How severe is CVE-2023-30534?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.3 out of 10.

What type of vulnerability is CVE-2023-30534?

This is classified as CWE-502, which is a common weakness in software security.

CVE-2023-30534

MEDIUM Year: 2023

CVSS v3 Score

4.3

Medium

Weakness Type

CWE-502

View all →

Vulnerability Description

Cacti is an open source operational monitoring and fault management framework. There are two instances of insecure deserialization in Cacti version 1.2.24. While a viable gadget chain exists in Cacti’s vendor directory (phpseclib), the necessary gadgets are not included, making them inaccessible and the insecure deserializations not exploitable. Each instance of insecure deserialization is due to using the unserialize function without sanitizing the user input. Cacti has a “safe” deserialization that attempts to sanitize the content and check for specific values before calling unserialize, but it isn’t used in these instances. The vulnerable code lies in graphs_new.php, specifically within the host_new_graphs_save function. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE-2023-34050

MEDIUM

CVSS:4.3(Medium)

In spring AMQP versions 1.0.0 to 2.4.16 and 3.0.0 to 3.0.9 , allowed list patterns for deserializable class names were added to Spring AMQP, allowing users to lock down deserialization of data in mess...

CWE-5022023

CVE-2024-13288

MEDIUM

CVSS:4.3(Medium)

Deserialization of Untrusted Data vulnerability in Drupal Monster Menus allows Object Injection.This issue affects Monster Menus: from 0.0.0 before 9.3.4, from 9.4.0 before 9.4.2.

CWE-5022024

CVE-2024-29040

MEDIUM

CVSS:4.3(Medium)

This repository hosts source code implementing the Trusted Computing Group's (TCG) TPM2 Software Stack (TSS). The JSON Quote Info returned by Fapi_Quote has to be deserialized by Fapi_VerifyQuote to t...

CWE-5022024

CVE-2024-47836

MEDIUM

CVSS:4.3(Medium)

Admidio is an open-source user management solution. Prior to version 4.3.12, an unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server. Version 4....

CWE-5022024

CVE-2021-34393

MEDIUM

CVSS:4.4(Medium)

Trusty contains a vulnerability in TSEC TA which deserializes the incoming messages even though the TSEC TA does not expose any command. This vulnerability might allow an attacker to exploit the deser...

CWE-5022021

CVE-2023-21206

MEDIUM

CVSS:4.4(Medium)

In initiateVenueUrlAnqpQueryInternal of sta_iface.cpp, there is a possible out of bounds read due to unsafe deserialization. This could lead to local information disclosure with System execution privi...

CWE-5022023

CVE-2023-30534

Vulnerability Description

Related Vulnerabilities

CVE-2023-34050

CVE-2024-13288

CVE-2024-29040

CVE-2024-47836

CVE-2021-34393

CVE-2023-21206