CVE-2014-2228

Critical

The XStream extension in HP Fortify SCA before 2.2 RC3 allows remote attackers to execute arbitrary code via unsafe deserialization of XML…

mitre·CWE-776·Published 2020-02-19

CVSS

9.8

EPSS

0.03

KEV

Exploits

cve.orgen

148 chars

The XStream extension in HP Fortify SCA before 2.2 RC3 allows remote attackers to execute arbitrary code via unsafe deserialization of XML messages.

NVDen

148 chars

The XStream extension in HP Fortify SCA before 2.2 RC3 allows remote attackers to execute arbitrary code via unsafe deserialization of XML messages.

La extensión XStream en HP Fortify SCA versiones anteriores a 2.2 RC3, permite a atacantes remotos ejecutar código arbitrario por medio de una deserialización no segura de mensajes XML.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	7.5	10.0	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H