JSCAPE Releases Security Update for MFT Server

The vulnerability could potentially lead to execution of arbitrary Java code

Threat ID:: CC-4377
Threat Severity:: Medium
Published:: 12 September 2023 5:07 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

The vulnerability could potentially lead to execution of arbitrary Java code

Affected platforms

The following platforms are known to be affected:

Versions: all prior to 2023.1.9

JSCAPE MFT Server

Threat details

Introduction

JSCAPE has released a security update to address a Java deserialisation vulnerability in the management interface of MFT Server, a managed file transfer product line. A remote attacker could exploit this vulnerability to execute arbitrary Java code as the root user on Linux or the SYSTEM user on Windows.

Remediation advice

Affected organisation should review the JSCAPE security advisory Binary Management Service Patch (CVE-2023-4528) for JSCAPE MFT Server and apply updates as necessary.

Definitive source of threat updates

https://www.jscape.com/blog/binary-management-service-patch-cve-2023-4528

CVE Vulnerabilities

Status Published

CVE-2023-4528

Unsafe deserialization in JSCAPE MFT Server versions prior to 2023.1.9 (Windows, Linux, and MacOS) permits an attacker to run arbitrary Java code (including OS commands) via its management interface

Last edited: 12 September 2023 5:07 pm