Lexmark Markvision Enterprise Java Object Deserialization RCE
Critical Nessus Plugin ID 88807
SynopsisThe remote Lexmark Markvision Enterprise server is affected by a remote code execution vulnerability
DescriptionThe remote Lexmark Markvision Enterprise server is affected by a remote code execution vulnerability due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons Collections (ACC) library. An unauthenticated, remote attacker can exploit this, by sending a specially crafted serialized Java object via the RMI interface, to execute arbitrary code with the privileges of the application.
SolutionUpgrade to Lexmark Markvision Enterprise version 2.3.0 or later.
Alternatively, contact the vendor for a workaround.