CVE-2023-4528

CVE-2023-4528: JSCAPE MFT Server Unsafe Deserialization on Management Port

Vendor Redwood Software

Product JSCAPE MFT Server

Weakness CWE-502 · Unsafe deserialization

Published September 7, 2023

Last update April 23, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Unsafe deserialization in JSCAPE MFT Server versions prior to 2023.1.9 (Windows, Linux, and MacOS) permits an attacker to run arbitrary Java code (including OS commands) via its management interface

Key dates

02Disclosure timeline

September 7, 2023 CVE published

April 23, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-4528 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/502.html

Related vulnerabilities

04Related CVE

CVE-2024-12433 Remote Code Execution in infiniflow/ragflow CVE-2024-30227 WordPress Geo Controller plugin <= 8.6.4 - PHP Object Injection vulnerability CVE-2026-3017 Smart Post Show – Post Grid, Post Carousel & Slider, and List Category Posts <= 3.0.12 - Authenticated (Administrator+) PHP Object Injection CVE-2025-53690 Sitecore Products ViewState Deserialization Vulnerability CVE-2025-10771 jeecgboot JimuReport DB2 JDBC testConnection deserialization