Support Content Notification - Support Portal

BSA-2022-1983

Product/Component

Brocade Fabric OS

2 more products

Notification Id

21280

Last Updated

11 July 2022

Initial Publication Date

12 July 2022

Status

Closed

Severity

Medium

CVSS Base Score

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H - 8.1

WorkAround

N/A

Affected CVE

CVE-2022-25845

Summary

Security Advisory ID : BSA-2022-1983

Component : com.alibaba:fastjson

Revision : 1.0: Final

The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions. Exploiting this vulnerability allows attacking remote servers. Workaround: If upgrading is not possible, you can enable [safeMode](https://github.com/alibaba/fastjson/wiki/fastjson_safemode).

Products Confirmed Not Vulnerable

Brocade Fabric OS, Brocade SANnav.

Revision History

Version	Change	Date
1.0	Initial Publication	Jul 11, 2022