CVE-2023-2042 MEDIUM

CVE-2023-2042: DataGear JDBC Server deserialization

Vendor N/A
Product DataGear
Weakness CWE-502 · Unsafe deserialization
Published April 14, 2023
Last update September 16, 2024
View on NVD All CVEs

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability, which was classified as problematic, has been found in DataGear up to 4.7.0/5.1.0. Affected by this issue is some unknown functionality of the component JDBC Server Handler. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Key dates

02Disclosure timeline

April 14, 2023 CVE published
September 16, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2023-5183 Authenticated RCE due to unsafe JSON deserialization CVE-2025-14071 Live Composer – Free WordPress Website Builder <= 2.0.2 - Authenticated (Contributor+) PHP Object Injection via dslc_module_posts_output Shortcode CVE-2024-8255 Path Traversal in Ocean Data Systems Dream Report CVE-2024-50507 WordPress DS.DownloadList plugin <= 1.3 - PHP Object Injection vulnerability CVE-2025-24919 Dell ControlVault3/ControlVault3 Plus deserialization of untrusted input vulnerability