CyberSec.Space Logo
返回 CVE 浏览器

CVE-2020-26118

HIGH
8.8
CVSS Severity Score
EPSS Score0.1050%
EPSS Percentile5.28th
Published2021年1月11日
Last Modified2024年11月21日

Vulnerability Description

In SmartBear Collaborator Server through 13.3.13302, use of the Google Web Toolkit (GWT) API introduces a post-authentication Java deserialization vulnerability. The application's UpdateMemento class accepts a serialized Java object directly from the user without properly sanitizing it. A malicious object can be submitted to the server via an authenticated attacker to execute commands on the underlying system.

Affected Platforms (CPE)

📦
Smartbear

Collaborator

<= 13.3.13302

References & Advisories

🔗 https://support.smartbear.com/collaborator/docs/general-info/version-history/ver-13/ver-13-0.html
🔗 https://support.smartbear.com/collaborator/docs/general-info/whats-new.html
🔗 https://support.smartbear.com/collaborator/docs/server/index.html
🔗 https://support.smartbear.com/collaborator/docs/general-info/version-history/ver-13/ver-13-0.html
🔗 https://support.smartbear.com/collaborator/docs/general-info/whats-new.html
🔗 https://support.smartbear.com/collaborator/docs/server/index.html

相关漏洞威胁

CVE-2021-2947510.0

HedgeDoc (formerly known as CodiMD) is an open-source collaborative markdown editor. An attacker is able to receive arbitrary file...

CVE-2004-065010.0

UploadServlet in Cisco Collaboration Server (CCS) running ServletExec before 3.0E allows remote attackers to upload and execute ar...

CVE-2021-2289310.0

Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Sh...

CVE-2005-125510.0

Multiple stack-based buffer overflows in the IMAP server in IMail 8.12 and 8.13 in Ipswitch Collaboration Suite (ICS), and other v...