Newsletter
We would like to inform you on the impact of recently reported vulnerability, CVE-2024-520246. While the vulnerability is still awaiting analysis by NIST to assign a score in NVD (National Vulnerability Database), as other researches have already confirmed a possible severe impact, we would like to share the following information with our Customers.
The vulnerability allows malicious actors to exploit the identified flaw in Apache MINA affecting MINA core versions 2.0.X, 2.1.X and 2.2.X; leading to potential Remote Code Execution (RCE) attacks. It is important to highlight that based on the NVD article the vulnerability is only applicable in case "IoBuffer#getObject() method is called, and this specific method is potentially called when adding a ProtocolCodecFilter instance using the ObjectSerializationCodecFactory class in the filter chain."
We would like to confirm to our Customers that Chemaxon Products DO NOT include this particular implementation and use of ObjectSerializationDecoder in Apache Mina and therefore our products are not affected by CVE-2024-520246 vulnerability.
Inline with Chemaxon's approach of continuously addressing identified application vulnerabilities, newer releases will also include the applicable remediations for identified, applicable vulnerabilities.
Related content
02 10 2024
< 1 minute
Certara Completes Acquisition of Chemaxon
The combined organization offers life sciences companies predictive biosimulation and scientific...
10 07 2024
< 1 minute
Certara to Acquire Chemaxon to Strengthen Drug Discovery Software Portfolio
We are excited to share the official announcement of Certara, our partner for over a decade, as...
13 12 2023
< 1 minute
Roadblocks of DMTA project success - and how to eliminate them
Discover how to navigate complex challenges in your DMTA projects - make informed compound...
20 11 2023
< 1 minute
"Make the company look like I won the lottery"
This article was originally published in Hungarian, in November 2023. Visit Publication Chemaxon...