{"uuid": "d928baf4-ab01-47e2-a9a1-c1d73e1c92eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46604", "type": "seen", "source": "https://t.me/arpsyndicate/874", "content": "#ExploitObserverAlert\n\nCVE-2023-46604\n\nDESCRIPTION: Exploit Observer has 102 entries related to CVE-2023-46604. The Java OpenWire protocol marshaller is vulnerable to Remote Code  Execution. This vulnerability may allow a remote attacker with network  access to either a Java-based OpenWire broker or client to run arbitrary  shell commands by manipulating serialized class types in the OpenWire  protocol to cause either the client or the broker (respectively) to  instantiate any class on the classpath.  Users are recommended to upgrade  both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3  which fixes this issue.\n\nFIRST-EPSS: 0.968050000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2023-12-02T01:26:35.000000Z"}