CVE-2013-4521

{"id": "CVE-2013-4521", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2020-02-06T16:15:11.087", "references": [{"url": "http://doc.nuxeo.com/display/public/ADMINDOC58/Nuxeo+Security+Hotfixes", "tags": ["Broken Link", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1027052", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://github.com/nuxeo/richfaces/commit/6cbad2a6dcb70d3e33a6ce5879b1a3ad79eb1aec", "tags": ["Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-502"}]}], "descriptions": [{"lang": "en", "value": "RichFaces implementation in Nuxeo Platform 5.6.0 before HF27 and 5.8.0 before HF-01 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data. NOTE: this vulnerability may overlap CVE-2013-2165."}, {"lang": "es", "value": "La implementaci\u00f3n de RichFaces en Nuxeo Platform versi\u00f3n 5.6.0 anterior a HF27 y versi\u00f3n 5.8.0 anterior a HF-01, no restringe las clases para las que los m\u00e9todos de deserializaci\u00f3n pueden ser llamados, lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario por medio de datos serializados dise\u00f1ados. NOTA: esta vulnerabilidad puede solaparse con CVE-2013-2165."}], "lastModified": "2020-02-13T17:24:54.770", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "42899695-FAB5-4F81-86BE-89E3089CBB36"}, {"criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix01:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "43160374-78C9-41E4-9884-C78ECD42B6AC"}, {"criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix02:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "03A3A542-E589-441A-8A8D-B997C9E028F9"}, {"criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix03:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E4D3B6C0-EEA6-4BAE-9992-8C439204D03D"}, {"criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix04:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2DB7EFE4-DC2D-4DA9-B194-848E2DE3A16C"}, {"criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix05:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C4AD54AC-9115-4782-8CA1-F278C79A3C66"}, {"criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix06:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA1D0325-34F3-436D-A527-BFDC884E3C8E"}, {"criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix07:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C6C63873-5E2A-4FFD-9681-F2D6BE281237"}, {"criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix08:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BBB4C6A4-E296-4697-BBAE-A862DFAF6665"}, {"criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix09:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "71877702-48D7-4EE8-9A7C-C9CEDD63C4A7"}, {"criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DCAFE86A-E0A6-44CF-8692-BE75EDDF3700"}, {"criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix11:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "74CA7501-3BC6-4227-A865-5D7B378D590A"}, {"criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix12:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "726CB6C8-73BF-46D7-806E-731325D70A95"}, {"criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix13:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DF2D5F08-5993-4900-A543-9ADE64E16755"}, {"criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix14:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2B8F70D1-ED38-4689-8DA9-110972170438"}, {"criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix15:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B86C501E-D555-4CAF-AC09-40A35855C218"}, {"criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix16:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F6978E83-F831-4EB9-B3EF-A05FF733E596"}, {"criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix17:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "22F818F2-EBFE-48BB-AE44-1F865EE1AC51"}, {"criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix18:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D5C523C0-E03D-4E97-AAD8-86E387D95296"}, {"criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix19:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1315D200-164D-4FB6-A46F-6F70AD7C8234"}, {"criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix20:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2B83B5A9-42B7-4B1C-9B58-0298B69B5568"}, {"criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix21:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07030217-791D-4EE2-AD44-B0147B88CCA2"}, {"criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix22:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9CCEFC5B-EF57-4FBC-AC4C-CBA29103A8AC"}, {"criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix23:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E14078D-A0B5-4FC5-B713-A06FE53B38AE"}, {"criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix24:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C4BE4C3E-FC4C-4A78-A9C1-0FB4D597CA4B"}, {"criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix25:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FE2ED381-5DF4-4905-9564-7C897F7DD3A8"}, {"criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix26:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8281BE24-66D7-4F72-B656-6795F6A50AB9"}, {"criteria": "cpe:2.3:a:nuxeo:nuxeo:5.8.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AE2E0C2C-0CE4-45F6-A2A4-85D4F21792FF"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}