by @mhzcyber
19 Jun 2023

CVE-2023-21931 & CVE-2023-21839 RCE via post-deserialization

by @mhzcyber
19 Jun 2023

CVE-2023-21931 & CVE-2023-21839 RCE via post-deserialization

CVEs

7.5 High Severity
7.5 High Severity

Apps

14.1.1.0.0.*
10.3.5.0.0.*
9.2.0.0.0.*
*.*
10.3.0.0.0.*
10.3.2.0.0.*
10.3.3.0.0.*
12.2.1.4.0.*
9.1.0.0.0.*
9.0.0.0.0.*

Screenshots from the blog posts

images/clj2pcaotdw4u0uqiesencqge.pngimages/clj2pcaotdw4u0uqiesencqge.png

Summary

RCE via post-deserialization was found in Weblogic Server and has been found and registered as CVE-2023-21839 & CVE-2023-21931 both have the same idea. We are going to go through some of the code, reproduce the vulnerability, explain the exploitation and do some network traffic analysis

Description

users/photos/clr6vsmml0vl21hn13643hl0n.jpg

@mhzcyber

68 posts

Security Researcher | Cyber Security Labs Developer | Upwork Top Rated CyberSecurity

Total vcoins

132.8K

Badges

badges/images/clemwgql90gww0jnxh6rbcqsr.png

Memelord

badges/images/clktw0fnh0pci1inadxpbcwpn.png

Shawarma King

Social media links

Comments (0)