CVE-2013-4521

Published Feb 6, 2020

Last updated 5 years ago

CVSS critical 9.8

Overview

Description: RichFaces implementation in Nuxeo Platform 5.6.0 before HF27 and 5.8.0 before HF-01 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data. NOTE: this vulnerability may overlap CVE-2013-2165.
Source: secalert@redhat.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-502

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "42899695-FAB5-4F81-86BE-89E3089CBB36"
          },
          {
            "criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix01:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "43160374-78C9-41E4-9884-C78ECD42B6AC"
          },
          {
            "criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix02:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "03A3A542-E589-441A-8A8D-B997C9E028F9"
          },
          {
            "criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix03:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E4D3B6C0-EEA6-4BAE-9992-8C439204D03D"
          },
          {
            "criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix04:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2DB7EFE4-DC2D-4DA9-B194-848E2DE3A16C"
          },
          {
            "criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix05:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C4AD54AC-9115-4782-8CA1-F278C79A3C66"
          },
          {
            "criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix06:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DA1D0325-34F3-436D-A527-BFDC884E3C8E"
          },
          {
            "criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix07:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C6C63873-5E2A-4FFD-9681-F2D6BE281237"
          },
          {
            "criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix08:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BBB4C6A4-E296-4697-BBAE-A862DFAF6665"
          },
          {
            "criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix09:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "71877702-48D7-4EE8-9A7C-C9CEDD63C4A7"
          },
          {
            "criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix10:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DCAFE86A-E0A6-44CF-8692-BE75EDDF3700"
          },
          {
            "criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix11:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "74CA7501-3BC6-4227-A865-5D7B378D590A"
          },
          {
            "criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix12:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "726CB6C8-73BF-46D7-806E-731325D70A95"
          },
          {
            "criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix13:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DF2D5F08-5993-4900-A543-9ADE64E16755"
          },
          {
            "criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix14:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2B8F70D1-ED38-4689-8DA9-110972170438"
          },
          {
            "criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix15:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B86C501E-D555-4CAF-AC09-40A35855C218"
          },
          {
            "criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix16:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F6978E83-F831-4EB9-B3EF-A05FF733E596"
          },
          {
            "criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix17:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "22F818F2-EBFE-48BB-AE44-1F865EE1AC51"
          },
          {
            "criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix18:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D5C523C0-E03D-4E97-AAD8-86E387D95296"
          },
          {
            "criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix19:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1315D200-164D-4FB6-A46F-6F70AD7C8234"
          },
          {
            "criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix20:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2B83B5A9-42B7-4B1C-9B58-0298B69B5568"
          },
          {
            "criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix21:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "07030217-791D-4EE2-AD44-B0147B88CCA2"
          },
          {
            "criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix22:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9CCEFC5B-EF57-4FBC-AC4C-CBA29103A8AC"
          },
          {
            "criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix23:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6E14078D-A0B5-4FC5-B713-A06FE53B38AE"
          },
          {
            "criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix24:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C4BE4C3E-FC4C-4A78-A9C1-0FB4D597CA4B"
          },
          {
            "criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix25:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FE2ED381-5DF4-4905-9564-7C897F7DD3A8"
          },
          {
            "criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix26:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8281BE24-66D7-4F72-B656-6795F6A50AB9"
          },
          {
            "criteria": "cpe:2.3:a:nuxeo:nuxeo:5.8.0:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AE2E0C2C-0CE4-45F6-A2A4-85D4F21792FF"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References