Deserialization of Untrusted Data vulnerability in Topal Solutions AG Topal Finanzbuchhaltung on Windows allows Remote Code Execution.This issue affects at least Topal Finanzbuchhaltung: 10.1.5.20 and is fixed in version 11.2.12.00
The vulnerability results from improper processing (deserialization) of data from an untrusted source. An attacker can send a crafted payload over the network without needing to authenticate to the system. The application server deserializes the malicious data, leading to arbitrary code execution in the context of the application process running on Windows.
An attacker can gain full control over the system running Topal Finanzbuchhaltung by executing arbitrary code without any prior privileges. Due to the maximum CVSS score, the vulnerability threatens the confidentiality, integrity, and availability of both the target system and systems associated with it.
Topal Finanzbuchhaltung must be immediately updated to version 11.2.12.00 or later, in which the vendor has removed the vulnerability. Detailed release information is available in the vendor's official release notes and in the security advisory published by infoguard.ch.
Topal Finanzbuchhaltung version 10.1.5.20 and earlier running on Windows. The vulnerability is fixed in version 11.2.12.00.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:X/U:X