How severe is CVE-2017-3200?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.1 out of 10.

What type of vulnerability is CVE-2017-3200?

This is classified as CWE-913, which is a common weakness in software security.

CVE-2017-3200 - HIGH Severity | CVSS 8.1

Vulnerability Description

The Java implementation of AMF3 deserializers used in GraniteDS, version 3.1.1.G, may allow instantiation of arbitrary classes via their public parameter-less constructor and subsequently call arbitrary Java Beans setter methods. The ability to exploit this vulnerability depends on the availability of classes in the class path that make use of deserialization. A remote attacker with the ability to spoof or control information may be able to send serialized Java objects with pre-set properties that result in arbitrary code execution when deserialized.

Related Vulnerabilities

CVE-2021-32813

HIGH

CVSS:8.1(High)

Traefik is an HTTP reverse proxy and load balancer. Prior to version 2.4.13, there exists a potential header vulnerability in Traefik's handling of the Connection header. Active exploitation of this i...

CWE-9132021

CVE-2021-42809

HIGH

CVSS:7.8(High)

Improper Access Control of Dynamically-Managed Code Resources (DLL) in Thales Sentinel Protection Installer could allow the execution of arbitrary code.

CWE-9132021

CVE-2022-25265

HIGH

CVSS:7.8(High)

In the Linux kernel through 5.16.10, certain binary files may have the exec-all attribute if they were built in approximately 2003 (e.g., with GCC 3.2.2 and Linux kernel 2.4.20). This can cause execut...

CWE-9132022

CVE-2022-31764

HIGH

CVSS:8.5(High)

The Lite UI of Apache ShardingSphere ElasticJob-UI allows an attacker to perform RCE by constructing a special JDBC URL of H2 database. This issue affects Apache ShardingSphere ElasticJob-UI version 3...

CWE-9132022

CVE-2012-2055

HIGH

CVSS:7.5(High)

GitHub Enterprise before 20120304 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the public_key[user_id] value via a modi...

CWE-9132012

CVE-2019-1617

HIGH

CVSS:7.4(High)

A vulnerability in the Fibre Channel over Ethernet (FCoE) N-port Virtualization (NPV) protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denia...

CWE-9132019