arbitrary classes via their public parameter-less constructor and subsequently call arbitrary Java Beans setter methods.
network
low complexity
exadel CWE-502
critical
 9.8
9.8