Lucene search
PRIOn knowledge basePRION:CVE-2022-28684HistoryAug 03, 2022 - 4:15 p.m.
Deserialization of untrusted data
2022-08-0316:15:00
PRIOn knowledge base
www.prio-n.com
9
vulnerability
code execution
devexpress
safebinaryformatter
deserialization
untrusted data
zdi-can-16710
0.022 Low
EPSS
Percentile
89.5%
This vulnerability allows remote attackers to execute arbitrary code on affected installations of DevExpress. Authentication is required to exploit this vulnerability. The specific flaw exists within the SafeBinaryFormatter library. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-16710.
| CPE | Name | Operator | Version |
|---|---|---|---|
| devexpress | ge | 21.2.0 | |
| devexpress | lt | 21.2.7 | |
| devexpress | ge | 21.1.0 | |
| devexpress | lt | 21.1.9 | |
| devexpress | ge | 20.2.0 | |
| devexpress | lt | 20.2.11 | |
| devexpress | ge | 20.1.0 | |
| devexpress | lt | 20.1.15 | |
| devexpress | ge | 19.2.0 | |
| devexpress | lt | 19.2.14 |
Related
nvd
nvd
CVE-2022-28684
2022-08-03 16:15:08
ibm
ibm
cvelist
cvelist
CVE-2022-28684
2022-08-03 15:20:46
zdi
zdi
cve
cve
CVE-2022-28684
2022-08-03 16:15:08