The RPC interface in datax-web v1.0.0 and v2.0.0 to v2.1.2 contains no permission checks by default which allows attackers to execute arbitrary commands via crafted Hessian serialized data.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-01-13T00:00:00

Updated: 2024-08-03T14:31:46.361Z

Reserved: 2022-12-05T00:00:00

Link: CVE-2022-46478

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-01-13T01:15:10.090

Modified: 2024-11-21T07:30:37.277

Link: CVE-2022-46478

cve-icon Redhat

No data.