Remote Code Execution Vulnerability in HP Fortify SCA
CVE-2014-2228

9.8CRITICAL

Key Information:

Vendor: Talend
Status: Restlet
Vendor: CVE Published:; 19 February 2020

What is CVE-2014-2228?

The XStream extension in HP Fortify SCA prior to version 2.2 RC3 is vulnerable to remote code execution due to unsafe deserialization of XML messages. This flaw can be exploited by remote attackers to execute arbitrary code on the server, potentially leading to unauthorized access and control over the affected systems. Proper input validation and implementing secure deserialization practices are crucial to mitigate this issue.

References

https://web.archive.org/web/20140425095352/http://h30499....

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 19, 2020
Vulnerability Reserved
Feb 26, 2014

CVE-2014-2228 Data

JSON

Talend

What is CVE-2014-2228?

References

CVSS V3.1

Timeline