Unrestricted Upload of File with Dangerous Type, Deserialization of Untrusted Data vulnerability in datavane tis (tis-plugin/src/main/java/com/qlangtech/tis/extension/impl modules). This vulnerability is associated with program files XmlFile.Java. This issue affects tis: before v4.3.0.
The vulnerability is located in the tis-plugin module, in the XmlFile.java file responsible for handling XML files within the extension mechanism. An attacker can upload a malicious file type without any restrictions (unrestricted upload), and then trigger deserialization of untrusted data contained in that file. The combination of both weaknesses allows for delivering and executing a malicious payload without requiring any privileges.
A remote, unauthenticated attacker can gain full control over the system, including executing arbitrary code (RCE), stealing data, and compromising the integrity and availability of both the application and related systems.
Update datavane TIS to version v4.3.0 or newer as soon as possible. Details of the fix are available in the vendor's pull request: https://github.com/datavane/tis/pull/443
datavane TIS in all versions before v4.3.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:U/V:C/RE:M/U:Red