Array Bounds Checking Vulnerability in Morgan Stanley Hobbes through 2020-05-21
CVE-2020-13656 · CRITICAL Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
In Morgan Stanley Hobbes through 2020-05-21, the array implementation lacks bounds checking, allowing exploitation of an out-of-bounds (OOB) read/write vulnerability that leads to both local and remote code (via RPC) execution.
Learn more about our Web Application Penetration Testing UK.