Array Bounds Checking Vulnerability in Morgan Stanley Hobbes through 2020-05-21

Array Bounds Checking Vulnerability in Morgan Stanley Hobbes through 2020-05-21

CVE-2020-13656 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

In Morgan Stanley Hobbes through 2020-05-21, the array implementation lacks bounds checking, allowing exploitation of an out-of-bounds (OOB) read/write vulnerability that leads to both local and remote code (via RPC) execution.

Learn more about our Web Application Penetration Testing UK.