Vulnerability identifier: #VU21594
Vulnerability risk: Medium
Exploitation vector: Network
Exploit availability: No
The vulnerability allows a remote attacker to compromise the affected application.
The vulnerability exists due to a Polymorphic Typing issue within the net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup component. A remote attacker can execute arbitrary code on he system.
Install update from vendor's website.
Vulnerable software versions
jackson-databind: 2.0.0 - 220.127.116.11
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?