CHT Security Red Team Discovered Vulnerability in Well-Known EDM System

Summary

Vulnerability List

[CVE-2022-35223] – Insecure Deserialization

Details

1. Insecure Deserialization

Description

The specific function accepts any type of object to be deserialized.

Impact

Attackers can send malicious serialized objects to execute arbitrary commands without privilege. 

Known Affected Software

• version before < 2020

Credits

Xin-Yue, Song (CHT Security)