Security issue CVE-2023-46604 with NCM
search cancel

Security issue CVE-2023-46604 with NCM

book

Article ID: 380744

calendar_today

Updated On:

Products

VMware Smart Assurance

Issue/Introduction

Security vulnerability scanned picked up vulnerability CVE-2023-46604 that needed patching.

Environment

10.x

Cause

The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution.  This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker of client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause either the client of the broker (respectively) to instantiate any class on the classpath.

Resolution

NCM does not utilize the "OpenWire protocol".  This vulnerability does not affect NCM.