Exploiting a JDBC deserialization vulnerability in MFT Server by JSCAPE

Background This research project started back in July 2023, at around the same time when a critical vulnerability in a popular file-sharing software called MoveIt Transfer was disclosed. More details about that particular vulnerability can be found here and here. I was curious and looked for other similar file-sharing software with security issues. And so a few Google searches later, I found a candidate, a software for enterprises called MFT Server by JSCAPE....

22 March, 2024 · 10 min · Naz Markuta